fix variable assignment when pulling via token

Update README.md

.env.example

@@ -27,19 +27,14 @@ EMAIL_TOKEN_LIFETIME=
 # Required
 MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin
 
-# Optional credentials for MongoDB container instance
+# Optional credentials for MongoDB container instance and Mongo-Express
 MONGO_USERNAME=root
 MONGO_PASSWORD=example
 
-# Mongo-Express vars (needed for development only)
-ME_CONFIG_MONGODB_ADMINUSERNAME=root
-ME_CONFIG_MONGODB_ADMINPASSWORD=example
-ME_CONFIG_MONGODB_URL=mongodb://root:example@mongo:27017/
-
 # Website URL
 # Required
-NODE_ENV=development
-NEXT_PUBLIC_WEBSITE_URL=http://localhost:8080
+
+SITE_URL=http://localhost:8080
 
 # Mail/SMTP
 # Required to send emails

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+### Describe the bug
+A clear and concise description of what the bug is.
+
+### To Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+### Expected behavior
+A clear and concise description of what you expected to happen.
+
+### Screenshots
+If applicable, add screenshots to help explain your problem.
+
+### Platform you are having the issue on:
+
+### Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: Let us now what feature you would want to have in Infisical
+title: ''
+labels: 'feature request'
+assignees: ''
+
+---
+
+### Feature description
+A clear and concise description of what the the feature should be.
+
+### Why would it be useful?
+Why would this feature be useful for Infisical users? 
+
+### Additional context
+Add any other context about the problem here.

.github/workflows/check-be-pull-request.yml

@@ -0,0 +1,41 @@
+name: Check Backend Pull Request
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - 'backend/**'
+      - '!backend/README.md'
+      - '!backend/.*'
+      - 'backend/.eslintrc.js'
+
+
+jobs:
+
+  check-be-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: backend/package-lock.json
+      -
+        name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: backend
+      # -
+      #   name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: backend
+      -
+        name: 🏗️ Run build
+        run: npm run build
+        working-directory: backend

.github/workflows/check-fe-pull-request.yml

@@ -0,0 +1,41 @@
+name: Check Frontend Pull Request
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - 'frontend/**'
+      - '!frontend/README.md'
+      - '!frontend/.*'
+      - 'frontend/.eslintrc.js'
+
+
+jobs:
+
+  check-fe-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      -
+        name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: frontend
+      # -
+      #   name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: frontend
+      -
+        name: 🏗️ Run build
+        run: npm run build
+        working-directory: frontend

.github/workflows/close_inactive_issues.yml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-image.yml

@@ -0,0 +1,90 @@
+name: Push to Docker Hub
+
+on: [workflow_dispatch]
+
+jobs:
+
+  backend-image:
+    name: Build backend image
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # -
+      #   name: 📦 Build backend and export to Docker
+      #   uses: docker/build-push-action@v3
+      #   with:
+      #     load: true
+      #     context: backend
+      #     tags: infisical/backend:test
+      # -
+      #   name: 🧪 Test backend image
+      #   run: |
+      #     docker run --rm infisical/backend:test
+      -
+        name: 🏗️ Build backend and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: backend
+          tags: infisical/backend:latest
+          platforms: linux/amd64,linux/arm64
+
+
+  frontend-image:
+    name: Build frontend image
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # -
+      #   name: 📦 Build frontend and export to Docker
+      #   uses: docker/build-push-action@v3
+      #   with:
+      #     load: true
+      #     context: frontend
+      #     tags: infisical/frontend:test
+      #     build-args: |
+      #       POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+      # -
+      #   name: 🧪 Test frontend image
+      #   run: |
+      #     docker run --rm infisical/frontend:test
+      -
+        name: 🏗️ Build frontend and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: frontend
+          tags: infisical/frontend:latest
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}

.github/workflows/helm_chart_release.yml

@@ -0,0 +1,22 @@
+name: Release Helm Charts
+
+on: [workflow_dispatch]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+      - name: Install python
+        uses: actions/setup-python@v4
+      - name: Install Cloudsmith CLI
+        run: pip install --upgrade cloudsmith-cli
+      - name: Build and push helm package to Cloudsmith
+        run: cd helm-charts && sh upload-to-cloudsmith.sh
+        env:
+          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

.github/workflows/release_build.yml

@@ -1,4 +1,4 @@
-name: goreleaser
+name: Go releaser
 
 on:
   push:
@@ -35,7 +35,7 @@ jobs:
       - uses: actions/setup-python@v4
       - run: pip install --upgrade cloudsmith-cli
       - name: Publish to CloudSmith 
-        run: sh cli/upload_to_cloudfront.sh
+        run: sh cli/upload_to_cloudsmith.sh
         env:
           CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
       

.gitignore

@@ -49,3 +49,6 @@ yarn-error.log*
 .env.production.local
 .vercel
 .env.infisical
+
+# Infisical init
+.infisical.json

CONTRIBUTING.md

@@ -1,5 +1,7 @@
 # Contributing to Infisical
 
-Thanks for taking the time to contribute!
+Thanks for taking the time to contribute! 😃 🚀
 
-Please refer to our Contributing Guide for instructions on how to contribute.
+Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for instructions on how to contribute.
+
+We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀

LICENSE

@@ -0,0 +1,25 @@
+Copyright (c) 2022 Infisical Inc.
+
+Portions of this software are licensed as follows:
+
+- All content that resides under any "ee/" directory of this repository, if such directories exists, are licensed under the license defined in "ee/LICENSE".
+- All third party components incorporated into the Infisical Software are licensed under the original license provided by the owner of the applicable component.
+- Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

Makefile

@@ -1,14 +1,14 @@
 build:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml build
+	docker-compose -f docker-compose.yml build
 
 push:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml push
+	docker-compose -f docker-compose.yml push
 
 up-dev:
-	docker-compose -f docker-compose.yml -f docker-compose.dev.yml up --build
+	docker-compose -f docker-compose.dev.yml up --build
 
 up-prod:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+	docker-compose -f docker-compose.yml up --build
 
 down:
-	docker-compose down
+	docker-compose down

README.md

@@ -1,15 +1,16 @@
 <h1 align="center">
-  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="ifnisical">
+  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="infisical">
   <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
-  <p align="center">Open-source, end-to-end encrypted, 1-line-of-code tool to sync environment variables across you team and infrastructure.</p>
+  <p align="center">Open-source, E2EE, simple tool to manage and sync environment variables across your team and infrastructure.</p>
 </p>
 
 <h4 align="center">
-  <a href="https://infisical.com/signup">Get Started - we host (Infisical Cloud)</a> |
-  <a href="https://infisical.com/docs/self_host_overview">Get Started - you host</a> |
-  <a href="https://infisical.com/docs/gettingStarted">Docs</a> |
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a> |
+  <a href="https://infisical.com/">Infisical Cloud</a> |
+  <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
+  <a href="https://infisical.com/docs/getting-started/introduction">Docs</a> |
   <a href="https://www.infisical.com">Website</a>
 </h4>
 
@@ -20,91 +21,268 @@
   <a href="https://github.com/infisical/infisical/blob/main/CONTRIBUTING.md">
     <img src="https://img.shields.io/badge/PRs-Welcome-brightgreen" alt="PRs welcome!" />
   </a>
-  <a href="https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA">
+  <a href="">
+    <img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
+  </a>
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">
     <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
   </a>
 </h4>
 
 <img src="/img/infisical_github_repo.png" width="100%" alt="Dashboard" />
 
-**[Infisical](https://infisical.com)** is an open source tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and end-to-end encrypted. You can start with just 1 line of code within 10 minutes.
+**[Infisical](https://infisical.com)** is an open source, E2EE tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and take minutes to get going.
 
-- **User-Friendly Dashboard** to manage your organization's environment variables within projects
-- **[Language-Agnostic CLI](https://infisical.com/docs/CLI)**  that pulls and injects environment variables into your local workflow
-- **[Complete control over your data](https://infisical.com/docs/self_host_overview)** - host it yourself on any infrastructure
+- **[User-Friendly Dashboard](https://infisical.com/docs/getting-started/dashboard/project)** to manage your team's environment variables within projects
+- **[Language-Agnostic CLI](https://infisical.com/docs/cli/overview)** that pulls and injects environment variables into your local workflow
+- **[Complete control over your data](https://infisical.com/docs/self-hosting/overview)** - host it yourself on any infrastructure
 - **Navigate Multiple Environments** per project (e.g. development, staging, production, etc.)
 - **Personal/Shared** scoping for environment variables
-- **[Integrations](https://infisical.com/docs/Heroku)** with CI/CD and production infrastructure (Heroku available, more coming soon)
-- **[1-Click Deploy](https://infisical.com/docs/linux)** to Digital Ocean (other providers coming soon)
-- 🔜 **Authentication/Authorization** for projects (read/write controls coming soon)
-- 🔜 **Automatic Secret Rotation** (coming soon)
-- 🔜 **2FA** (coming soon)
-- 🔜 **Access Logs** (coming soon)
-- 🔜 **Slack Integration & MS Teams** integrations (coming soon)
+- **[Integrations](https://infisical.com/docs/integrations/overview)** with CI/CD and production infrastructure (Heroku available, more coming soon)
+- 🔜 **1-Click Deploy** to Digital Ocean and Heroku
+- 🔜 **Authentication/Authorization** for projects (read/write controls soon)
+- 🔜 **Automatic Secret Rotation**
+- 🔜 **2FA**
+- 🔜 **Access Logs**
+- 🔜 **Slack Integration & MS Teams** integrations
 
 And more.
 
-## What's cool about this?
+## 🚀 Get started
 
-Infisical is the first open-source end-to-end encrypted secret manager that takes less than 10 minutes to setup. 
+To quickly get started, visit our [get started guide](https://infisical.com/docs/getting-started/introduction).
 
-Yes. There are other secret managers out there. Some of them are incredibly complicated - they were built for security teams, not developers. The other ones are not end-to-end encrypted, and because of that they can read your secrets. If you care about efficiency and security at the same time - Infisical is right for you. 
+<p>
+  <a href="https://infisical.com/docs/self-hosting/overview" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356882-2b773eed-b0da-4725-ae2f-83e3cd7f2713.png" height=120 /> </a>
+  <a href="https://www.youtube.com/watch?v=JS3OKYU2078" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356600-8833b128-6cae-408c-a703-07b2fc6aff4b.png" height=120 /> </a>
+  <a href="https://app.infisical.com/signup" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206355970-f4c09062-b88f-452a-94e0-9c61a0651170.png" height=120></a>
+</p>
 
-On top of that, Infisical is one of the few open source solutions. Need any integrations or want a new feature? You can [create an issue for us](https://github.com/Infisical/infisical/issues) or contribute directly! This is the power of open-source. :)
+## 🔥 What's cool about this?
 
-## Contributing
+Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>. 
 
-For full documentation, visit [infisical.com/docs](https://infisical.com/docs).
+According to a [report](https://www.ekransystem.com/en/blog/secrets-management) in 2019, only 10% of organizations use secret management solutions despite all using digital secrets to some extent.
 
-Whether it's big or small, we ❤️ contributions. Check out our guide to see how to [get started](./DEVELOPERS.md).
+If you care about efficiency and security, then Infisical is right for you.
 
-Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
+We are currently working hard to make Infisical more extensive. Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing/overview) directly to the repository.
 
-## Community & Support
+## 🌱 Contributing
 
-- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) for help with building and discussion.
-- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) for any bugs and errors you encounter using Infisical.
-- [Community Slack](https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA) for hanging out with the community and quick communication with the team.
+Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).
 
-## Status
+Not sure where to get started? You can:
+- [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
+- Join our <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a>, and ask us any questions there.
+
+## 💚 Community & Support
+
+- [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g) (For live discussion with the community and the Infisical team)
+- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) (For help with building and deeper conversations about features)
+- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) (For any bugs and errors you encounter using Infisical)
+- [Twitter](https://twitter.com/infisical) (Get news fast) 
+
+## 🐥 Status
 
 - [x] Public Alpha: Anyone can sign up over at [infisical.com](https://infisical.com) but go easy on us, there are kinks and we're just getting started.
 - [ ] Public Beta: Stable enough for most non-enterprise use-cases.
 - [ ] Public: Production-ready.
 
-## Integrations
-
-We're currently setting the foundation and building integrations so secrets can be synced everywhere. Any help is welcome! :)
-
-- [x] Docker
-- [x] Docker Compose
-- [x] Heroku
-- [ ] Vercel
-- [ ] Kubernetes
-- [ ] AWS
-- [ ] GCP
-- [ ] Azure
-- [ ] Digital Ocean
-- [ ] GitLab
-- [ ] CircleCI
-
-
 We're currently in Public Alpha.
 
-## Open-source vs. paid
+## 🚨 Stay Up-to-Date
 
-This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
+Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
 
-## Security
+![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
+
+## 🔌 Integrations
+
+We're currently setting the foundation and building [integrations](https://infisical.com/docs/integrations/overview) so secrets can be synced everywhere. Any help is welcome! :)
+
+<table>
+<tr>
+  <th>Platforms </th>
+  <th>Frameworks</th>
+</tr>
+<tr> 
+  <td>
+
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker?ref=github.com">
+          ✔️ Docker
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker-compose?ref=github.com">
+          ✔️ Docker Compose
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/cloud/heroku?ref=github.com">
+          ✔️ Heroku
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Vercel (https://github.com/Infisical/infisical/issues/60)
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitLab CI/CD
+      </td>
+      <td align="left" valign="middle">
+        🔜 Fly.io
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 AWS
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitHub Actions (https://github.com/Infisical/infisical/issues/54)
+      </td>
+      <td align="left" valign="middle">
+         🔜 Railway
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 GCP
+      </td>
+      <td align="left" valign="middle">
+        🔜 Kubernetes
+      </td>
+      <td align="left" valign="middle">
+        🔜 CircleCI
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Jenkins
+      </td>
+      <td align="left" valign="middle">
+        🔜 Digital Ocean
+      </td>
+      <td align="left" valign="middle">
+        🔜 Azure
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+         🔜 TravisCI
+      </td>
+      <td align="left" valign="middle">
+         🔜 Netlify (https://github.com/Infisical/infisical/issues/55)
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+  </td>
+<td>
+
+
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/react?ref=github.com">
+          ✔️ React
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/express?ref=github.com">
+          ✔️ Express
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/gatsby?ref=github.com">
+          ✔️ Gatsby
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/flask?ref=github.com">
+          ✔️ Flask
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/django?ref=github.com">
+          ✔️ Django
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/laravel?ref=github.com">
+          ✔️ Laravel
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nestjs?ref=github.com">
+          ✔️ NestJS
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/remix?ref=github.com">
+          ✔️ Remix
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nextjs?ref=github.com">
+          ✔️ Next.js
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vite?ref=github.com">
+          ✔️ Vite
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/rails?ref=github.com">
+          ✔️ Ruby on Rails
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vue?ref=github.com">
+          ✔️ Vue
+        </a>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+</td>
+</tr> 
+</table>
+
+
+## 🏘 Open-source vs. paid
+
+This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
+
+## 🛡 Security
 
 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.
 
-
-## Contributors 🦸
+## 🦸 Contributors
 
 [//]: contributor-faces
 
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
- <a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/vlad-matsiiako"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> 
+
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/asharonbaltazar"><img src="https://avatars.githubusercontent.com/u/58940073?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/edgarrmondragon"><img src="https://avatars.githubusercontent.com/u/16805946?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> 

backend/environment.d.ts

@@ -21,6 +21,7 @@ declare global {
       PRIVATE_KEY: string;
       PUBLIC_KEY: string;
       SENTRY_DSN: string;
+      SITE_URL: string;
       SMTP_HOST: string;
       SMTP_NAME: string;
       SMTP_PASSWORD: string;
@@ -31,7 +32,6 @@ declare global {
       STRIPE_PUBLISHABLE_KEY: string;
       STRIPE_SECRET_KEY: string;
       STRIPE_WEBHOOK_SECRET: string;
-      WEBSITE_URL: string;
     }
   }
 }

backend/package-lock.json

@@ -10,7 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "@sentry/node": "^7.14.0",
-        "@sentry/tracing": "^7.14.0",
+        "@sentry/tracing": "^7.19.0",
         "@types/crypto-js": "^4.1.1",
         "axios": "^1.1.3",
         "bigint-conversion": "^2.2.2",
@@ -19,13 +19,13 @@
         "crypto-js": "^4.1.1",
         "dotenv": "^16.0.1",
         "express": "^4.18.1",
-        "express-rate-limit": "^6.5.1",
+        "express-rate-limit": "^6.7.0",
         "express-validator": "^6.14.2",
         "handlebars": "^4.7.7",
         "helmet": "^5.1.1",
         "jsonwebtoken": "^8.5.1",
         "jsrp": "^0.2.4",
-        "mongoose": "^6.7.1",
+        "mongoose": "^6.7.2",
         "nodemailer": "^6.8.0",
         "posthog-node": "^2.1.0",
         "query-string": "^7.1.1",
@@ -33,7 +33,7 @@
         "stripe": "^10.7.0",
         "tweetnacl": "^1.0.3",
         "tweetnacl-util": "^0.15.1",
-        "typescript": "^4.8.4"
+        "typescript": "^4.9.3"
       },
       "devDependencies": {
         "@posthog/plugin-scaffold": "^1.3.4",
@@ -43,6 +43,8 @@
         "@types/jsonwebtoken": "^8.5.9",
         "@types/node": "^18.11.3",
         "@types/nodemailer": "^6.4.6",
+        "@types/swagger-jsdoc": "^6.0.1",
+        "@types/swagger-ui-express": "^4.1.3",
         "@typescript-eslint/eslint-plugin": "^5.40.1",
         "@typescript-eslint/parser": "^5.40.1",
         "eslint": "^8.26.0",
@@ -2606,13 +2608,13 @@
       }
     },
     "node_modules/@sentry/node": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.17.4.tgz",
-      "integrity": "sha512-cR+Gsir9c/tzFWxvk4zXkMQy6tNRHEYixHrb88XIjZVYDqDS9l2/bKs5nJusdmaUeLtmPp5Et2o7RJyS7gvKTQ==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.19.0.tgz",
+      "integrity": "sha512-yG7Tx32WqOkEHVotFLrumCcT9qlaSDTkFNZ+yLSvZXx74ifsE781DzBA9W7K7bBdYO3op+p2YdsOKzf3nPpAyQ==",
       "dependencies": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "cookie": "^0.4.1",
         "https-proxy-agent": "^5.0.0",
         "lru_map": "^0.3.3",
@@ -2622,14 +2624,80 @@
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/tracing": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.17.4.tgz",
-      "integrity": "sha512-9Fz6DI16ddnd970mlB5MiCNRSmSXp4SVZ1Yv3L22oS3kQeNxjBTE+htYNwJzSPrQp9aL/LqTYwlnrCy24u9XQA==",
+    "node_modules/@sentry/node/node_modules/@sentry/core": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+      "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
       "dependencies": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/node/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/node/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
+      "dependencies": {
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/core": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+      "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
@@ -2915,6 +2983,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "node_modules/@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "node_modules/@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "dependencies": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "node_modules/@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
@@ -4499,9 +4583,9 @@
       }
     },
     "node_modules/express-rate-limit": {
-      "version": "6.6.0",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
-      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
       "engines": {
         "node": ">= 12.9.0"
       },
@@ -6434,9 +6518,9 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "6.7.1",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.1.tgz",
-      "integrity": "sha512-qbagtqSyvIhUz4EWzXC00EA0DJHFrQwlzTlNGX5DjiESoJiPKqkEga1k9hviFKRFgBna+OlW54mkdi+0+AqxCw==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "dependencies": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",
@@ -10490,9 +10574,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.8.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
-      "integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
+      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -13040,28 +13124,80 @@
       }
     },
     "@sentry/node": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.17.4.tgz",
-      "integrity": "sha512-cR+Gsir9c/tzFWxvk4zXkMQy6tNRHEYixHrb88XIjZVYDqDS9l2/bKs5nJusdmaUeLtmPp5Et2o7RJyS7gvKTQ==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.19.0.tgz",
+      "integrity": "sha512-yG7Tx32WqOkEHVotFLrumCcT9qlaSDTkFNZ+yLSvZXx74ifsE781DzBA9W7K7bBdYO3op+p2YdsOKzf3nPpAyQ==",
       "requires": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "cookie": "^0.4.1",
         "https-proxy-agent": "^5.0.0",
         "lru_map": "^0.3.3",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sentry/tracing": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.17.4.tgz",
-      "integrity": "sha512-9Fz6DI16ddnd970mlB5MiCNRSmSXp4SVZ1Yv3L22oS3kQeNxjBTE+htYNwJzSPrQp9aL/LqTYwlnrCy24u9XQA==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
       "requires": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sentry/types": {
@@ -13337,6 +13473,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
@@ -14489,9 +14641,9 @@
       }
     },
     "express-rate-limit": {
-      "version": "6.6.0",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
-      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
       "requires": {}
     },
     "express-validator": {
@@ -15930,9 +16082,9 @@
       }
     },
     "mongoose": {
-      "version": "6.7.1",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.1.tgz",
-      "integrity": "sha512-qbagtqSyvIhUz4EWzXC00EA0DJHFrQwlzTlNGX5DjiESoJiPKqkEga1k9hviFKRFgBna+OlW54mkdi+0+AqxCw==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "requires": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",
@@ -18791,9 +18943,9 @@
       }
     },
     "typescript": {
-      "version": "4.8.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
-      "integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ=="
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
+      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA=="
     },
     "uglify-js": {
       "version": "3.17.4",

backend/package.json

@@ -1,7 +1,7 @@
 {
   "dependencies": {
     "@sentry/node": "^7.14.0",
-    "@sentry/tracing": "^7.14.0",
+    "@sentry/tracing": "^7.19.0",
     "@types/crypto-js": "^4.1.1",
     "axios": "^1.1.3",
     "bigint-conversion": "^2.2.2",
@@ -10,13 +10,13 @@
     "crypto-js": "^4.1.1",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
-    "express-rate-limit": "^6.5.1",
+    "express-rate-limit": "^6.7.0",
     "express-validator": "^6.14.2",
     "handlebars": "^4.7.7",
     "helmet": "^5.1.1",
     "jsonwebtoken": "^8.5.1",
     "jsrp": "^0.2.4",
-    "mongoose": "^6.7.1",
+    "mongoose": "^6.7.2",
     "nodemailer": "^6.8.0",
     "posthog-node": "^2.1.0",
     "query-string": "^7.1.1",
@@ -24,7 +24,7 @@
     "stripe": "^10.7.0",
     "tweetnacl": "^1.0.3",
     "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.8.4"
+    "typescript": "^4.9.3"
   },
   "name": "infisical-api",
   "version": "1.0.0",
@@ -56,6 +56,8 @@
     "@types/jsonwebtoken": "^8.5.9",
     "@types/node": "^18.11.3",
     "@types/nodemailer": "^6.4.6",
+    "@types/swagger-jsdoc": "^6.0.1",
+    "@types/swagger-ui-express": "^4.1.3",
     "@typescript-eslint/eslint-plugin": "^5.40.1",
     "@typescript-eslint/parser": "^5.40.1",
     "eslint": "^8.26.0",

backend/src/config/index.ts

@@ -1,5 +1,5 @@
 const PORT = process.env.PORT || 4000;
-const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400'; // investigate
+const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400';
 const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY!;
 const JWT_AUTH_LIFETIME = process.env.JWT_AUTH_LIFETIME! || '10d';
 const JWT_AUTH_SECRET = process.env.JWT_AUTH_SECRET!;
@@ -12,11 +12,12 @@ const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
 const OAUTH_CLIENT_SECRET_HEROKU = process.env.OAUTH_CLIENT_SECRET_HEROKU!;
 const OAUTH_TOKEN_URL_HEROKU = process.env.OAUTH_TOKEN_URL_HEROKU!;
-const POSTHOG_HOST = process.env.POSTHOG_HOST!;
-const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY!;
+const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
+const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY! || 'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
 const PRIVATE_KEY = process.env.PRIVATE_KEY!;
 const PUBLIC_KEY = process.env.PUBLIC_KEY!;
 const SENTRY_DSN = process.env.SENTRY_DSN!;
+const SITE_URL = process.env.SITE_URL!;
 const SMTP_HOST = process.env.SMTP_HOST! || 'smtp.gmail.com';
 const SMTP_NAME = process.env.SMTP_NAME!;
 const SMTP_USERNAME = process.env.SMTP_USERNAME!;
@@ -27,7 +28,7 @@ const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
-const WEBSITE_URL = 'http://frontend:3000';
+const TELEMETRY_ENABLED = (process.env.TELEMETRY_ENABLED! !== 'false') && true;
 
 export {
 	PORT,
@@ -49,6 +50,7 @@ export {
 	PRIVATE_KEY,
 	PUBLIC_KEY,
 	SENTRY_DSN,
+	SITE_URL,
 	SMTP_HOST,
 	SMTP_NAME,
 	SMTP_USERNAME,
@@ -59,5 +61,5 @@ export {
 	STRIPE_PUBLISHABLE_KEY,
 	STRIPE_SECRET_KEY,
 	STRIPE_WEBHOOK_SECRET,
-	WEBSITE_URL
+	TELEMETRY_ENABLED
 };

backend/src/controllers/membershipController.ts

@@ -6,7 +6,7 @@ import {
 	deleteMembership as deleteMember
 } from '../helpers/membership';
 import { sendMail } from '../helpers/nodemailer';
-import { WEBSITE_URL } from '../config';
+import { SITE_URL } from '../config';
 import { ADMIN, MEMBER, GRANTED, ACCEPTED } from '../variables';
 
 /**
@@ -217,11 +217,10 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 				inviterFirstName: req.user.firstName,
 				inviterEmail: req.user.email,
 				workspaceName: req.membership.workspace.name,
-				callback_url: WEBSITE_URL + '/login'
+				callback_url: SITE_URL + '/login'
 			}
 		});
 	} catch (err) {
-		console.error(err);
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
 		return res.status(400).send({

backend/src/controllers/membershipOrgController.ts

@@ -1,7 +1,7 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import crypto from 'crypto';
-import { WEBSITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
+import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
 import { MembershipOrg, Organization, User, Token } from '../models';
 import { deleteMembershipOrg as deleteMemberFromOrg } from '../helpers/membershipOrg';
 import { checkEmailVerification } from '../helpers/signup';
@@ -186,7 +186,7 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 					organizationName: organization.name,
 					email: inviteeEmail,
 					token,
-					callback_url: WEBSITE_URL + '/signupinvite'
+					callback_url: SITE_URL + '/signupinvite'
 				}
 			});
 		}

backend/src/controllers/organizationController.ts

@@ -1,13 +1,14 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import {
+	SITE_URL,
 	STRIPE_SECRET_KEY,
 	STRIPE_PRODUCT_STARTER,
 	STRIPE_PRODUCT_PRO,
-	STRIPE_PRODUCT_CARD_AUTH,
-	WEBSITE_URL
+	STRIPE_PRODUCT_CARD_AUTH
 } from '../config';
 import Stripe from 'stripe';
+
 const stripe = new Stripe(STRIPE_SECRET_KEY, {
 	apiVersion: '2022-08-01'
 });
@@ -350,13 +351,13 @@ export const createOrganizationPortalSession = async (
 				customer: req.membershipOrg.organization.customerId,
 				mode: 'setup',
 				payment_method_types: ['card'],
-				success_url: WEBSITE_URL + '/dashboard',
-				cancel_url: WEBSITE_URL + '/dashboard'
+				success_url: SITE_URL + '/dashboard',
+				cancel_url: SITE_URL + '/dashboard'
 			});
 		} else {
 			session = await stripe.billingPortal.sessions.create({
 				customer: req.membershipOrg.organization.customerId,
-				return_url: WEBSITE_URL + '/dashboard'
+				return_url: SITE_URL + '/dashboard'
 			});
 		}
 

backend/src/controllers/secretController.ts

@@ -7,16 +7,9 @@ import {
 	reformatPullSecrets
 } from '../helpers/secret';
 import { pushKeys } from '../helpers/key';
-import { PostHog } from 'posthog-node';
 import { ENV_SET } from '../variables';
-import { NODE_ENV, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST } from '../config';
 
-let client: any;
-if (NODE_ENV === 'production' && POSTHOG_PROJECT_API_KEY && POSTHOG_HOST) {
-	client = new PostHog(POSTHOG_PROJECT_API_KEY, {
-		host: POSTHOG_HOST
-	});
-}
+import { postHogClient } from '../services';
 
 interface PushSecret {
 	ciphertextKey: string;
@@ -68,11 +61,10 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			keys
 		});
 
-		if (client) {
-			// capture secrets pushed event in production
-			client.capture({
-				distinctId: req.user.email,
+		if (postHogClient) {
+			postHogClient.capture({
 				event: 'secrets pushed',
+				distinctId: req.user.email,
 				properties: {
 					numberOfSecrets: secrets.length,
 					environment,
@@ -81,6 +73,7 @@ export const pushSecrets = async (req: Request, res: Response) => {
 				}
 			});
 		}
+
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@@ -131,9 +124,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 			secrets = reformatPullSecrets({ secrets });
 		}
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.user.email,
 				event: 'secrets pulled',
 				properties: {
@@ -198,9 +191,9 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 			workspace: req.serviceToken.workspace
 		};
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.serviceToken.user.email,
 				event: 'secrets pulled',
 				properties: {

backend/src/helpers/rateLimiter.ts

@@ -3,7 +3,7 @@ import rateLimit from 'express-rate-limit';
 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000,
-	max: 300,
+	max: 400,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -11,7 +11,7 @@ const apiLimiter = rateLimit({
 // 5 requests per hour
 const signupLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -19,7 +19,7 @@ const signupLimiter = rateLimit({
 // 10 requests per hour
 const loginLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 10,
+	max: 20,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -27,7 +27,7 @@ const loginLimiter = rateLimit({
 // 5 requests per hour
 const passwordLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });

backend/src/helpers/signup.ts

@@ -66,7 +66,7 @@ const checkEmailVerification = async ({
 			email,
 			token: code
 		});
-
+	
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
@@ -106,7 +106,7 @@ const initializeDefaultOrg = async ({
 
 		// initialize a default workspace inside the new organization
 		const workspace = await createWorkspace({
-			name: `${user.firstName}'s Project`,
+			name: `Example Project`,
 			organizationId: organization._id.toString()
 		});
 

backend/src/index.ts

@@ -4,9 +4,10 @@ import cors from 'cors';
 import cookieParser from 'cookie-parser';
 import mongoose from 'mongoose';
 import dotenv from 'dotenv';
+
 dotenv.config();
 import * as Sentry from '@sentry/node';
-import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, WEBSITE_URL } from './config';
+import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, SITE_URL, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST, TELEMETRY_ENABLED } from './config';
 import { apiLimiter } from './helpers/rateLimiter';
 
 const app = express();
@@ -54,7 +55,7 @@ app.enable('trust proxy');
 app.use(cookieParser());
 app.use(cors({
 	credentials: true,
-	origin: WEBSITE_URL
+	origin: SITE_URL
 }));
 
 if (NODE_ENV === 'production') {

backend/src/models/token.ts

@@ -18,7 +18,7 @@ const tokenSchema = new Schema<IToken>({
 	},
 	createdAt: {
 		type: Date,
-		expires: EMAIL_TOKEN_LIFETIME,
+		expires: parseInt(EMAIL_TOKEN_LIFETIME),
 		default: Date.now
 	}
 });

backend/src/routes/auth.ts

@@ -13,7 +13,7 @@ router.post(
 
 router.post(
 	'/login1',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientPublicKey').exists().trim().notEmpty(),
 	validateRequest,
@@ -22,7 +22,7 @@ router.post(
 
 router.post(
 	'/login2',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientProof').exists().trim().notEmpty(),
 	validateRequest,

backend/src/routes/signup.ts

@@ -7,7 +7,7 @@ import { signupLimiter } from '../helpers/rateLimiter';
 
 router.post(
 	'/email/signup',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	validateRequest,
 	signupController.beginEmailSignup
@@ -15,7 +15,7 @@ router.post(
 
 router.post(
 	'/email/verify',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('code').exists().trim().notEmpty(),
 	validateRequest,
@@ -24,7 +24,7 @@ router.post(
 
 router.post(
 	'/complete-account/signup',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),
@@ -42,7 +42,7 @@ router.post(
 
 router.post(
 	'/complete-account/invite',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),

backend/src/services/PostHogClient.ts

@@ -0,0 +1,15 @@
+import { PostHog } from 'posthog-node';
+import { NODE_ENV, POSTHOG_HOST, POSTHOG_PROJECT_API_KEY, TELEMETRY_ENABLED } from '../config';
+
+let postHogClient: any;
+if (
+    NODE_ENV === 'production'
+    && TELEMETRY_ENABLED
+) {
+    // case: enable opt-out telemetry in production
+    postHogClient = new PostHog(POSTHOG_PROJECT_API_KEY, {
+        host: POSTHOG_HOST
+    });
+}
+
+export default postHogClient;

backend/src/services/index.ts

@@ -0,0 +1,5 @@
+import postHogClient from './PostHogClient';
+
+export {
+    postHogClient
+}

cli/README.md

@@ -1,102 +0,0 @@
-## Install
-#### Windows 
-Use [Scoop](https://scoop.sh/) package manager
-
-```
-$ scoop bucket add org https://github.com/Infisical/scoop-infisical.git
-$ scoop install infisical
-$ infisical --version
-```
-
-To update:
-
-```
-$ scoop update infisical
-```
-
-#### Mac OS 
-Use [brew](https://brew.sh/) package manager
-
-```
-$ brew install infisical/get-cli/infisical  
-$ infisical --version
-```
-
-To update:
-
-```
-$ brew upgrade infisical
-```
-
-#### Linux
-##### Debian/Ubuntu (package manager: apt) 
-
-```
-Add Infisical apt repo 
-$ echo "deb [trusted=yes] https://apt.fury.io/infisical/ /" | tee -a /etc/apt/sources.list.d/infisical.list
-
-Add prerequisites
-$ apt update && apt -y install ca-certificates sudo 
-
-Install infisical cli
-$ sudo apt update && apt install infisical
-
-To make sure the CLI has been installed, you may run this command.
-$ infisical --version 
-```
-
-We do not yet have repositores setup for APK, YUM and APT package managers. However, we have several binaries which can be downloaded manually for your Linux. Please vist the [release age](https://github.com/Infisical/infisical/releases) 
-
-#### Install via bash and curl
-This script will attempt to download the correct version of Infisical CLI and add it to your path. No package manager needed.
-
-```
-curl https://raw.githubusercontent.com/Infisical/infisical/main/scripts/install.sh | sh
-```
-
-## Local Usage
-Once you have the CLI installed, using it is easy. 
-
-#### Steps 1
-Create a project at https://infisical.com/ if you haven't already add your secrets to it. 
-
-#### Step 2
-Login to the CLI by running the following command in your terminal 
-
-```
-infisical login 
-```
-
-#### Step 3
-After logging in, `CD` to the root of the project where you would like to inject your secrets into. Once you are in the root, run the following command in the terminal to link your Infisical project to your local project.
-
-```
-infisical init 
-```
-
-#### Step 3
-To inject the secrets from the project you have selected into your application process, run the following command.
-
-```
-infisical run -- <your application start command>
-```
-
-Example:
-
-```
-infisical run -- npm run dev 
-```
-
-## General production Usage
-Once you have the binary installed in your production environment, injecting secrets is easy. 
-
-#### Steps 1
-Get a Infisical Token for your project by visiting BLANK. Also note down the project ID for which you created the token for. 
-
-#### Steps 2
-Ensure your application has the environment variable `INFISICAL_TOKEN` asigned to the token you received in step one. Then run 
-
-```
-infisical run --projectId=<projectID> -- <your application start command>
-```
-

cli/go.mod

@@ -4,14 +4,14 @@ go 1.19
 
 require (
 	github.com/spf13/cobra v1.6.1
-	golang.org/x/crypto v0.2.0
+	golang.org/x/crypto v0.3.0
 )
 
 require (
 	github.com/alessio/shellescape v1.4.1 // indirect
-	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
-	github.com/danieljoos/wincred v1.1.0 // indirect
-	github.com/godbus/dbus/v5 v5.0.6 // indirect
+	github.com/chzyer/readline v1.5.1 // indirect
+	github.com/danieljoos/wincred v1.1.2 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	golang.org/x/net v0.2.0 // indirect
 	golang.org/x/sys v0.2.0 // indirect
 )

cli/go.sum

@@ -1,21 +1,26 @@
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
+github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
+github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
+github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
+github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/danieljoos/wincred v1.1.0 h1:3RNcEpBg4IhIChZdFRSdlQt1QjCp1sMAPIrOnm7Yf8g=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
+github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
@@ -36,14 +41,16 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/zalando/go-keyring v0.2.1 h1:MBRN/Z8H4U5wEKXiD67YbDAr5cj/DOStmSga70/2qKc=
 github.com/zalando/go-keyring v0.2.1/go.mod h1:g63M2PPn0w5vjmEbwAX3ib5I+41zdm4esSETOn9Y6Dw=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

cli/packages/cmd/export.go

@@ -0,0 +1,140 @@
+/*
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
+*/
+package cmd
+
+import (
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/Infisical/infisical-merge/packages/models"
+	"github.com/Infisical/infisical-merge/packages/util"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+const (
+	FormatDotenv string = "dotenv"
+	FormatJson   string = "json"
+	FormatCSV    string = "csv"
+)
+
+// exportCmd represents the export command
+var exportCmd = &cobra.Command{
+	Use:                   "export",
+	Short:                 "Used to export environment variables to a file",
+	DisableFlagsInUseLine: true,
+	Example:               "infisical export --env=prod --format=json > secrets.json",
+	Args:                  cobra.NoArgs,
+	PreRun:                toggleDebug,
+	Run: func(cmd *cobra.Command, args []string) {
+		envName, err := cmd.Flags().GetString("env")
+		if err != nil {
+			log.Errorln("Unable to parse the environment flag")
+			log.Debugln(err)
+			return
+		}
+
+		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
+		if err != nil {
+			log.Errorln("Unable to parse the substitute flag")
+			log.Debugln(err)
+			return
+		}
+
+		projectId, err := cmd.Flags().GetString("projectId")
+		if err != nil {
+			log.Errorln("Unable to parse the project id flag")
+			log.Debugln(err)
+			return
+		}
+
+		format, err := cmd.Flags().GetString("format")
+		if err != nil {
+			log.Errorln("Unable to parse the format flag")
+			log.Debugln(err)
+			return
+		}
+
+		envsFromApi, err := util.GetAllEnvironmentVariables(projectId, envName)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
+			log.Debugln(err)
+			return
+		}
+
+		var output string
+		if shouldExpandSecrets {
+			substitutions := util.SubstituteSecrets(envsFromApi)
+			output, err = formatEnvs(substitutions, format)
+			if err != nil {
+				log.Errorln(err)
+				return
+			}
+		} else {
+			output, err = formatEnvs(envsFromApi, format)
+			if err != nil {
+				log.Errorln(err)
+				return
+			}
+		}
+		fmt.Print(output)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(exportCmd)
+	exportCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
+	exportCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
+	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
+	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
+}
+
+// Format according to the format flag
+func formatEnvs(envs []models.SingleEnvironmentVariable, format string) (string, error) {
+	switch strings.ToLower(format) {
+	case FormatDotenv:
+		return formatAsDotEnv(envs), nil
+	case FormatJson:
+		return formatAsJson(envs), nil
+	case FormatCSV:
+		return formatAsCSV(envs), nil
+	default:
+		return "", fmt.Errorf("invalid format flag: %s", format)
+	}
+}
+
+// Format environment variables as a CSV file
+func formatAsCSV(envs []models.SingleEnvironmentVariable) string {
+	csvString := &strings.Builder{}
+	writer := csv.NewWriter(csvString)
+	writer.Write([]string{"Key", "Value"})
+	for _, env := range envs {
+		writer.Write([]string{env.Key, env.Value})
+	}
+	writer.Flush()
+	return csvString.String()
+}
+
+// Format environment variables as a dotenv file
+func formatAsDotEnv(envs []models.SingleEnvironmentVariable) string {
+	var dotenv string
+	for _, env := range envs {
+		dotenv += fmt.Sprintf("%s='%s'\n", env.Key, env.Value)
+	}
+	return dotenv
+}
+
+// Format environment variables as a JSON file
+func formatAsJson(envs []models.SingleEnvironmentVariable) string {
+	// Dump as a json array
+	json, err := json.Marshal(envs)
+	if err != nil {
+		log.Errorln("Unable to marshal environment variables to JSON")
+		log.Debugln(err)
+		return ""
+	}
+	return string(json)
+}

cli/packages/cmd/init.go

@@ -36,7 +36,7 @@ var initCmd = &cobra.Command{
 			return
 		}
 
-		if util.WorkspaceConfigFileExists() {
+		if util.WorkspaceConfigFileExistsInCurrentPath() {
 			shouldOverride, err := shouldOverrideWorkspacePrompt()
 			if err != nil {
 				log.Errorln("Unable to parse your answer")

cli/packages/cmd/login.go

@@ -28,8 +28,9 @@ var loginCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
 		hasUserLoggedInbefore, currentLoggedInUserEmail, err := util.IsUserLoggedIn()
+
 		if err != nil {
-			log.Debugln(err)
+			log.Debugln("Unable to get current logged in user.", err)
 		}
 
 		if hasUserLoggedInbefore {
@@ -45,12 +46,6 @@ var loginCmd = &cobra.Command{
 			}
 		}
 
-		if err != nil {
-			log.Errorln("Unable to get current logged in user.")
-			log.Debugln(err)
-			return
-		}
-
 		email, password, err := askForLoginCredentials()
 		if err != nil {
 			log.Errorln("Unable to parse email and password for authentication")
@@ -119,8 +114,8 @@ func init() {
 
 func askForLoginCredentials() (email string, password string, err error) {
 	validateEmail := func(input string) error {
-		result, err := regexp.MatchString("^\\w+@[a-zA-Z_]+?\\.[a-zA-Z]{2,3}$", input)
-		if err != nil || !result {
+		matched, err := regexp.MatchString("^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$", input)
+		if err != nil || !matched {
 			return errors.New("this doesn't look like an email address")
 		}
 		return nil
@@ -160,6 +155,7 @@ func askForLoginCredentials() (email string, password string, err error) {
 }
 
 func getFreshUserCredentials(email string, password string) (*models.LoginTwoResponse, error) {
+	log.Debugln("getFreshUserCredentials:", "email", email, "password", password)
 	httpClient := resty.New()
 	httpClient.SetRetryCount(5)
 
@@ -180,7 +176,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(loginOneRequest).
 		SetResult(&loginOneResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login1"))
+		Post(fmt.Sprintf("%v/v1/auth/login1", util.INFISICAL_URL))
 
 	if err != nil {
 		return nil, err
@@ -216,7 +212,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(LoginTwoRequest).
 		SetResult(&loginTwoResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login2"))
+		Post(fmt.Sprintf("%v/v1/auth/login2", util.INFISICAL_URL))
 
 	if err != nil {
 		return nil, err

cli/packages/cmd/root.go

@@ -15,7 +15,7 @@ var rootCmd = &cobra.Command{
 	Short:             "Infisical CLI is used to inject environment variables into any process",
 	Long:              `Infisical is a simple, end-to-end encrypted service that enables teams to sync and manage their environment variables across their development life cycle.`,
 	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-	Version:           "1.0.0",
+	Version:           "0.1.10",
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.
@@ -30,5 +30,5 @@ func Execute() {
 func init() {
 	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	rootCmd.PersistentFlags().BoolVarP(&debugLogging, "debug", "d", false, "Enable verbose logging")
-	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://api.infisical.com", "Point the CLI to your own backend")
+	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://app.infisical.com/api", "Point the CLI to your own backend")
 }

cli/packages/cmd/run.go

@@ -22,13 +22,20 @@ var runCmd = &cobra.Command{
 	Use:                   "run [any infisical run command flags] -- [your application start command]",
 	Short:                 "Used to inject environments variables into your application process",
 	DisableFlagsInUseLine: true,
-	Example:               "infisical run --stage=prod -- npm run dev",
+	Example:               "infisical run --env=prod -- npm run dev",
 	Args:                  cobra.MinimumNArgs(1),
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
-		stageName, err := cmd.Flags().GetString("stage")
+		envName, err := cmd.Flags().GetString("env")
 		if err != nil {
-			log.Errorln("Unable to parse the stage flag")
+			log.Errorln("Unable to parse the environment flag")
+			log.Debugln(err)
+			return
+		}
+
+		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
+		if err != nil {
+			log.Errorln("Unable to parse the substitute flag")
 			log.Debugln(err)
 			return
 		}
@@ -40,62 +47,37 @@ var runCmd = &cobra.Command{
 			return
 		}
 
-		var envsFromApi []models.SingleEnvironmentVariable
-		infisicalToken := os.Getenv(util.INFISICAL_SERVICE_TOKEN)
-		if infisicalToken == "" {
-			hasUserLoggedInbefore, loggedInUserEmail, err := util.IsUserLoggedIn()
-			if err != nil {
-				log.Info("Unexpected issue occurred while checking login status. To see more details, add flag --debug")
-				log.Debugln(err)
-				return
-			}
-
-			if !hasUserLoggedInbefore {
-				log.Infoln("No logged in user. To login, please run command [infisical login]")
-				return
-			}
-
-			userCreds, err := util.GetUserCredsFromKeyRing(loggedInUserEmail)
-			if err != nil {
-				log.Infoln("Unable to get user creds from key ring")
-				log.Debug(err)
-				return
-			}
-
-			if !util.WorkspaceConfigFileExists() {
-				log.Infoln("Your project is not connected to a project yet. Run command [infisical init]")
-				return
-			}
-
-			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(stageName, userCreds)
-			if err != nil {
-				log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
-				log.Debugln(err)
-				return
-			}
-		} else {
-			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, stageName, projectId)
-			if err != nil {
-				log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
-				log.Debugln(err)
-				return
-			}
+		secrets, err := util.GetAllEnvironmentVariables(projectId, envName)
+		if err != nil {
+			log.Debugln(err)
+			return
+		}
+
+		if shouldExpandSecrets {
+			secretsWithSubstitutions := util.SubstituteSecrets(secrets)
+			execCmd(args[0], args[1:], secretsWithSubstitutions)
+		} else {
+			execCmd(args[0], args[1:], secrets)
 		}
 
-		execCmd(args[0], args[1:], envsFromApi)
 	},
 }
 
 func init() {
 	rootCmd.AddCommand(runCmd)
-	runCmd.Flags().StringP("stage", "s", "dev", "Set the stage (dev, prod, etc.) from which your secrets should be pulled from")
+	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
+	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 }
 
 // Credit: inspired by AWS Valut
 func execCmd(command string, args []string, envs []models.SingleEnvironmentVariable) error {
-	log.Debugln("Secrets to inject:", envs)
+	numberOfSecretsInjected := fmt.Sprintf("\u2713 Injected %v Infisical secrets into your application process successfully", len(envs))
+
+	log.Infof("\x1b[%dm%s\x1b[0m", 32, numberOfSecretsInjected)
 	log.Debugf("executing command: %s %s \n", command, strings.Join(args, " "))
+	log.Debugln("Secrets injected:", envs)
+
 	cmd := exec.Command(command, args...)
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout

cli/packages/models/error.go

@@ -0,0 +1,17 @@
+package models
+
+import log "github.com/sirupsen/logrus"
+
+// Custom error type so that we can give helpful messages in CLI
+type Error struct {
+	Err             error
+	FriendlyMessage string
+}
+
+func (e *Error) printFriendlyMessage() {
+	log.Infoln(e.FriendlyMessage)
+}
+
+func (e *Error) printDebuError() {
+	log.Debugln(e.Err)
+}

cli/packages/util/common.go

@@ -9,10 +9,10 @@ const (
 	CONFIG_FILE_NAME                     = "infisical-config.json"
 	CONFIG_FOLDER_NAME                   = ".infisical"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
-	INFISICAL_SERVICE_TOKEN              = "INFISICAL_SERVICE_TOKEN"
+	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
 )
 
-var INFISICAL_URL = "https://api.infisical.com"
+var INFISICAL_URL = "https://app.infisical.com/api"
 
 func GetHomeDir() (string, error) {
 	directory, err := os.UserHomeDir()

cli/packages/util/config.go

@@ -56,7 +56,7 @@ func ConfigFileExists() bool {
 	}
 }
 
-func WorkspaceConfigFileExists() bool {
+func WorkspaceConfigFileExistsInCurrentPath() bool {
 	if _, err := os.Stat(INFISICAL_WORKSPACE_CONFIG_FILE_NAME); err == nil {
 		return true
 	} else {
@@ -90,3 +90,65 @@ func GetFullConfigFilePath() (fullPathToFile string, fullPathToDirectory string,
 	fullDirPath := fmt.Sprintf("%s/%s", homeDir, CONFIG_FOLDER_NAME)
 	return fullPath, fullDirPath, err
 }
+
+// Given a path to a workspace config, unmarshal workspace config
+func GetWorkspaceConfigByPath(path string) (workspaceConfig models.WorkspaceConfigFile, err error) {
+	workspaceConfigFileAsBytes, err := os.ReadFile(path)
+	if err != nil {
+		return models.WorkspaceConfigFile{}, fmt.Errorf("GetWorkspaceConfigByPath: Unable to read workspace config file because [%s]", err)
+	}
+
+	var workspaceConfigFile models.WorkspaceConfigFile
+	err = json.Unmarshal(workspaceConfigFileAsBytes, &workspaceConfigFile)
+	if err != nil {
+		return models.WorkspaceConfigFile{}, fmt.Errorf("GetWorkspaceConfigByPath: Unable to unmarshal workspace config file because [%s]", err)
+	}
+
+	return workspaceConfigFile, nil
+}
+
+// Will get the list of .infisical.json files that are located
+// within the root of each sub folder from where the CLI is ran from
+func GetAllWorkSpaceConfigsStartingFromCurrentPath() (workspaces []models.WorkspaceConfigFile, err error) {
+	currentDir, err := os.Getwd()
+	if err != nil {
+		return nil, fmt.Errorf("GetAllProjectConfigs: unable to get the current directory because [%s]", err)
+	}
+
+	files, err := os.ReadDir(currentDir)
+	if err != nil {
+		return nil, fmt.Errorf("GetAllProjectConfigs: unable to read the contents of the current directory because [%s]", err)
+	}
+
+	listOfWorkSpaceConfigs := []models.WorkspaceConfigFile{}
+	for _, file := range files {
+		if !file.IsDir() && file.Name() == INFISICAL_WORKSPACE_CONFIG_FILE_NAME {
+			pathToWorkspaceConfigFile := currentDir + "/" + INFISICAL_WORKSPACE_CONFIG_FILE_NAME
+
+			workspaceConfig, err := GetWorkspaceConfigByPath(pathToWorkspaceConfigFile)
+			if err != nil {
+				return nil, fmt.Errorf("GetAllProjectConfigs: Unable to get config file because [%s]", err)
+			}
+
+			listOfWorkSpaceConfigs = append(listOfWorkSpaceConfigs, workspaceConfig)
+
+		} else if file.IsDir() {
+			pathToSubFolder := currentDir + "/" + file.Name()
+			pathToMaybeWorkspaceConfigFile := pathToSubFolder + "/" + INFISICAL_WORKSPACE_CONFIG_FILE_NAME
+
+			_, err := os.Stat(pathToMaybeWorkspaceConfigFile)
+			if err != nil {
+				continue // workspace config file doesn't exist
+			}
+
+			workspaceConfig, err := GetWorkspaceConfigByPath(pathToMaybeWorkspaceConfigFile)
+			if err != nil {
+				return nil, fmt.Errorf("GetAllProjectConfigs: Unable to get config file because [%s]", err)
+			}
+
+			listOfWorkSpaceConfigs = append(listOfWorkSpaceConfigs, workspaceConfig)
+		}
+	}
+
+	return listOfWorkSpaceConfigs, nil
+}

cli/packages/util/credentials.go

@@ -81,7 +81,7 @@ func IsUserLoggedIn() (hasUserLoggedIn bool, theUsersEmail string, err error) {
 
 		response, err := httpClient.
 			R().
-			Post(fmt.Sprintf("%v/%v", INFISICAL_URL, "checkAuth"))
+			Post(fmt.Sprintf("%v/v1/auth/checkAuth", INFISICAL_URL))
 
 		if err != nil {
 			return false, "", err

cli/packages/util/crypto.go

@@ -3,12 +3,9 @@ package util
 import (
 	"crypto/aes"
 	"crypto/cipher"
-
-	log "github.com/sirupsen/logrus"
 )
 
 func DecryptSymmetric(key []byte, encryptedPrivateKey []byte, tag []byte, IV []byte) ([]byte, error) {
-	log.Debugln("Key:", key, "encryptedPrivateKey", encryptedPrivateKey, "tag", tag, "IV", IV)
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err

cli/packages/util/secrets.go

@@ -4,6 +4,8 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"os"
+	"regexp"
 	"strings"
 
 	"github.com/Infisical/infisical-merge/packages/models"
@@ -12,33 +14,20 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )
 
-func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
-	log.Debugln("stageName", stageName, "userCreds", userCreds)
-	// check if user has configured a workspace
-	workspace, err := GetWorkSpaceFromFile()
-	if err != nil {
-		return nil, fmt.Errorf("Unable to read workspace file:", err)
-	}
-
-	// create http client
-	httpClient := resty.New().
-		SetAuthToken(userCreds.JTWToken).
-		SetHeader("Accept", "application/json")
-
+func getSecretsByWorkspaceIdAndEnvName(httpClient resty.Client, envName string, workspace models.WorkspaceConfigFile, userCreds models.UserCredentials) (listOfSecrets []models.SingleEnvironmentVariable, err error) {
 	var pullSecretsRequestResponse models.PullSecretsResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsRequestResponse).
-		Get(fmt.Sprintf("%v/%v/%v", INFISICAL_URL, "secret", workspace.WorkspaceId)) // need to change workspace id
+		Get(fmt.Sprintf("%v/v1/secret/%v", INFISICAL_URL, workspace.WorkspaceId)) // need to change workspace id
 
 	if err != nil {
 		return nil, err
 	}
 
 	if response.StatusCode() > 299 {
-		log.Debugln(response)
 		return nil, fmt.Errorf(response.Status())
 	}
 
@@ -63,7 +52,7 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 		return nil, err
 	}
 
-	log.Debugln("workspaceKey", workspaceKey, "nonce", nonce, "senderPublicKey", senderPublicKey, "currentUsersPrivateKey", currentUsersPrivateKey)
+	// log.Debugln("workspaceKey", workspaceKey, "nonce", nonce, "senderPublicKey", senderPublicKey, "currentUsersPrivateKey", currentUsersPrivateKey)
 	workspaceKeyInBytes, _ := box.Open(nil, workspaceKey, (*[24]byte)(nonce), (*[32]byte)(senderPublicKey), (*[32]byte)(currentUsersPrivateKey))
 	var listOfEnv []models.SingleEnvironmentVariable
 
@@ -97,9 +86,35 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 	return listOfEnv, nil
 }
 
-func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
-	if infisicalToken == "" || projectId == "" || stageName == "" {
-		return nil, errors.New("infisical token, project id and or stage name cannot be empty")
+func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
+	log.Debugln("GetSecretsFromAPIUsingCurrentLoggedInUser", "envName", envName, "userCreds", userCreds)
+	// check if user has configured a workspace
+	workspaces, err := GetAllWorkSpaceConfigsStartingFromCurrentPath()
+	if err != nil {
+		return nil, fmt.Errorf("Unable to read workspace file(s):", err)
+	}
+
+	// create http client
+	httpClient := resty.New().
+		SetAuthToken(userCreds.JTWToken).
+		SetHeader("Accept", "application/json")
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, workspace := range workspaces {
+		secretsFromAPI, err := getSecretsByWorkspaceIdAndEnvName(*httpClient, envName, workspace, userCreds)
+		if err != nil {
+			return nil, fmt.Errorf("GetSecretsFromAPIUsingCurrentLoggedInUser: Unable to get secrets by workspace id and env name")
+		}
+
+		secrets = append(secrets, secretsFromAPI...)
+	}
+
+	return secrets, nil
+}
+
+func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
+	if infisicalToken == "" || projectId == "" || envName == "" {
+		return nil, errors.New("infisical token, project id and or environment name cannot be empty")
 	}
 	splitToken := strings.Split(infisicalToken, ",")
 	JTWToken := splitToken[0]
@@ -113,17 +128,16 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName strin
 	var pullSecretsByInfisicalTokenResponse models.PullSecretsByInfisicalTokenResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsByInfisicalTokenResponse).
-		Get(fmt.Sprintf("%v/secret/%v/service-token", INFISICAL_URL, projectId))
+		Get(fmt.Sprintf("%v/v1/secret/%v/service-token", INFISICAL_URL, projectId))
 
 	if err != nil {
 		return nil, err
 	}
 
 	if response.StatusCode() > 299 {
-		log.Debugln(response)
 		return nil, fmt.Errorf(response.Status())
 	}
 
@@ -181,6 +195,60 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName strin
 	return listOfEnv, nil
 }
 
+func GetAllEnvironmentVariables(projectId string, envName string) ([]models.SingleEnvironmentVariable, error) {
+	infisicalToken := os.Getenv(INFISICAL_TOKEN_NAME)
+
+	if infisicalToken == "" {
+		hasUserLoggedInbefore, loggedInUserEmail, err := IsUserLoggedIn()
+		if err != nil {
+			log.Info("Unexpected issue occurred while checking login status. To see more details, add flag --debug")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		if !hasUserLoggedInbefore {
+			log.Infoln("No logged in user. To login, please run command [infisical login]")
+			return nil, fmt.Errorf("user not logged in")
+		}
+
+		userCreds, err := GetUserCredsFromKeyRing(loggedInUserEmail)
+		if err != nil {
+			log.Infoln("Unable to get user creds from key ring")
+			log.Debug(err)
+			return nil, err
+		}
+
+		workspaceConfigs, err := GetAllWorkSpaceConfigsStartingFromCurrentPath()
+		if err != nil {
+			return nil, fmt.Errorf("unable to check if you have a %s file in your current directory", INFISICAL_WORKSPACE_CONFIG_FILE_NAME)
+		}
+
+		if len(workspaceConfigs) == 0 {
+			log.Infoln("Your local project is not connected to a Infisical project yet. Run command [infisical init]")
+			return nil, fmt.Errorf("project not initialized")
+		}
+
+		envsFromApi, err := GetSecretsFromAPIUsingCurrentLoggedInUser(envName, userCreds)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		return envsFromApi, nil
+
+	} else {
+		envsFromApi, err := GetSecretsFromAPIUsingInfisicalToken(infisicalToken, envName, projectId)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		return envsFromApi, nil
+	}
+}
+
 func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models.Workspace, err error) {
 	// create http client
 	httpClient := resty.New().
@@ -191,7 +259,7 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 	response, err := httpClient.
 		R().
 		SetResult(&getWorkSpacesResponse).
-		Get(fmt.Sprintf("%v/%v", INFISICAL_URL, "workspace"))
+		Get(fmt.Sprintf("%v/v1/workspace", INFISICAL_URL))
 
 	if err != nil {
 		return nil, err
@@ -203,3 +271,73 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 
 	return getWorkSpacesResponse.Workspaces, nil
 }
+
+func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variableWeAreLookingFor string, hashMapOfCompleteVariables map[string]string, hashMapOfSelfRefs map[string]string) string {
+	if value, found := hashMapOfCompleteVariables[variableWeAreLookingFor]; found {
+		return value
+	}
+
+	for _, secret := range secrets {
+		if secret.Key == variableWeAreLookingFor {
+			regex := regexp.MustCompile(`\${([^\}]*)}`)
+			variablesToPopulate := regex.FindAllString(secret.Value, -1)
+
+			// case: variable is a constant so return its value
+			if len(variablesToPopulate) == 0 {
+				return secret.Value
+			}
+
+			valueToEdit := secret.Value
+			for _, variableWithSign := range variablesToPopulate {
+				variableWithoutSign := strings.Trim(variableWithSign, "}")
+				variableWithoutSign = strings.Trim(variableWithoutSign, "${")
+
+				// case: reference to self
+				if variableWithoutSign == secret.Key {
+					hashMapOfSelfRefs[variableWithoutSign] = variableWithoutSign
+					continue
+				} else {
+					var expandedVariableValue string
+
+					if preComputedVariable, found := hashMapOfCompleteVariables[variableWithoutSign]; found {
+						expandedVariableValue = preComputedVariable
+					} else {
+						expandedVariableValue = getExpandedEnvVariable(secrets, variableWithoutSign, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+						hashMapOfCompleteVariables[variableWithoutSign] = expandedVariableValue
+					}
+
+					// If after expanding all the vars above, is the current var a self ref? if so no replacement needed for it
+					if _, found := hashMapOfSelfRefs[variableWithoutSign]; found {
+						continue
+					} else {
+						valueToEdit = strings.ReplaceAll(valueToEdit, variableWithSign, expandedVariableValue)
+					}
+				}
+			}
+
+			return valueToEdit
+
+		} else {
+			continue
+		}
+	}
+
+	return "${" + variableWeAreLookingFor + "}"
+}
+
+func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
+	hashMapOfCompleteVariables := make(map[string]string)
+	hashMapOfSelfRefs := make(map[string]string)
+	expandedSecrets := []models.SingleEnvironmentVariable{}
+
+	for _, secret := range secrets {
+		expandedVariable := getExpandedEnvVariable(secrets, secret.Key, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+		expandedSecrets = append(expandedSecrets, models.SingleEnvironmentVariable{
+			Key:   secret.Key,
+			Value: expandedVariable,
+		})
+
+	}
+
+	return expandedSecrets
+}

cli/packages/util/secrets_test.go

@@ -0,0 +1,160 @@
+package util
+
+import (
+	"testing"
+
+	"github.com/Infisical/infisical-merge/packages/models"
+)
+
+// References to self should return the value unaltered
+func Test_SubstituteSecrets_When_ReferenceToSelf(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${A}", ExpectedValue: "${A}"},
+		{Key: "A", Value: "${A} ${A}", ExpectedValue: "${A} ${A}"},
+		{Key: "A", Value: "${A}${A}", ExpectedValue: "${A}${A}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${X}", ExpectedValue: "${X}"},
+		{Key: "A", Value: "${H}HELLO", ExpectedValue: "${H}HELLO"},
+		{Key: "A", Value: "${L}${S}", ExpectedValue: "${L}${S}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist_And_Self_Referencing(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "O",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "X",
+			Value:         "DOMAIN",
+			ExpectedValue: "DOMAIN",
+		},
+		{
+			Key:           "A",
+			Value:         "*${A}* ${X}",
+			ExpectedValue: "*${A}* DOMAIN",
+		},
+		{
+			Key:           "H",
+			Value:         "${X} >>>",
+			ExpectedValue: "DOMAIN >>>",
+		},
+		{
+			Key:           "P",
+			Value:         "DOMAIN === ${A} ${H}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>>",
+		},
+		{
+			Key:           "T",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A} ${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A} DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "S",
+			Value:         "${ SSS$$ ${HEY}",
+			ExpectedValue: "${ SSS$$ ${HEY}",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}
+
+func Test_SubstituteSecrets_When_No_SubstituteNeeded(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "DOMAIN",
+			Value:         "infisical.com",
+			ExpectedValue: "infisical.com",
+		},
+		{
+			Key:           "API_KEY",
+			Value:         "hdgsvjshcgkdckhevdkd",
+			ExpectedValue: "hdgsvjshcgkdckhevdkd",
+		},
+		{
+			Key:           "ENV",
+			Value:         "PROD",
+			ExpectedValue: "PROD",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}

cli/upload_to_cloudfront.sh

@@ -1,14 +0,0 @@
-for i in *.apk; do
-    [ -f "$i" ] || break
-    cloudsmith push alpine infisical/infisical-cli/alpine/any-version $i
-done
-
-for i in *.deb; do
-    [ -f "$i" ] || break
-    cloudsmith push deb --no-republish infisical/infisical-cli/debian/any-version $i
-done
-
-for i in *.rpm; do
-    [ -f "$i" ] || break
-    cloudsmith push rpm --no-republish infisical/infisical-cli/any-distro/any-version $i
-done

cli/upload_to_cloudsmith.sh

@@ -0,0 +1,15 @@
+cd dist
+for i in *.apk; do
+    [ -f "$i" ] || break
+    cloudsmith push alpine --republish infisical/infisical-cli/alpine/any-version $i
+done
+
+for i in *.deb; do
+    [ -f "$i" ] || break
+    cloudsmith push deb --republish infisical/infisical-cli/any-distro/any-version $i
+done
+
+for i in *.rpm; do
+    [ -f "$i" ] || break
+    cloudsmith push rpm --republish infisical/infisical-cli/any-distro/any-version $i
+done

docker-compose.dev.yml

@@ -1,66 +1,92 @@
 version: '3'
 
 services:
+  nginx:
+    container_name: infisical-dev-nginx
+    image: nginx
+    restart: always
+    ports:
+      - 8080:80
+    volumes:
+      - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - frontend
+      - backend
+    networks:
+      - infisical-dev
+
   backend:
-    container_name: infisical-backend
+    container_name: infisical-dev-backend
     restart: unless-stopped
     depends_on:
       - mongo
     build:
       context: ./backend
       dockerfile: Dockerfile
-    image: infisical/backend
     volumes:
       - ./backend/src:/app/src
       - ./backend/nodemon.json:/app/nodemon.json
       - /app/node_modules
     command: npm run dev
     env_file: .env
+    environment:
+      - NODE_ENV=development
     networks:
-      - infisical
+      - infisical-dev
   
   frontend:
-    container_name: infisical-frontend
+    container_name: infisical-dev-frontend
     restart: unless-stopped
     depends_on:
       - backend
     build:
       context: ./frontend
       dockerfile: Dockerfile.dev
-    image: infisical/frontend
     volumes:
       - ./frontend/pages:/app/pages
       - ./frontend/public:/app/public
       - ./frontend/styles:/app/styles
       - ./frontend/components:/app/components
     env_file: .env
+    environment:
+      - NEXT_PUBLIC_ENV=development
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
     networks:
-      - infisical
+      - infisical-dev
 
   mongo:
-    container_name: infisical-mongo
     image: mongo
+    container_name: infisical-dev-mongo
     restart: always
-    env_file:
-      - .env
+    env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
     volumes:
       - mongo-data:/data/db
     networks:
-      - infisical
+      - infisical-dev
 
   mongo-express:
-    container_name: infisical-mongo-express
+    container_name: infisical-dev-mongo-express
     image: mongo-express
     restart: always
     depends_on:
       - mongo
+    env_file: .env
+    environment:
+      - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_USERNAME}
+      - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_PASSWORD}
+      - ME_CONFIG_MONGODB_URL=mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@mongo:27017/
     ports:
       - 8081:8081
-    env_file:
-      - .env
     networks:
-      - infisical
+      - infisical-dev
 
 volumes:
   mongo-data:
-    driver: local
+    driver: local
+
+networks:
+  infisical-dev:

docker-compose.prod.yml

@@ -1,57 +0,0 @@
-version: '3'
-
-services:
-  backend:
-    platform: linux/amd64
-    container_name: infisical-backend
-    restart: unless-stopped
-    depends_on:
-      - mongo
-    build:
-      context: ./backend
-      dockerfile: Dockerfile
-    image: infisical/backend
-    volumes:
-      - ./backend/src:/app/src
-      - ./backend/nodemon.json:/app/nodemon.json
-      - /app/node_modules
-    command: npm run start
-    env_file: .env
-    networks:
-      - infisical
-  
-  frontend:
-    platform: linux/amd64
-    container_name: infisical-frontend
-    restart: unless-stopped
-    depends_on:
-      - backend
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile.prod
-    image: infisical/frontend
-    volumes:
-      - ./frontend/pages:/app/pages
-      - ./frontend/public:/app/public
-      - ./frontend/styles:/app/styles
-      - ./frontend/components:/app/components
-      - ./frontend/next.config.js:/app/next.config.js
-    env_file: .env
-    networks:
-      - infisical
-
-  mongo:
-    container_name: infisical-mongo
-    image: mongo
-    restart: always
-    environment:
-      MONGO_INITDB_ROOT_USERNAME: root
-      MONGO_INITDB_ROOT_PASSWORD: example
-    volumes:
-      - mongo-data:/data/db
-    networks:
-      - infisical
-
-volumes:
-  mongo-data:
-    driver: local

docker-compose.yml

@@ -4,14 +4,62 @@ services:
   nginx:
     container_name: infisical-nginx
     image: nginx
+    restart: always
     ports:
-      - "8080:80"
+      - 80:80
+      - 443:443
     volumes:
       - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
-    networks:
-      - infisical
     depends_on:
       - frontend
+      - backend
+    networks:
+      - infisical
+  
+  backend:
+    container_name: infisical-backend
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    image: infisical/backend
+    command: npm run start
+    env_file: .env
+    environment:
+      - NODE_ENV=production
+    networks:
+      - infisical
+  
+  frontend:
+    container_name: infisical-frontend
+    restart: unless-stopped
+    depends_on:
+      - backend
+    image: infisical/frontend
+    env_file: .env
+    environment:
+      # - NEXT_PUBLIC_POSTHOG_API_KEY=${POSTHOG_PROJECT_API_KEY}
+      - INFISICAL_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
+    networks:
+      - infisical
+
+  mongo:
+    container_name: infisical-mongo
+    image: mongo
+    restart: always
+    env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
+    volumes:
+      - mongo-data:/data/db
+    networks:
+      - infisical
+
+volumes:
+  mongo-data:
+    driver: local
 
 networks:
-  infisical:
+  infisical:

docs/CLI.mdx

@@ -1,31 +0,0 @@
----
-title: "Infisical CLI"
-description: "Learn about each supported command and its flags"
----
-
-## Background
-
-Infisical ships with multiple commands to assist with ongoing project needs; we list these commands and give context for them below.
-
-<Card title="Install the CLI" icon="lightbulb" href="/installCLI">
-  If you haven't already, install the Infisical CLI
-</Card>
-
-Note on arguments:
-
-- [environment]: the intended environment for the given command being one of dev, staging, or prod.
-- [projectId]: the project identifier found on the dashboard.
-
-## Commands
-
-- `login` used to set the logged in user. Your credentials are saved securely in your system key ring. Note: only one user can be logged in at a time. To change the logged in user, run the command again and overwrite the previous login.
-- `init` used to link your infisical.com project to your local project. Run this command ideally at the root of your local project. You will have to run this command for each new project you create locally.
-- `run` used to inject your secrets as environment variables into your application process. Example `infisical run --stage=prod -- npm run start`
-  - `---projectId` flag is used to link your local project to a Infisical.com project. Use this option only when you are injecting via Infisical Token instead of your login. 
-  - `---stage` flag is used to set the environment from which your secrets are pulled from. By default, secrets from your project are pulled from the `dev`. To change to for example prod, add `--stage=prod`
-
-### Global flags 
-These are flags you can add to any command 
-
-- `--domain` you may change this if you are self hosting Infisical. By default, the CLI points to Infisical.com backend. To point to your own backend, make sure to set this flag for each command you run. Example `infisical login --domain=https://mybackend.com`
-- `--debug` use this flag when you want to see more logs related to the error you are receiving. By default debug logs are hidden. Example `infisical run --debug <your command>`

docs/Heroku.mdx

@@ -1,24 +0,0 @@
----
-title: "Heroku"
-description: "With this integration, you can automatically sync your secrets to Heroku as soon as you update secrets in Infisical."
----
-
-## Instructions
-
-### Step 1: Open the integrations csonsole
-
-Open the Infisical Dashboard. Choose the project in which you want to set up the intergation. Go to the integrations tab in the left sidebar.
-
-### Step 2: Authenticate with Heroku
-
-Click on Heroku in the list of available integrations. Log in if asked by Heroku and provide the necessary permissions to Infisical. You will afterwards be redirected back to the integrations page.
-
-Note: during an integration with Heroku, for security reasons, it is impossible to maintain end-to-end encryption. In theory, this lets Infisical decrypt yor environment variables. In practice, we can assure you that this will never be done, and it allows us to protect your secrets from bad actors online. The core Infisical service will always stay end-to-end encrypted. With any questions, reach out support@infisical.com.
-
-### Step 3: Start integration
-
-Once the integration is set up, choose a Heroku App that you want to sync the secrets to, and the Infisical project environment that you would to sync the secrets from. Click on the "Start Integration" button.
-
-### Step 4: You're good to go!
-
-The integration should now show status 'In Sync'. Every time you edit the secrets, they will be automatically pushed to Heroku. If you want to update anything in your integration, you will have to delete the current one and create a new one.

docs/cli/commands/commands.mdx

@@ -0,0 +1,20 @@
+---
+title: "Commands"
+---
+
+## Commands
+
+| Command | Description                                                          |
+| ------- | -------------------------------------------------------------------- |
+| `login` | Used to authenticate and set the logged in user.                     |
+| `init`  | Used to link a local project to the platform.                        |
+| `run`   | Used to inject envars from the platform into an application process. |
+
+## Global options
+
+| Option            | Description                                     |
+| ----------------- | ----------------------------------------------- |
+| `--help`, `-h`    | List help for any command                       |
+| `--debug`, `-d`   | Enable verbose logging                          |
+| `--domain`        | Use to direct Infisical to a self-hosted domain |
+| `--version`, `-v` | Print version information and quit              |

docs/cli/commands/export.mdx

@@ -0,0 +1,33 @@
+---
+title: "infisical export"
+---
+
+```bash
+infisical export [options]
+```
+
+## Description
+
+Export environment variables from the platform into a file format.
+
+## Options
+
+| Option        | Description                                                                                                                                  | Default value |
+| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod`                                  | `dev`         |
+| `--projectId` | Only required if injecting via the [service token method](../token). If you are not using service token, the project id will be automatically retrieved from the `.infisical.json` located at the root of your local project.  | `None`        |
+| `--expand`    | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)                                                                         | `true`        |
+| `--format`    | Format of the output file. Accepted values: `dotenv`, `csv` and `json`                                                                       | `dotenv`      |
+
+## Examples
+
+```bash
+# Export variables to a .env file
+infisical export > .env
+
+# Export variables to a CSV file
+infisical export --format=csv > secrets.csv
+
+# Export variables to a JSON file
+infisical export --format=json > secrets.json
+```

docs/cli/commands/init.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical init"
+---
+
+```bash
+infisical init
+```
+
+## Description
+
+Link a local project to the platform
+
+The command creates a `infisical.json` file containing your Project ID.

docs/cli/commands/login.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical login"
+---
+
+```bash
+infisical login
+```
+
+## Description
+
+Verify a user and save credentials to the system keyring.
+
+To change the logged in user, run the command again to overwrite the previous login.

docs/cli/commands/run.mdx

@@ -0,0 +1,19 @@
+---
+title: "infisical run"
+---
+
+```bash
+infisical run [options] -- [your application start command]
+```
+
+## Description
+
+Inject environment variables from the platform into an application process.
+
+## Options
+
+| Option         | Description                                                                                                 | Default value |
+| -------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`        | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId`  | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`     | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)      | `true`        |

docs/cli/overview.mdx

@@ -0,0 +1,103 @@
+---
+title: "Install"
+---
+
+Prerequisite: Set up an account with [Infisical Cloud](https://app.infisical.com) or via a [self-hosted installation](/self-hosting/overview).
+
+The Infisical CLI provides a way to inject environment variables from the platform into your apps and infrastructure.
+
+## Installation
+
+<Tabs>
+   <Tab title="MacOS">
+  	Use [brew](https://brew.sh/) package manager
+
+    	```bash
+    	# install
+    	brew install infisical/get-cli/infisical
+
+    	# check version
+    	infisical --version
+    	```
+
+    	## Updates
+
+    	```bash
+    	brew upgrade infisical
+    	```
+
+   </Tab>
+   <Tab title="Windows">
+      Use [Scoop](https://scoop.sh/) package manager
+
+    		```bash
+    		# install
+    		scoop bucket add org https://github.com/Infisical/scoop-infisical.git
+    		scoop install infisical
+
+    		# check version
+    		infisical --version
+    		```
+
+    		## Updates
+
+    		```bash
+    		scoop update infisical
+    		```
+
+   </Tab>
+	 <Tab title="Alpine">
+	 Install prerequisite
+		```bash
+		$ sudo apk add --no-cache bash sudo
+		```
+
+    	Add Infisical repository
+    	```bash
+    	$ curl -1sLf \
+    		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' \
+    		| sudo -E bash
+    	```
+
+    	Then install CLI
+    	```bash
+    	$ sudo apk update && sudo apk add infisical
+    	```
+
+   </Tab>
+	 <Tab title="RedHat/CentOs/Amazon">
+	 Add Infisical repository
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ sudo yum install infisical
+    	```
+
+   </Tab>
+	 <Tab title="Debian/Ubuntu">
+	 	Add Infisical repository 
+			
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ sudo apt-get update && sudo apt-get install -y infisical
+    	```
+
+   </Tab>
+</Tabs>
+
+## Log in to the Infisical CLI
+
+```bash
+infisical login
+```

docs/cli/token.mdx

@@ -0,0 +1,21 @@
+---
+title: "Infisical Token"
+---
+
+Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).
+
+It's possible to use the CLI to sync environment varialbes without manually entering login credentials by using a service token in the prerequisite link above.
+
+## Feeding Infisical Token to the CLI
+
+The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which you can set depending on where you run the CLI. If `INFISICAL_TOKEN` is detected by the CLI, it will authenticate and retrieve the environment variables which the token is authorized for.
+
+A common use-case is to use the Infisical Token to fetch environment variables with Docker. More specifically, a token can be passed to a container as an environment variable for the CLI to authenticate and pull its corresponding secrets. Check out the integration guides for that:
+
+- [Docker](../../integrations/platforms/docker)
+- [Docker Compose](../../integrations/platforms/docker-compose)
+
+<Info>
+  Once the token is expired, the CLI using it will no longer be able to make
+  requests with it.
+</Info>

docs/cli/usage.mdx

@@ -0,0 +1,46 @@
+---
+title: "Usage"
+---
+
+Prerequisite: [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your project
+
+```bash
+# move to your project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Inject environment variables
+
+```bash
+# inject environment variables into app
+infisical run -- [your application start command]
+```
+
+Options you can specify:
+
+| Option        | Description                                                                                                 | Default value |
+| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`    | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)                                        | `true`        |
+
+## Examples:
+
+```bash
+# example with node
+infisical run -- node index.js
+
+# example with node (nodemon)
+infisical run -- nodemon index.js
+
+# example with node (nodemon) pulling in secrets from test environment
+infisical run --env=test -- nodemon index.js
+
+# example with flask
+infisical run -- flask run
+```

docs/contributing/FAQ.mdx

@@ -0,0 +1,16 @@
+---
+title: "Frequently Asked Questions"
+description: "Have any questions? [Join our Slack community](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g)."
+---
+
+## Problem with SMTP
+
+You can normally populate `SMTP_USERNAME` and `SMTP_PASSWORD` with your usual login and password (you could also create a 'burner' email). Sometimes, there still are problems. 
+
+You can go to your Gmail account settings > security and enable “less secure apps”. This would allow Infisical to use your Gmail to send emails.
+
+If it still doesn't work, [this](https://stackoverflow.com/questions/72547853/unable-to-send-email-in-c-sharp-less-secure-app-access-not-longer-available/72553362#72553362) should help.
+
+## `MONGO_URL` issues
+
+Your `MONGO_URL` should be something like `mongodb://root:example@mongo:27017/?authSource=admin`. If you want to change it (not recommended), you should make sure that you keep this URL in line with `MONGO_USERNAME=root` and `MONGO_PASSWORD=example`.

docs/contributing/developing.mdx

@@ -16,7 +16,7 @@ cd infisical
 
 ## Set up environment variables
 
-Tweak the `.env` according to your preferences. Refer to the available [environment variables](envars).
+Tweak the `.env` according to your preferences. Refer to the available [environment variables](/self-hosting/configuration/envars).
 
 ```bash
 cp .env.example .env
@@ -26,20 +26,21 @@ cp .env.example .env
 
 ```bash
 # build and start the services
-docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+docker-compose -f docker-compose.dev.yml up --build
 ```
 
-Then browse http://localhost:3000
+Then browse http://localhost:8080
 
 ```bash
 # To stop environment use Control+C (on Mac) CTRL+C (on Win) or
-docker-compose down
+docker-compose -f docker-compose.dev.yml down
 # start services
-docker-compose up
+docker-compose -f docker-compose.dev.yml up
 ```
 
-The docker-compose environment consists of:
+The docker-compose development environment consists of:
 
+- nginx
 - frontend
 - backend
 - mongo

docs/envars.mdx

@@ -1,35 +0,0 @@
----
-title: "Environment Variables"
-description: ""
----
-
-## The .env file
-
-Configuring Infisical requires setting some environment variables. There is a file called `.env.example` at the root directory of our main repo that you can use to create a `.env` before you start the server.
-
-| Variable                          | Description                                                                                                 | Default Value    |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------- |
-| `PRIVATE_KEY`                     | ❗️ NaCl-generated server secret key                                                                        | `None`           |
-| `PUBLIC_KEY`                      | ❗️ NaCl-generated server public key                                                                        | `None`           |
-| `ENCRYPTION_KEY`                  | ❗️ Strong hex encryption key                                                                               | `None`           |
-| `JWT_SIGNUP_SECRET`               | ❗️JWT token secret                                                                                         | `None`           |
-| `JWT_REFRESH_SECRET`              | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_AUTH_SECRET`                 | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SECRET_SECRET`               | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SIGNUP_LIFETIME`             | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `15m`            |
-| `JWT_REFRESH_LIFETIME`            | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `90d`            |
-| `JWT_AUTH_LIFETIME`               | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `10d`            |
-| `EMAIL_TOKEN_LIFETIME`            | Email OTP/magic-link lifetime expressed in seconds                                                          | `86400`          |
-| `MONGO_URL`                       | ❗️ MongoDB instance connection string either to container instance or MongoDB Cloud                        | `None`           |
-| `MONGO_USERNAME`                  | MongoDB container username                                                                                  | `None`           |
-| `MONGO_PASSWORD`                  | MongoDB container password                                                                                  | `None`           |
-| `ME_CONFIG_MONGODB_ADMINUSERNAME` | Same as `MONGO_USERNAME` for mongo-express in development                                                   | `None`           |
-| `ME_CONFIG_MONGODB_ADMINPASSWORD` | Same as `MONGO_PASSWORD` for mongo-express in development                                                   | `None`           |
-| `NEXT_PUBLIC_WEBSITE_URL`         | ❗️ Site URL - should be an absolute URL including the protocol (e.g. `https://infisical.com`)              | `None`           |
-| `SMT_HOST`                        | Whether the user joined the community                                                                       | `smtp.gmail.com` |
-| `SMTP_NAME`                       | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_USERNAME`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_PASSWORD`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `OAUTH_CLIENT_SECRET_HEROKU`      | OAuth client secret for Heroku integration                                                                  | `None`           |
-| `OAUTH_TOKEN_URL_HEROKU`          | OAuth token URL for Heroku integration                                                                      | `None`           |
-| `SENTRY_DSN`                      | DSN for error-monitoring with Sentry                                                                        | `None`           |

docs/getting-started/dashboard/create-account.mdx

@@ -0,0 +1,15 @@
+---
+title: "Sign up"
+---
+
+## Self-hosted
+
+If you're using a self-hosted installation, follow the [setup](/self-hosting/overview) then open your site URL `{SITE_URL}`.
+
+## Infisical Cloud
+
+Open [infisical.com](https://infisical.com/) and click on either "Try Infisical for free" or "Start for free" to complete the signup sequence.
+
+Once you've done that, you'll be taken to the dashboard where we've populated some default environment variables for demonstration.
+
+![dashboard](../../images/dashboard.png)

docs/getting-started/dashboard/integrations.mdx

@@ -0,0 +1,14 @@
+---
+title: "Integrations"
+---
+
+Integrations allow environment variables to be synced across your entire infrastructure from local development to CI/CD and production.
+
+We're still early with integrations, but expect more soon. 
+
+<Card title="View integrations documentation" icon="link" href="/integrations/overview">
+  View all available integrations and their guide
+</Card>
+
+![integrations](../../images/project-integrations.png)
+

docs/getting-started/dashboard/organization.mdx

@@ -0,0 +1,32 @@
+---
+title: "Organization"
+---
+
+An organization houses projects and members.
+
+By default, Infisical creates an organization under your name. You can manage your organization in your organization settings.
+
+![organization name modal open](../../images/dashboard-name-modal-organization.png)
+![organization name modal open](../../images/organization.png)
+
+## Members
+
+Members of an organization can create and add other members to projects within that organization.
+
+To add a member to your organization, scroll down to the "Organization Members" section and invite the member via email. They'll receive an email to confirm their organization invitation. If the member is an existing user on the platform, they will be automatically added to the organization.
+
+![organization members](../../images/organization-members.png)
+
+<Note>
+  Note that access to projects must be provisioned to new members after they've
+  accepted their organization invitation, and they will not be added to any
+  projects by default.
+</Note>
+
+## Incident contacts
+
+Incident contacts of an organization are alerted if anything abnormal is detected within the operations of an organization.
+
+To add an incident contact to your organization, scroll down to the "Incident Contacts" section and add their email.
+
+![organization incident contacts](../../images/organization-ic.png)

docs/getting-started/dashboard/project.mdx

@@ -0,0 +1,60 @@
+---
+title: "Project"
+---
+
+A project houses environment variables for an application.
+
+## Dashboard
+
+The dashboard page is where you can manage environment variables for a given project.
+
+![project dashboard](../../images/dashboard.png)
+
+### Environment variables
+
+Environment variables can be added or removed from a project. By default, they are pre-populated in your first project for demonstration. For any subsequent project, it can be convenient to import existing environment variables by dragging and dropping a .env file containing them.
+
+Here's what dragging and dropping a .env looks like:
+
+![project drag and drop](../../images/project-drag-drop.png)
+
+### Environments
+
+In most cases, environment variables belong to specific environments: development, staging, testing, and production. You can input environment variables for each environment that your project uses.
+
+![project environment](../../images/project-environment.png)
+
+### Personal/Shared scoping
+
+Every environment variable is classified as either personal or shared.
+
+- A personal environment variable is one created by a user of a project to be available for that user only.
+- A shared environment variable is one created by a user of a project to be available for other users of the project.
+
+You can toggle the classification of an environment variable by pressing on its settings:
+
+![project variable toggle open](../../images/project-envar-toggle-open.png)
+
+### Search
+
+You can search for any environment variable by its key.
+
+![project search](../../images/project-search.png)
+
+### Sort
+
+You can sort environment variables alphabetically by their keys.
+
+![project sort](../../images/project-sort.png)
+
+### Hide/Un-hide
+
+You can hide or un-hide the values of your environment variables. By default, the values are hidden for your privacy.
+
+![project hide](../../images/project-hide.png)
+
+### Download as .env
+
+You can download your environment variables back in a .env file.
+
+![project download](../../images/project-download.png)

docs/getting-started/dashboard/token.mdx

@@ -0,0 +1,19 @@
+---
+title: "Infisical Token"
+---
+
+An Infisical Token is needed to authenticate the CLI when there isn't an easy way to input your login credentials.
+
+It's useful for your CI/CD environments and integrations such as [Docker](/integrations/platforms/docker) and [Docker Compose](/integrations/platforms/docker-compose).
+
+To generate the the token, head over to your project settings as shown below.
+
+
+![token add](../../images/project-token-add.png)
+
+<Note>
+  The token grants read-only access to a particular environment and project for
+  a specified amount of time. Once the token is expired, the CLI using it will no longer be able to make
+  requests with it.
+</Note>
+

docs/getting-started/features.mdx

@@ -0,0 +1,43 @@
+---
+title: "Features"
+---
+
+This is a non-exhaustive list of features that Infisical offers:
+
+## Web UI
+
+The Web UI is used to manage teams and environment variables.
+
+- Provision access to organizations and projects.
+- Add/delete/update, scope, search, sort, hide-unhide environment variables.
+- Separate environment variables by environment.
+- Import environment variables via drag-and-drop, export them as a .env file.
+
+## CLI
+
+The CLI is used to inject environment variables into applications and infrastructure.
+
+- Inject environment variables.
+- Inject environment variables into containers via service tokens for Docker.
+
+## Roadmap
+
+We're building the future of secret management, one that's comprehensive and accessible to all. Some high-level features we have in mind:
+
+| Feature                               | Status      |
+| ------------------------------------- | ----------- |
+| Integrations                          | Ongoing     |
+| More hosting options                  | Ongoing     |
+| 1-Click Deploys                       | Ongoing     |
+| Account recovery: Backup key          | Ongoing     |
+| Account recovery: Member-assisted     | Coming soon |
+| Slack & MS teams integrations         | Coming soon |
+| Access logs                           | Coming soon |
+| Version control for secrets           | Coming soon |
+| 2FA                                   | Coming soon |
+| Restricted IPs                        | Coming soon |
+| Read/write access controls            | Coming soon |
+| Secret rotation                       | Coming soon |
+| Comparing secrets across environments | Coming soon |
+
+Interested in contributing? Check out the [guide](/contributing/overview).

docs/getting-started/introduction.mdx

@@ -0,0 +1,37 @@
+---
+title: "Introduction"
+---
+
+Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secret manager that enables teams to easily manage and sync their environment variables.
+
+Start syncing environment variables with [Infisical Cloud](https://app.infisical.com) or learn how to [host Infisical](/self-hosting/overview) yourself.
+
+<CardGroup cols={2}>
+  <Card
+    title="Quickstart"
+    href="/getting-started/quickstart"
+    icon="timer"
+    color="#ea5a0c"
+  >
+    Tour Infisical in a few minutes.
+  </Card>
+  <Card href="/cli/overview" title="CLI" icon="square-terminal" color="#16a34a">
+    Install the CLI to inject secrets into apps and infra.
+  </Card>
+  <Card
+    href="/self-hosting/overview"
+    title="Self-hosting"
+    icon="server"
+    color="#0285c7"
+  >
+    Learn how to configure and deploy Infisical.
+  </Card>
+  <Card
+    href="/integrations/overview"
+    title="Integrations"
+    icon="plug"
+    color="#dc2626"
+  >
+    Explore integrations for Docker, AWS, Heroku, etc.
+  </Card>
+</CardGroup>

docs/getting-started/quickstart.mdx

@@ -0,0 +1,43 @@
+---
+title: "Quickstart"
+---
+
+This example demonstrates how to store and inject environment variables from [Infisical Cloud](https://app.infisical.com) into your application.
+
+Note that the Infisical CLI is platform-agnostic and can inject environment variables across many tech stacks and frameworks.
+
+## Set up Infisical Cloud
+
+1. Login or create an accout at `app.infisical.com`.
+2. Create a new project.
+3. Populate your environment variables as in the image below.
+
+![project quickstart](../images/project-quickstart.png)
+
+## Set up the CLI
+
+1. Follow the instructions to [install the CLI](/cli/overview).
+
+2. Initialize Infisical for your project.
+
+```bash
+# move to your project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Start your app with environment variables injected
+
+```bash
+# inject environment variables into app
+infisical run -- [your application start command]
+```
+
+<Info>
+  Check out our [integrations](/integrations/overview) for injecting environment
+  variables into frameworks and platforms like Docker.
+</Info>
+
+Your app should be running with the environment variables injected.

docs/gettingStarted.mdx

@@ -1,34 +0,0 @@
----
-title: "Getting Started"
-description: "Infisical is a simple, end-to-end encrypted (E2EE) secrets manager that enables teams to sync and manage their application environment variables."
----
-
-## Introduction
-
-Infisical works by injecting environment variables into your application process. Because of this, Infisical works for all programing languages and platforms.
-
-Infisical is powered by public-key cryptography to ensure that you are the only person who can access your secrets. Read more about our security [here](https://dub.sh/XocpMvT)
-<Card
-  title="Security Brief"
-  icon="shield-halved"
-  iconType="duotone"
-  href="https://dub.sh/XocpMvT"
->
-  Learn more about our system + security here.
-</Card>
-
-
-### Step 1: Make an account
-
-Head to [https://infisical.com](https://infisical.com/) to make an account and create a project. Once you've made an account, you'll be prompted to a dashboard with some placeholder environment variables. Go ahead and replace the placeholder environment variables with your environment variables from your .env file.
-
-### Step 2 (Optional): Invite your dev team
-
-Navigate to the “Team” tab in the left sidebar and invite your teammates to the project by submitting their emails. They'll each receive an email invitation to join the project and get access to the environment variables. A few things to note about invitations due to how our public-key cryptography works:
-
-- If a teammate is already registered with Infisical, then they'll receive access to the environment variables immediately.
-- If a teammate is unregistered with Infisical, then they'll have to request access to the environment variables once they've registered.
-
-### Step 3: Install the CLI
-The Infisical CLI will allow you to inject secrets into any environment. This includes both your local and production environments. 
-