ignore .infisical.json

increase version and fix infisical token name
Merge branch 'main' of https://github.com/Infisical/infisical into main
2025-03-22 21:10:32 +00:00 · 2022-11-20 22:51:57 -05:00 · 2022-11-20 22:50:40 -05:00 · 2022-11-20 18:47:36 -05:00 · 2022-11-20 18:47:21 -05:00 · 2022-11-20 12:54:03 -05:00
82 changed files with 1016 additions and 550 deletions
--- a/.env.example
+++ b/.env.example
@ -28,8 +28,8 @@ EMAIL_TOKEN_LIFETIME=
 MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin

 # Optional credentials for MongoDB container instance
-MONGO_USERNAME=root
-MONGO_PASSWORD=example
+MONGO_INITDB_ROOT_USERNAME=root
+MONGO_INITDB_ROOT_PASSWORD=example

 # Mongo-Express vars (needed for development only)
 ME_CONFIG_MONGODB_ADMINUSERNAME=root
--- a/.github/workflows/release_build.yml
+++ b/.github/workflows/release_build.yml
@ -35,7 +35,7 @@ jobs:
      - uses: actions/setup-python@v4
      - run: pip install --upgrade cloudsmith-cli
      - name: Publish to CloudSmith 
-        run: sh upload_to_cloudsmith.sh
+        run: sh cli/upload_to_cloudsmith.sh
        env:
          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
      
--- a/.gitignore
+++ b/.gitignore
@ -49,3 +49,6 @@ yarn-error.log*
 .env.production.local
 .vercel
 .env.infisical
+
+# Infisical init
+.infisical.json
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,5 +1,7 @@
 # Contributing to Infisical

-Thanks for taking the time to contribute!
+Thanks for taking the time to contribute! 😃 🚀

-Please refer to our Contributing Guide for instructions on how to contribute.
+Please refer to our [Contributing Guide](https://infisical.com/docs/contributing) for instructions on how to contribute.
+
+We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀
--- a/25
+++ b/25
@ -0,0 +1,25 @@
+Copyright (c) 2022 Infisical Inc.
+
+Portions of this software are licensed as follows:
+
+- All content that resides under any "ee/" directory of this repository, if such directories exists, are licensed under the license defined in "ee/LICENSE".
+- All third party components incorporated into the Infisical Software are licensed under the original license provided by the owner of the applicable component.
+- Content outside of the above mentioned directories or restrictions above is available under the "MIT Expat" license as defined below.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
--- a/8
+++ b/8
@ -1,14 +1,14 @@
 build:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml build
+	docker-compose -f docker-compose.yml build

 push:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml push
+	docker-compose -f docker-compose.yml push

 up-dev:
-	docker-compose -f docker-compose.yml -f docker-compose.dev.yml up --build
+	docker-compose -f docker-compose.dev.yml up

 up-prod:
-	docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+	docker-compose -f docker-compose.yml up

 down:
 	docker-compose down
--- a/README.md
+++ b/README.md
@ -3,12 +3,12 @@
  <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
-  <p align="center">Open-source, end-to-end encrypted, 1-line-of-code tool to sync environment variables across you team and infrastructure.</p>
+  <p align="center">Open-source, E2EE, simple tool to manage and sync environment variables across your team and infrastructure.</p>
 </p>

 <h4 align="center">
-  <a href="https://infisical.com/signup">Get Started - we host (Infisical Cloud)</a> |
-  <a href="https://infisical.com/docs/self_host_overview">Get Started - you host</a> |
+  <a href="https://infisical.com/signup">Infisical Cloud</a> |
+  <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
  <a href="https://infisical.com/docs/gettingStarted">Docs</a> |
  <a href="https://www.infisical.com">Website</a>
 </h4>
@ -27,36 +27,38 @@

 <img src="/img/infisical_github_repo.png" width="100%" alt="Dashboard" />

-**[Infisical](https://infisical.com)** is an open source tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and end-to-end encrypted. You can start with just 1 line of code within 10 minutes.
+**[Infisical](https://infisical.com)** is an open source, E2EE tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and take minutes to get going.

- **User-Friendly Dashboard** to manage your organization's environment variables within projects
- **[Language-Agnostic CLI](https://infisical.com/docs/CLI)**  that pulls and injects environment variables into your local workflow
+- **User-Friendly Dashboard** to manage your team's environment variables within projects
+- **[Language-Agnostic CLI](https://infisical.com/docs/CLI)** that pulls and injects environment variables into your local workflow
 - **[Complete control over your data](https://infisical.com/docs/self_host_overview)** - host it yourself on any infrastructure
 - **Navigate Multiple Environments** per project (e.g. development, staging, production, etc.)
 - **Personal/Shared** scoping for environment variables
 - **[Integrations](https://infisical.com/docs/Heroku)** with CI/CD and production infrastructure (Heroku available, more coming soon)
- **[1-Click Deploy](https://infisical.com/docs/linux)** to Digital Ocean (other providers coming soon)
- 🔜 **Authentication/Authorization** for projects (read/write controls coming soon)
- 🔜 **Automatic Secret Rotation** (coming soon)
- 🔜 **2FA** (coming soon)
- 🔜 **Access Logs** (coming soon)
- 🔜 **Slack Integration & MS Teams** integrations (coming soon)
+- 🔜 **1-Click Deploy** to Digital Ocean and Heroku
+- 🔜 **Authentication/Authorization** for projects (read/write controls soon)
+- 🔜 **Automatic Secret Rotation**
+- 🔜 **2FA**
+- 🔜 **Access Logs**
+- 🔜 **Slack Integration & MS Teams** integrations

 And more.

 ## What's cool about this?

-Infisical is the first open-source end-to-end encrypted secret manager that takes less than 10 minutes to setup. 
+Infisical is simple, E2EE, and (soon to be) complete.

-Yes. There are other secret managers out there. Some of them are incredibly complicated - they were built for security teams, not developers. The other ones are not end-to-end encrypted, and because of that they can read your secrets. If you care about efficiency and security at the same time - Infisical is right for you. 
+We're on a mission to make secret management more accessible to everyone — that means building for developers, not just security teams.

-On top of that, Infisical is one of the few open source solutions. Need any integrations or want a new feature? You can [create an issue for us](https://github.com/Infisical/infisical/issues) or contribute directly! This is the power of open-source. :)
+If you care about efficiency and security, then Infisical is right for you.
+
+Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing) directly to the repository.

 ## Contributing

 For full documentation, visit [infisical.com/docs](https://infisical.com/docs).

-Whether it's big or small, we ❤️ contributions. Check out our guide to see how to [get started](./DEVELOPERS.md).
+Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](./DEVELOPERS.md).

 Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!

@ -88,7 +90,6 @@ We're currently setting the foundation and building integrations so secrets can
 - [ ] GitLab
 - [ ] CircleCI

-
 We're currently in Public Alpha.

 ## Open-source vs. paid
@ -99,7 +100,6 @@ This repo is entirely MIT licensed, with the exception of the `ee` directory whi

 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.

-
 ## Contributors 🦸

 [//]: contributor-faces
@ -107,4 +107,5 @@ Looking to report a security vulnerability? Please don't post about it in GitHub
 <!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
- <a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/vlad-matsiiako"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> 
+
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/vlad-matsiiako"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a>
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@ -38,6 +38,7 @@ import {
 } from './routes';

 const connectWithRetry = () => {
+	console.log('MONGO_URL', MONGO_URL);
 	mongoose.connect(MONGO_URL)
 	.then(() => console.log('Successfully connected to DB'))
 	.catch((e) => {
--- a/cli/README.md
+++ b/cli/README.md
@ -1,102 +0,0 @@
-## Install
-#### Windows 
-Use [Scoop](https://scoop.sh/) package manager
-
-```
-$ scoop bucket add org https://github.com/Infisical/scoop-infisical.git
-$ scoop install infisical
-$ infisical --version
-```
-
-To update:
-
-```
-$ scoop update infisical
-```
-
-#### Mac OS 
-Use [brew](https://brew.sh/) package manager
-
-```
-$ brew install infisical/get-cli/infisical  
-$ infisical --version
-```
-
-To update:
-
-```
-$ brew upgrade infisical
-```
-
-#### Linux
-##### Debian/Ubuntu (package manager: apt) 
-
-```
-Add Infisical apt repo 
-$ echo "deb [trusted=yes] https://apt.fury.io/infisical/ /" | tee -a /etc/apt/sources.list.d/infisical.list
-
-Add prerequisites
-$ apt update && apt -y install ca-certificates sudo 
-
-Install infisical cli
-$ sudo apt update && apt install infisical
-
-To make sure the CLI has been installed, you may run this command.
-$ infisical --version 
-```
-
-We do not yet have repositores setup for APK, YUM and APT package managers. However, we have several binaries which can be downloaded manually for your Linux. Please vist the [release age](https://github.com/Infisical/infisical/releases) 
-
-#### Install via bash and curl
-This script will attempt to download the correct version of Infisical CLI and add it to your path. No package manager needed.
-
-```
-curl https://raw.githubusercontent.com/Infisical/infisical/main/scripts/install.sh | sh
-```
-
-## Local Usage
-Once you have the CLI installed, using it is easy. 
-
-#### Steps 1
-Create a project at https://infisical.com/ if you haven't already add your secrets to it. 
-
-#### Step 2
-Login to the CLI by running the following command in your terminal 
-
-```
-infisical login 
-```
-
-#### Step 3
-After logging in, `CD` to the root of the project where you would like to inject your secrets into. Once you are in the root, run the following command in the terminal to link your Infisical project to your local project.
-
-```
-infisical init 
-```
-
-#### Step 3
-To inject the secrets from the project you have selected into your application process, run the following command.
-
-```
-infisical run -- <your application start command>
-```
-
-Example:
-
-```
-infisical run -- npm run dev 
-```
-
-## General production Usage
-Once you have the binary installed in your production environment, injecting secrets is easy. 
-
-#### Steps 1
-Get a Infisical Token for your project by visiting BLANK. Also note down the project ID for which you created the token for. 
-
-#### Steps 2
-Ensure your application has the environment variable `INFISICAL_TOKEN` asigned to the token you received in step one. Then run 
-
-```
-infisical run --projectId=<projectID> -- <your application start command>
-```
-
--- a/cli/go.mod
+++ b/cli/go.mod
@ -4,14 +4,14 @@ go 1.19

 require (
 	github.com/spf13/cobra v1.6.1
-	golang.org/x/crypto v0.2.0
+	golang.org/x/crypto v0.3.0
 )

 require (
 	github.com/alessio/shellescape v1.4.1 // indirect
-	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e // indirect
-	github.com/danieljoos/wincred v1.1.0 // indirect
-	github.com/godbus/dbus/v5 v5.0.6 // indirect
+	github.com/chzyer/readline v1.5.1 // indirect
+	github.com/danieljoos/wincred v1.1.2 // indirect
+	github.com/godbus/dbus/v5 v5.1.0 // indirect
 	golang.org/x/net v0.2.0 // indirect
 	golang.org/x/sys v0.2.0 // indirect
 )
--- a/cli/go.sum
+++ b/cli/go.sum
@ -1,21 +1,26 @@
 github.com/alessio/shellescape v1.4.1 h1:V7yhSDDn8LP4lc4jS8pFkt0zCnzVJlG5JXy9BVKJUX0=
 github.com/alessio/shellescape v1.4.1/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30=
-github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
+github.com/chzyer/logex v1.2.1 h1:XHDu3E6q+gdHgsdTPH6ImJMIp436vR6MPtH8gP05QzM=
+github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
+github.com/chzyer/readline v1.5.1 h1:upd/6fQk4src78LMRzh5vItIt361/o4uq553V8B5sGI=
+github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/chzyer/test v1.0.0 h1:p3BQDXSxOhOG0P9z6/hGnII4LGiEPOYBhs8asl/fC04=
+github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8=
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
-github.com/danieljoos/wincred v1.1.0 h1:3RNcEpBg4IhIChZdFRSdlQt1QjCp1sMAPIrOnm7Yf8g=
 github.com/danieljoos/wincred v1.1.0/go.mod h1:XYlo+eRTsVA9aHGp7NGjFkPla4m+DCL7hqDjlFjiygg=
+github.com/danieljoos/wincred v1.1.2 h1:QLdCxFs1/Yl4zduvBdcHB8goaYk9RARS2SgLLRuAyr0=
+github.com/danieljoos/wincred v1.1.2/go.mod h1:GijpziifJoIBfYh+S7BbkdUTU4LfM+QnGqR5Vl2tAx0=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
 github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
-github.com/godbus/dbus/v5 v5.0.6 h1:mkgN1ofwASrYnJ5W6U/BxG15eXXXjirgZc7CLqkcaro=
 github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
+github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk=
+github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
 github.com/inconshreveable/mousetrap v1.0.1 h1:U3uMjPSQEBMNp1lFxmllqCPM6P5u/Xq7Pgzkat/bFNc=
 github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/manifoldco/promptui v0.9.0 h1:3V4HzJk1TtXW1MTZMP7mdlwbBpIinw3HztaIlYthEiA=
@ -36,14 +41,16 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/zalando/go-keyring v0.2.1 h1:MBRN/Z8H4U5wEKXiD67YbDAr5cj/DOStmSga70/2qKc=
 github.com/zalando/go-keyring v0.2.1/go.mod h1:g63M2PPn0w5vjmEbwAX3ib5I+41zdm4esSETOn9Y6Dw=
-golang.org/x/crypto v0.2.0 h1:BRXPfhNivWL5Yq0BGQ39a2sW6t44aODpfxkWjYdzewE=
-golang.org/x/crypto v0.2.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.3.0 h1:a06MkbcxBrEFc0w0QIZWXrH/9cCX6KJyWbBOIwAn+7A=
+golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
 golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.2.0 h1:sZfSu1wtKLGlWI4ZZayP0ck9Y73K1ynO6gqzTdBVdPU=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210819135213-f52c844e1c1c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.2.0 h1:ljd4t30dBnAvMZaQCevtY0xLLD0A+bRZXbgLMLU1F/A=
 golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
--- a/cli/packages/cmd/login.go
+++ b/cli/packages/cmd/login.go
@ -28,8 +28,9 @@ var loginCmd = &cobra.Command{
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
 		hasUserLoggedInbefore, currentLoggedInUserEmail, err := util.IsUserLoggedIn()
+
 		if err != nil {
-			log.Debugln(err)
+			log.Debugln("Unable to get current logged in user.", err)
 		}

 		if hasUserLoggedInbefore {
@ -45,12 +46,6 @@ var loginCmd = &cobra.Command{
 			}
 		}

-		if err != nil {
-			log.Errorln("Unable to get current logged in user.")
-			log.Debugln(err)
-			return
-		}
-
 		email, password, err := askForLoginCredentials()
 		if err != nil {
 			log.Errorln("Unable to parse email and password for authentication")
@ -160,6 +155,7 @@ func askForLoginCredentials() (email string, password string, err error) {
 }

 func getFreshUserCredentials(email string, password string) (*models.LoginTwoResponse, error) {
+	log.Debugln("getFreshUserCredentials:", "email", email, "password", password)
 	httpClient := resty.New()
 	httpClient.SetRetryCount(5)

@ -180,7 +176,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(loginOneRequest).
 		SetResult(&loginOneResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login1"))
+		Post(fmt.Sprintf("%v/v1/auth/login1", util.INFISICAL_URL))

 	if err != nil {
 		return nil, err
@ -216,7 +212,7 @@ func getFreshUserCredentials(email string, password string) (*models.LoginTwoRes
 		R().
 		SetBody(LoginTwoRequest).
 		SetResult(&loginTwoResponseResult).
-		Post(fmt.Sprintf("%v/%v", util.INFISICAL_URL, "login2"))
+		Post(fmt.Sprintf("%v/v1/auth/login2", util.INFISICAL_URL))

 	if err != nil {
 		return nil, err
--- a/cli/packages/cmd/root.go
+++ b/cli/packages/cmd/root.go
@ -15,7 +15,7 @@ var rootCmd = &cobra.Command{
 	Short:             "Infisical CLI is used to inject environment variables into any process",
 	Long:              `Infisical is a simple, end-to-end encrypted service that enables teams to sync and manage their environment variables across their development life cycle.`,
 	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-	Version:           "1.0.0",
+	Version:           "1.0.1",
 }

 // Execute adds all child commands to the root command and sets flags appropriately.
@ -30,5 +30,5 @@ func Execute() {
 func init() {
 	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
 	rootCmd.PersistentFlags().BoolVarP(&debugLogging, "debug", "d", false, "Enable verbose logging")
-	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://api.infisical.com", "Point the CLI to your own backend")
+	rootCmd.PersistentFlags().StringVar(&util.INFISICAL_URL, "domain", "https://app.infisical.com/api", "Point the CLI to your own backend")
 }
--- a/cli/packages/cmd/run.go
+++ b/cli/packages/cmd/run.go
@ -22,13 +22,13 @@ var runCmd = &cobra.Command{
 	Use:                   "run [any infisical run command flags] -- [your application start command]",
 	Short:                 "Used to inject environments variables into your application process",
 	DisableFlagsInUseLine: true,
-	Example:               "infisical run --stage=prod -- npm run dev",
+	Example:               "infisical run --env=prod -- npm run dev",
 	Args:                  cobra.MinimumNArgs(1),
 	PreRun:                toggleDebug,
 	Run: func(cmd *cobra.Command, args []string) {
-		stageName, err := cmd.Flags().GetString("stage")
+		envName, err := cmd.Flags().GetString("env")
 		if err != nil {
-			log.Errorln("Unable to parse the stage flag")
+			log.Errorln("Unable to parse the environment flag")
 			log.Debugln(err)
 			return
 		}
@ -41,7 +41,7 @@ var runCmd = &cobra.Command{
 		}

 		var envsFromApi []models.SingleEnvironmentVariable
-		infisicalToken := os.Getenv(util.INFISICAL_SERVICE_TOKEN)
+		infisicalToken := os.Getenv(util.INFISICAL_TOKEN_NAME)
 		if infisicalToken == "" {
 			hasUserLoggedInbefore, loggedInUserEmail, err := util.IsUserLoggedIn()
 			if err != nil {
@ -67,14 +67,14 @@ var runCmd = &cobra.Command{
 				return
 			}

-			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(stageName, userCreds)
+			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(envName, userCreds)
 			if err != nil {
 				log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
 				log.Debugln(err)
 				return
 			}
 		} else {
-			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, stageName, projectId)
+			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, envName, projectId)
 			if err != nil {
 				log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
 				log.Debugln(err)
@ -88,12 +88,13 @@ var runCmd = &cobra.Command{

 func init() {
 	rootCmd.AddCommand(runCmd)
-	runCmd.Flags().StringP("stage", "s", "dev", "Set the stage (dev, prod, etc.) from which your secrets should be pulled from")
+	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
 }

 // Credit: inspired by AWS Valut
 func execCmd(command string, args []string, envs []models.SingleEnvironmentVariable) error {
+	log.Infof("\x1b[%dm%s\x1b[0m", 32, "\u2713 Injected Infisical secrets into your application process successfully")
 	log.Debugln("Secrets to inject:", envs)
 	log.Debugf("executing command: %s %s \n", command, strings.Join(args, " "))
 	cmd := exec.Command(command, args...)
--- a/cli/packages/util/common.go
+++ b/cli/packages/util/common.go
@ -9,10 +9,10 @@ const (
 	CONFIG_FILE_NAME                     = "infisical-config.json"
 	CONFIG_FOLDER_NAME                   = ".infisical"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
-	INFISICAL_SERVICE_TOKEN              = "INFISICAL_SERVICE_TOKEN"
+	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
 )

-var INFISICAL_URL = "https://api.infisical.com"
+var INFISICAL_URL = "https://app.infisical.com/api"

 func GetHomeDir() (string, error) {
 	directory, err := os.UserHomeDir()
--- a/cli/packages/util/credentials.go
+++ b/cli/packages/util/credentials.go
@ -81,7 +81,7 @@ func IsUserLoggedIn() (hasUserLoggedIn bool, theUsersEmail string, err error) {

 		response, err := httpClient.
 			R().
-			Post(fmt.Sprintf("%v/%v", INFISICAL_URL, "checkAuth"))
+			Post(fmt.Sprintf("%v/v1/auth/checkAuth", INFISICAL_URL))

 		if err != nil {
 			return false, "", err
--- a/cli/packages/util/secrets.go
+++ b/cli/packages/util/secrets.go
@ -12,8 +12,8 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )

-func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
-	log.Debugln("stageName", stageName, "userCreds", userCreds)
+func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
+	log.Debugln("envName", envName, "userCreds", userCreds)
 	// check if user has configured a workspace
 	workspace, err := GetWorkSpaceFromFile()
 	if err != nil {
@ -28,10 +28,12 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 	var pullSecretsRequestResponse models.PullSecretsResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsRequestResponse).
-		Get(fmt.Sprintf("%v/%v/%v", INFISICAL_URL, "secret", workspace.WorkspaceId)) // need to change workspace id
+		Get(fmt.Sprintf("%v/v1/secret/%v", INFISICAL_URL, workspace.WorkspaceId)) // need to change workspace id
+
+	log.Debugln("Response from get secrets:", response)

 	if err != nil {
 		return nil, err
@ -97,9 +99,9 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(stageName string, userCreds model
 	return listOfEnv, nil
 }

-func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
-	if infisicalToken == "" || projectId == "" || stageName == "" {
-		return nil, errors.New("infisical token, project id and or stage name cannot be empty")
+func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
+	if infisicalToken == "" || projectId == "" || envName == "" {
+		return nil, errors.New("infisical token, project id and or environment name cannot be empty")
 	}
 	splitToken := strings.Split(infisicalToken, ",")
 	JTWToken := splitToken[0]
@ -113,10 +115,10 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, stageName strin
 	var pullSecretsByInfisicalTokenResponse models.PullSecretsByInfisicalTokenResponse
 	response, err := httpClient.
 		R().
-		SetQueryParam("environment", stageName).
+		SetQueryParam("environment", envName).
 		SetQueryParam("channel", "cli").
 		SetResult(&pullSecretsByInfisicalTokenResponse).
-		Get(fmt.Sprintf("%v/secret/%v/service-token", INFISICAL_URL, projectId))
+		Get(fmt.Sprintf("%v/v1/secret/%v/service-token", INFISICAL_URL, projectId))

 	if err != nil {
 		return nil, err
@ -191,7 +193,7 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 	response, err := httpClient.
 		R().
 		SetResult(&getWorkSpacesResponse).
-		Get(fmt.Sprintf("%v/%v", INFISICAL_URL, "workspace"))
+		Get(fmt.Sprintf("%v/v1/workspace", INFISICAL_URL))

 	if err != nil {
 		return nil, err
--- a/cli/upload_to_cloudsmith.sh
+++ b/cli/upload_to_cloudsmith.sh
@ -1,3 +1,4 @@
+cd dist
 for i in *.apk; do
    [ -f "$i" ] || break
    cloudsmith push alpine infisical/infisical-cli/alpine/any-version $i
@ -5,7 +6,7 @@ done

 for i in *.deb; do
    [ -f "$i" ] || break
-    cloudsmith push deb --no-republish infisical/infisical-cli/debian/any-version $i
+    cloudsmith push deb --no-republish infisical/infisical-cli/any-distro/any-version $i
 done

 for i in *.rpm; do
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -1,8 +1,21 @@
 version: '3'

 services:
+  nginx:
+    container_name: infisical-dev-nginx
+    image: nginx
+    ports:
+      - 8080:80
+    volumes:
+      - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - frontend
+      - backend
+    networks:
+      - infisical-dev
+
  backend:
-    container_name: infisical-backend
+    container_name: infisical-dev-backend
    restart: unless-stopped
    depends_on:
      - mongo
@ -17,10 +30,10 @@ services:
    command: npm run dev
    env_file: .env
    networks:
-      - infisical
+      - infisical-dev
  
  frontend:
-    container_name: infisical-frontend
+    container_name: infisical-dev-frontend
    restart: unless-stopped
    depends_on:
      - backend
@ -35,32 +48,31 @@ services:
      - ./frontend/components:/app/components
    env_file: .env
    networks:
-      - infisical
+      - infisical-dev

  mongo:
-    container_name: infisical-mongo
    image: mongo
+    container_name: infisical-dev-mongo
    restart: always
-    env_file:
-      - .env
+    env_file: .env
    volumes:
      - mongo-data:/data/db
    networks:
-      - infisical
+      - infisical-dev

  mongo-express:
-    container_name: infisical-mongo-express
+    container_name: infisical-dev-mongo-express
    image: mongo-express
    restart: always
-    depends_on:
-      - mongo
+    env_file: .env
    ports:
      - 8081:8081
-    env_file:
-      - .env
    networks:
-      - infisical
+      - infisical-dev

 volumes:
  mongo-data:
-    driver: local
+    driver: local
+
+networks:
+  infisical-dev:
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -1,57 +0,0 @@
-version: '3'
-
-services:
-  backend:
-    platform: linux/amd64
-    container_name: infisical-backend
-    restart: unless-stopped
-    depends_on:
-      - mongo
-    build:
-      context: ./backend
-      dockerfile: Dockerfile
-    image: infisical/backend
-    volumes:
-      - ./backend/src:/app/src
-      - ./backend/nodemon.json:/app/nodemon.json
-      - /app/node_modules
-    command: npm run start
-    env_file: .env
-    networks:
-      - infisical
-  
-  frontend:
-    platform: linux/amd64
-    container_name: infisical-frontend
-    restart: unless-stopped
-    depends_on:
-      - backend
-    build:
-      context: ./frontend
-      dockerfile: Dockerfile.prod
-    image: infisical/frontend
-    volumes:
-      - ./frontend/pages:/app/pages
-      - ./frontend/public:/app/public
-      - ./frontend/styles:/app/styles
-      - ./frontend/components:/app/components
-      - ./frontend/next.config.js:/app/next.config.js
-    env_file: .env
-    networks:
-      - infisical
-
-  mongo:
-    container_name: infisical-mongo
-    image: mongo
-    restart: always
-    environment:
-      MONGO_INITDB_ROOT_USERNAME: root
-      MONGO_INITDB_ROOT_PASSWORD: example
-    volumes:
-      - mongo-data:/data/db
-    networks:
-      - infisical
-
-volumes:
-  mongo-data:
-    driver: local
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -5,13 +5,66 @@ services:
    container_name: infisical-nginx
    image: nginx
    ports:
-      - "8080:80"
+      - 80:80
+      - 443:443
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
-    networks:
-      - infisical
    depends_on:
      - frontend
+      - backend
+    networks:
+      - infisical
+  
+  backend:
+    platform: linux/amd64
+    container_name: infisical-backend
+    restart: unless-stopped
+    depends_on:
+      - mongo
+    image: infisical/backend
+    volumes:
+      - ./backend/src:/app/src
+      - ./backend/nodemon.json:/app/nodemon.json
+      - /app/node_modules
+    command: npm run start
+    env_file: .env
+    networks:
+      - infisical
+  
+  frontend:
+    platform: linux/amd64
+    container_name: infisical-frontend
+    restart: unless-stopped
+    depends_on:
+      - backend
+    image: infisical/frontend
+    volumes:
+      - ./frontend/pages:/app/pages
+      - ./frontend/public:/app/public
+      - ./frontend/styles:/app/styles
+      - ./frontend/components:/app/components
+      - ./frontend/next.config.js:/app/next.config.js
+    env_file: .env
+    networks:
+      - infisical
+
+  mongo:
+    container_name: infisical-mongo
+    image: mongo
+    restart: always
+    volumes:
+      - mongo-data:/data/db
+    networks:
+      - infisical
+  
+  watchtower:
+    image: containrrr/watchtower
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+
+volumes:
+  mongo-data:
+    driver: local

 networks:
  infisical:
--- a/docs/CLI.mdx
+++ b/docs/CLI.mdx
@ -1,31 +0,0 @@
---
-title: "Infisical CLI"
-description: "Learn about each supported command and its flags"
---
-
-## Background
-
-Infisical ships with multiple commands to assist with ongoing project needs; we list these commands and give context for them below.
-
-<Card title="Install the CLI" icon="lightbulb" href="/installCLI">
-  If you haven't already, install the Infisical CLI
-</Card>
-
-Note on arguments:
-
- [environment]: the intended environment for the given command being one of dev, staging, or prod.
- [projectId]: the project identifier found on the dashboard.
-
-## Commands
-
- `login` used to set the logged in user. Your credentials are saved securely in your system key ring. Note: only one user can be logged in at a time. To change the logged in user, run the command again and overwrite the previous login.
- `init` used to link your infisical.com project to your local project. Run this command ideally at the root of your local project. You will have to run this command for each new project you create locally.
- `run` used to inject your secrets as environment variables into your application process. Example `infisical run --stage=prod -- npm run start`
-  - `---projectId` flag is used to link your local project to a Infisical.com project. Use this option only when you are injecting via Infisical Token instead of your login. 
-  - `---stage` flag is used to set the environment from which your secrets are pulled from. By default, secrets from your project are pulled from the `dev`. To change to for example prod, add `--stage=prod`
-
-### Global flags 
-These are flags you can add to any command 
-
- `--domain` you may change this if you are self hosting Infisical. By default, the CLI points to Infisical.com backend. To point to your own backend, make sure to set this flag for each command you run. Example `infisical login --domain=https://mybackend.com`
- `--debug` use this flag when you want to see more logs related to the error you are receiving. By default debug logs are hidden. Example `infisical run --debug <your command>`
--- a/docs/contributing/architecture.mdx
+++ b/docs/contributing/architecture.mdx
@ -0,0 +1,27 @@
+---
+title: "Architecture"
+---
+
+Infisical is an open-source collection of services for simple secret management built on top of Typescript, Javascript (ongoing conversion to TS), and Go. It's all dockerized and can be spun up with Docker Compose.
+
+![architecture](../images/architecture-diagram2.png)
+
+## NGINX
+
+NGINX is a reverse-proxy and load balancer that sits in front of Infisical. It forwards requests to the frontend and backend services.
+
+## Frontend
+
+The frontend service renders the Web UI using Next.js.
+
+## Backend
+
+The backend service provides the back-of-house logic for secret management.
+
+## Database
+
+The (MongoDB) database stores all data and (encrypted) secrets.
+
+## CLI
+
+The platform-agnostic CLI allows you to inject environment variables from Infisical into apps and infrastructure.
--- a/docs/contributing/code-of-conduct.mdx
+++ b/docs/contributing/code-of-conduct.mdx
--- a/docs/contributing/developing.mdx
+++ b/docs/contributing/developing.mdx
@ -26,19 +26,19 @@ cp .env.example .env

 ```bash
 # build and start the services
-docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build
+docker-compose -f docker-compose.dev.yml up --build
 ```

-Then browse http://localhost:3000
+Then browse http://localhost:8080

 ```bash
 # To stop environment use Control+C (on Mac) CTRL+C (on Win) or
-docker-compose down
+docker-compose -f docker-compose.dev.yml down
 # start services
-docker-compose up
+docker-compose -f docker-compose.dev.yml up
 ```

-The docker-compose environment consists of:
+The docker-compose development environment consists of:

 - frontend
 - backend
--- a/docs/contributing/overview.mdx
+++ b/docs/contributing/overview.mdx
--- a/docs/getting-started/cli/cli-guide.mdx
+++ b/docs/getting-started/cli/cli-guide.mdx
@ -0,0 +1,56 @@
+---
+title: "Usage"
+---
+
+Prerequisite: [Install the CLI](../../getting-started/cli/installation)
+
+## Login
+
+Login in using the `login` command in your terminal. Logging in is a one-time, post-installation action that authenticates you with the platform — to change users, you can run the command again.
+
+```bash
+infisical login
+```
+
+## Initialization
+
+In the root of your local project, initialize Infisical and follow steps to connect your project to the platform.
+
+```bash
+cd /path/to/project
+
+# initialization
+infisical init
+```
+
+## Injecting environment variables
+
+To inject environment variables from the platform to your project, use the `run` command.
+
+```bash
+# command
+infisical run -- [your application start command]
+```
+
+Options you can specify:
+
+| Option        | Description                                                                                                 | Default value |
+| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+
+Examples:
+
+```bash
+# example with node
+infisical run -- node index.js
+
+# example with node (nodemon)
+infisical run -- nodemon index.js
+
+# example with node (nodemon) pulling in secrets from test environment
+infisical run --env=test -- nodemon index.js
+
+# example with flask
+infisical run -- flask run
+```
--- a/docs/getting-started/cli/installation.mdx
+++ b/docs/getting-started/cli/installation.mdx
@ -0,0 +1,95 @@
+---
+title: "Installation"
+---
+
+Prerequisite: [Setup an account](../../getting-started/dashboard/create-account) with Infisical Cloud or via self-hosted installation.
+
+Follow the guide for your OS below to install the CLI.
+
+<Tabs>
+   <Tab title="MacOS">
+  	Use [brew](https://brew.sh/) package manager
+
+    	```bash
+    	# install
+    	brew install infisical/get-cli/infisical
+
+    	# check version
+    	infisical --version
+    	```
+
+    	To update:
+
+    	```bash
+    	brew upgrade infisical
+    	```
+
+   </Tab>
+   <Tab title="Windows">
+      Use [Scoop](https://scoop.sh/) package manager
+
+    		```bash
+    		# install
+    		scoop bucket add org https://github.com/Infisical/scoop-infisical.git
+    		scoop install infisical
+
+    		# check version
+    		infisical --version
+    		```
+
+    		To update:
+
+    		```bash
+    		scoop update infisical
+    		```
+
+   </Tab>
+	 <Tab title="Alpine">
+	 Install prerequisite
+		```bash
+		$ sudo apk add --no-cache bash sudo
+		```
+
+    	Add Infisical repository
+    	```bash
+    	$ curl -1sLf \
+    		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' \
+    		| sudo -E bash
+    	```
+
+    	Then install CLI
+    	```bash
+    	$ apk update && apk add infisical
+    	```
+
+   </Tab>
+	 <Tab title="RedHat/CentOs/Amazon">
+	 Add Infisical repository
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ yum install infisical
+    	```
+
+   </Tab>
+	 <Tab title="Debian/Ubuntu">
+	 	Add Infisical repository 
+			
+		```bash
+		$ curl -1sLf \
+		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
+		| sudo -E bash
+		```
+
+    	Then install CLI
+    	```bash
+    	$ apt-get update && apt-get install -y infisical
+    	```
+
+   </Tab>
+</Tabs>
--- a/docs/getting-started/cli/reference.mdx
+++ b/docs/getting-started/cli/reference.mdx
@ -0,0 +1,55 @@
+---
+title: "Reference"
+---
+
+## Commands
+
+| Command | Description                                                          | Options                |
+| ------- | -------------------------------------------------------------------- | ---------------------- |
+| `login` | Used to authenticate and set the logged in user.                     |
+| `init`  | Used to link a local project to the platform.                        |
+| `run`   | Used to inject envars from the platform into an application process. | `--projectId`, `--env` |
+
+## Global options
+
+| Option            | Description                        |
+| ----------------- | ---------------------------------- |
+| `--help`, `-h`    | List help for any command          |
+| `--debug`, `-d`   | Enable verbose logging             |
+| `--domain`        | Use to direct Infisical to         |
+| `--version`, `-v` | Print version information and quit |
+
+### Login
+
+Used to authenticate and set the logged in user.
+
+Post-authentication credentials are saved securely in your system keyring. Since only one user can be logged in at a time, to change the logged in user, run the command again to overwrite the previous login.
+
+```bash
+infisical login
+```
+
+### Init
+
+Used to link a local project to the platform (cloud or self-hosted)
+
+Run this command at the root of your local project. You will have to run this command for each new project you create locally.
+
+```bash
+infisical init
+```
+
+### Run
+
+Used to inject environment variables from the platform into an application process.
+
+```bash
+infisical run [options] -- [your application start command]
+```
+
+Options you can specify:
+
+| Option        | Description                                                                                                 | Default value |
+| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
--- a/docs/getting-started/cli/token.mdx
+++ b/docs/getting-started/cli/token.mdx
@ -0,0 +1,21 @@
+---
+title: "Infisical Token"
+---
+
+Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).
+
+It's possible to use the CLI to sync environment varialbes without manually entering login credentials by using a service token in the prerequisite link above.
+
+## Feeding Infisical Token to the CLI
+
+The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which you can set depending on where you run the CLI. If `INFISICAL_TOKEN` is detected by the CLI, it will authenticate and retrieve the environment variables which the token is authorized for.
+
+A common use-case is to use the Infisical Token to fetch environment variables with Docker. More specifically, a token can be passed to a container as an environment variable for the CLI to authenticate and pull its corresponding secrets. Check out the integration guides for that:
+
+- [Docker](../../integrations/docker)
+- [Docker Compose](../../integrations/docker-compose)
+
+<Info>
+  Once the token is expired, the CLI using it will no longer be able to make
+  requests with it.
+</Info>
--- a/docs/getting-started/dashboard/create-account.mdx
+++ b/docs/getting-started/dashboard/create-account.mdx
@ -0,0 +1,32 @@
+---
+title: "Sign up"
+---
+
+## Self-hosted
+
+If you're using a self-hosted installation, follow the [setup](/self-hosting/overview) then open your website URL `{WEBSITE_URL}/login`.
+
+## Infisical Cloud
+
+**Step 1:** Open [infisical.com](https://infisical.com/) and click on either "Try Infisical for free" or "Start for free" to head to the signup sequence.
+
+![title](../../images/landing-page.png)
+
+**Step 2:** Fill out the signup sequence.
+
+![signup start](../../images/signup-box.png)
+![signup one-time password](../../images/signup-otp.png)
+![signup complete account](../../images/signup-complete-account.png)
+
+You'll be prompted to fill out some required fields to set up your account.
+
+| Field      | Description                 |
+| ---------- | --------------------------- |
+| Email      | Enter a valid email address |
+| First name | Your first name             |
+| Last name  | Your last name              |
+| Password   | Password                    |
+
+Once you've done that, you'll be taken to the dashboard where we've populated some default environment variables for demonstration.
+
+![dashboard](../../images/dashboard.png)
--- a/docs/getting-started/dashboard/integrations.mdx
+++ b/docs/getting-started/dashboard/integrations.mdx
@ -0,0 +1,13 @@
+---
+title: "Integrations"
+---
+
+We’re still early with integrations but you’ll be able to sync environment variables across your entire infrastructure from local development to CI/CD and production.
+
+![integrations](../../images/project-integrations.png)
+
+Check out integrations:
+
+- Heroku
+- Docker
+- Docker Compose
--- a/docs/getting-started/dashboard/organization.mdx
+++ b/docs/getting-started/dashboard/organization.mdx
@ -0,0 +1,33 @@
+---
+title: "Organization"
+---
+
+By default, Infisical creates an organization under your name such as "John's Organization." To make changes and add members to your organization, head to your organization settings.
+
+![organization name selected](../../images/dashboard-name-selected.png)
+
+![organization name modal open](../../images/dashboard-name-modal-organization.png)
+
+![organization page](../../images/organization.png)
+
+Feel free to change the name of your organization.
+
+## Members
+
+Members of an organization can create and add other members to projects within that organization.
+
+To add a member to your organization, scroll down to the "Organization Members" section and invite the member via email. They'll receive an email to confirm their organization invitation. If the member is an existing user on the platform, they will be automatically added to the organization.
+
+![organization members](../../images/organization-members.png)
+![organization members add](../../images/organization-members-add.png)
+
+Note that access to projects must be provisioned to new members after they've accepted their invitation, and they will not be added to any projects by default.
+
+## Incident contacts
+
+Incident contacts of an organization are alerted if anything abnormal is detected within the operations of an organization.
+
+To add an incident contact to your organization, scroll down to the "Incident Contacts" section and add their email.
+
+![organization incident contacts](../../images/organization-ic.png)
+![organization incident contacts add](../../images/organization-ic-add.png)
--- a/docs/getting-started/dashboard/project.mdx
+++ b/docs/getting-started/dashboard/project.mdx
@ -0,0 +1,68 @@
+---
+title: "Project"
+---
+
+A project houses environment variables for an application or service.
+
+## Dashboard
+
+The dashboard page is where you can manage environment variables for a given project.
+
+![project dashboard](../../images/dashboard.png)
+
+### Environment variables
+
+Environment variables can be added or removed from a project. By default, they are pre-populated in your first project for demonstration. For any subsequent project, it can be convenient to import existing environment variables by dragging and dropping a .env file containing them.
+
+Here's what dragging and dropping a .env looks like:
+
+![project drag and drop](../../images/project-drag-drop.png)
+
+### Environments
+
+In most cases, environment variables belong to specific environments: development, staging, testing, and production. You can input environment variables for each environment that your project uses.
+
+![project environment](../../images/project-environment.png)
+
+### Personal/Shared scoping
+
+Every environment variable is classified as either personal or shared.
+
+- A personal environment variable is one created by a user of a project to be available for that user only.
+- A shared environment variable is one created by a user of a project to be available for other users of the project.
+
+You can toggle the classification of an environment variable by pressing on its settings:
+
+![project variable toggle](../../images/project-envar-toggle.png)
+
+![project variable toggle open](../../images/project-envar-toggle-open.png)
+
+![project variable toggle moved](../../images/project-envar-toggle-moved.png)
+
+### Search
+
+You can search for any environment variable by its key.
+
+![project search](../../images/project-search.png)
+
+![project search typed](../../images/project-search-typed.png)
+
+### Sort
+
+You can sort environment variables alphabetically by their keys.
+
+![project sort](../../images/project-sort.png)
+
+### Hide/Un-hide
+
+You can hide or un-hide the values of your environment variables. By default, the values are hidden for your privacy.
+
+![project hide](../../images/project-hide.png)
+
+![project unhide](../../images/project-hide.png)
+
+### Download as .env
+
+You can download your environment variables back in a .env file.
+
+![project download](../../images/project-download.png)
--- a/docs/getting-started/dashboard/token.mdx
+++ b/docs/getting-started/dashboard/token.mdx
@ -0,0 +1,23 @@
+---
+title: "Infisical Token"
+---
+
+An Infisical Token is needed to authenticate the CLI when there isn't an easy way to manually type in your login credentials to sync environment variables to your applications.
+
+It grants read-only access to a particular environment and project for a specified amount of time; once the token expires, any CLI application that relies on it for authentication will be denied access to retrieve related secrets.
+
+This is useful in the following contexts:
+
+- [Docker](../../integrations/docker)/[Docker-Compose](../../integrations/docker-compose) integration: An Infisical Token can be passed to a Docker container as an environment variable for the CLI to authenticate and pull its corresponding secrets.
+
+## Generate an Infisical Token
+
+It's possible to generate an Infisical token in the settings of a project.
+
+![token add](../../images/project-token-add.png)
+
+![token name](../../images/project-token-name.png)
+
+![token added](../../images/project-token-added.png)
+
+To use the Infisical Token in the CLI, check out the docs for that [here](../../getting-started/cli/token).
--- a/docs/getting-started/features.mdx
+++ b/docs/getting-started/features.mdx
@ -0,0 +1,65 @@
+---
+title: "Features"
+---
+
+This is a non-exhaustive list of features that Infisical offers:
+
+## Web UI
+
+The Web UI is used to manage teams and environment variables.
+
+- Provision access to organizations and projects.
+- Add/delete/update, scope, search, sort, hide-unhide environment variables.
+- Separate environment variables by environment.
+- Import environment variables via drag-and-drop, export them as a .env file.
+
+## CLI
+
+The CLI is used to inject environment variables into applications and infrastructure.
+
+- Inject environment variables.
+- Inject environment variables into containers via service tokens for Docker.
+
+## Integrations
+
+We're still early with integrations but you'll be able to sync environment variables across your entire infrastructure from local development to CI/CD and production.
+
+| Integration    | Status      |
+| -------------- | ----------- |
+| Docker         | Available   |
+| Docker-Compose | Available   |
+| Kubernetes     | Coming soon |
+| Vercel         | Coming soon |
+| AWS            | Coming soon |
+| GCP            | Coming soon |
+| Azure          | Coming soon |
+| DigitalOcean   | Coming soon |
+| GitLab         | Coming soon |
+| CircleCI       | Coming soon |
+| TravisCI       | Coming soon |
+| GitHub Actions | Coming soon |
+| Jenkins        | Coming soon |
+
+Missing an integration? Throw in a request.
+
+## Roadmap
+
+We're building the future of secret management, one that's comprehensive and accessible to all. Some high-level features we have in mind:
+
+| Feature                               | Status           |
+| ------------------------------------- | ---------------- |
+| Integrations                          | Ongoing          |
+| More hosting options                  | Ongoing          |
+| 1-Click Deploys                       | Ongoing          |
+| Account recovery: Backup key          | Ongoing          |
+| Account recovery: Member-assisted     | Noet yet started |
+| Slack & MS teams integrations         | Not yet started  |
+| Access logs                           | Not yet started  |
+| Version control for secrets           | Not yet started  |
+| 2FA                                   | Not yet started  |
+| Restricted IPs                        | Not yet started  |
+| Read/write access controls            | Not yet started  |
+| Secret rotation                       | Not yet started  |
+| Comparing secrets across environments | Not yet started  |
+
+Interested in contributing? Check out the guide.
--- a/docs/getting-started/introduction.mdx
+++ b/docs/getting-started/introduction.mdx
@ -0,0 +1,21 @@
+---
+title: "Introduction"
+---
+
+<iframe
+  src="https://www.youtube.com/embed/0q_IroMV1ns"
+  width="100%"
+  height="400"
+></iframe>
+
+Infisical is an [open-source](https://opensource.com/resources/what-open-source), end-to-end encrypted (E2EE) secret manager that enables teams to easily manage and sync their environment variables.
+
+It stops [secret sprawl](https://www.gitguardian.com/glossary/secret-sprawl-definition) by providing a single source-of-truth for environment variables. It offers a dashboard for teams to manage environment variables and a platform-agnostic CLI to inject them into apps and infrastructure.
+
+Some problems we solve:
+
+- Leaking .env files to version control.
+- Debugging missing environment variables.
+- Sending environment variables over email.
+
+Infisical uses [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) to ensure that only designated team members can read their environment variables; unless intended for specific integrations, environment variables are always encrypted before being sent to the server.
--- a/docs/getting-started/security/data-model.mdx
+++ b/docs/getting-started/security/data-model.mdx
@ -0,0 +1,27 @@
+---
+title: "Data Model"
+---
+
+Infisical stores a range of data namely user, secrets, keys, organization, project, and membership data.
+
+## Users
+
+The `User` model includes the fields `email`, `firstName`, `lastName`, `publicKey`, `encryptedPrivateKey`, `iv`, `tag`, `salt`, `verifier`, and `refreshVersion`.
+
+Infisical makes a usability-security tradeoff to give users convenient access to public-private key pairs across different devices upon login, solving key-storage and transfer challenges across device and browser mediums, in exchange for it storing `encryptedPrivateKey`. In any case, private keys are symmetrically encrypted locally by user passwords which are not sent to the server — this is done with SRP.
+
+## Secrets
+
+The `Secret` model includes the fields `workspace`, `type`, `user`, `environment`, `secretKeyCiphertext`, `secretKeyIV`, `secretKeyTag`, `secretKeyHash`, `secretValueCiphertext`, `secretValueIV`, `secretValueTag`, and `secretValueHash`.
+
+Each secret is symmetrically encrypted by the key of the project that it belongs to; that key's encrypted copies are stored in a separate `Key` collection.
+
+## Keys
+
+The `Key` model includes the fields `encryptedKey`, `nonce`, `sender`, `receiver`, and `workspace`.
+
+Infisical stores copies of project keys, one for each member of a project, encrypted under each member's public key.
+
+## Organizations and Workspaces
+
+The `Organization`, `Workspace`, `MembershipOrg`, and `Membership` models contain enrollment information for organizations and projects; they are used to check if users are authorized to retrieve select secrets.
--- a/docs/getting-started/security/mechanics.mdx
+++ b/docs/getting-started/security/mechanics.mdx
@ -0,0 +1,24 @@
+---
+title: "Mechanics"
+---
+
+## Signup
+
+During account signup, a user confirms their email address via OTP, generates a public-private key pair to be stored locally (private keys are symmetrically encrypted by the user's newly-made password), and forwards SRP-related values and user identifier information to the server. This includes `email`, `firstName`, `lastName`, `publicKey`, `encryptedPrivateKey`, `iv`, `tag`, `salt`, `verifier`, and `organizationName`.
+
+Once authenticated via SRP, a user is issued a JWT and refresh token. The JWT token is stored in browser memory under a write-only class `SecurityClient` that appends the token to all future outbound requests requiring authentication. The refresh token is stored in an `HttpOnly` cookie and included in future requests to `/api/token` for JWT token renewal. This design side-steps potential XSS attacks on local storage.
+
+<Info>
+  Infisical authenticates users using the SRP protocol. With SRP, the server can
+  authenticate users without ever seeing their passwords.
+</Info>
+
+## Invitation
+
+After signing up, a user can invite other users to their organization to partake in projects — An invitation here consists of an email verification link sent to the invitee to confirm their identity if they've not previously signed up to Infisical. Both organization and project invites authorize invitees for resources but project invites differ in that they also involve sharing project keys by encrypting them under the invitees' public keys.
+
+## Pushing/Pulling Secrets
+
+To push secrets, a sender randomly-generates a symmetric encryption key, uses that key to encrypt their secret keys and values separately, asymmetrically encrypts the key with the receivers’ public keys, and uploads the encrypted secrets and keys to the server.
+
+To pull secrets, a receiver obtains encrypted secret keys and values and their encrypted copy of the project key to decrypt the secrets from the server — they asymmetrically decrypt the key using their private key and use the decrypted key to decrypt the secrets. This public-key mechanism prevents the server-side from reading any secrets.
--- a/docs/getting-started/security/overview.mdx
+++ b/docs/getting-started/security/overview.mdx
@ -0,0 +1,20 @@
+---
+title: "Overview"
+---
+
+## Summary
+
+Infisical uses end-to-end encryption (E2EE) whenever possible to securely store and share secrets. It uses secure remote password (SRP) to handle authentication and public-key cryptography for secret sharing and syncing; secrets are symmetrically encrypted at rest by keys decryptable only by members of the project.
+
+Infisical uses AES256-GCM for symmetric encryption and x2519-xsalsa20-poly1305 for asymmetric encryption operations mentioned in this brief; key generation and asymmetric algorithms are implemented with the [TweetNaCl.js](https://tweetnacl.js.org/#/) library which has been well-audited and recommended for use by cybersecurity firm Cure53. Lastly, the secure remote password (SRP) implementation uses [jsrp](https://github.com/alax/jsrp) package for user authentication. As part of our commitment to user privacy and security, we aim to conduct formal security and compliance audits in the following year.
+
+## Scope
+
+Infisical's security model spans sensitive data stored on the server-side and in transit between user devices; it makes no security guarantees for malicious events that can occur beyond its control such as user-device security exploits or key-logging arising from poor cybersecurity management on the users’ behalf.
+
+## Lingo
+
+In subsequent sections, we refer:
+
+- To users uploading their secrets to Infisical as “senders” and those receiving secrets as “receivers". For instance, if Bob and Alice are both enrolled in a project and Bob adds new secrets to the project to be pulled by Alice, then Bob is considered to be the sender and Alice the receiver.
+- To any activity involving uploading or modifying secrets to Infisical as "pushing" and fetching secrets from Infisical as "pulling."
--- a/docs/getting-started/security/statement.mdx
+++ b/docs/getting-started/security/statement.mdx
@ -0,0 +1,11 @@
+---
+title: "Statement"
+---
+
+As a secrets manager, we are deeply committed to enforcing the privacy and security of all users and data on the platform but acknowledge that it is virtually impossible to guarantee perfect security; unfortunately, even the most secure systems have vulnerabilities.
+
+As part of our commitment, we do our best to maintain platform privacy and security, notify users if anything goes wrong, and rectify adverse situations immediately if anything happens. As Infisical grows, we will be adding more opt-in security measures to ensure better data protection and maintain trust within the growing community. With that, let’s make the most simple and secure secrets management system out there!
+
+Best,
+
+Infisical Team
--- a/docs/gettingStarted.mdx
+++ b/docs/gettingStarted.mdx
@ -1,34 +0,0 @@
---
-title: "Getting Started"
-description: "Infisical is a simple, end-to-end encrypted (E2EE) secrets manager that enables teams to sync and manage their application environment variables."
---
-
-## Introduction
-
-Infisical works by injecting environment variables into your application process. Because of this, Infisical works for all programing languages and platforms.
-
-Infisical is powered by public-key cryptography to ensure that you are the only person who can access your secrets. Read more about our security [here](https://dub.sh/XocpMvT)
-<Card
-  title="Security Brief"
-  icon="shield-halved"
-  iconType="duotone"
-  href="https://dub.sh/XocpMvT"
->
-  Learn more about our system + security here.
-</Card>
-
-
-### Step 1: Make an account
-
-Head to [https://infisical.com](https://infisical.com/) to make an account and create a project. Once you've made an account, you'll be prompted to a dashboard with some placeholder environment variables. Go ahead and replace the placeholder environment variables with your environment variables from your .env file.
-
-### Step 2 (Optional): Invite your dev team
-
-Navigate to the “Team” tab in the left sidebar and invite your teammates to the project by submitting their emails. They'll each receive an email invitation to join the project and get access to the environment variables. A few things to note about invitations due to how our public-key cryptography works:
-
- If a teammate is already registered with Infisical, then they'll receive access to the environment variables immediately.
- If a teammate is unregistered with Infisical, then they'll have to request access to the environment variables once they've registered.
-
-### Step 3: Install the CLI
-The Infisical CLI will allow you to inject secrets into any environment. This includes both your local and production environments. 
- 
--- a/docs/images/architecture-diagram.png
+++ b/docs/images/architecture-diagram.png
--- a/docs/images/architecture-diagram2.png
+++ b/docs/images/architecture-diagram2.png
--- a/docs/images/dashboard-name-modal-organization.png
+++ b/docs/images/dashboard-name-modal-organization.png
--- a/docs/images/dashboard-name-selected.png
+++ b/docs/images/dashboard-name-selected.png
--- a/docs/images/dashboard.png
+++ b/docs/images/dashboard.png
--- a/docs/images/landing-page.png
+++ b/docs/images/landing-page.png
--- a/docs/images/organization-ic-add.png
+++ b/docs/images/organization-ic-add.png
--- a/docs/images/organization-ic.png
+++ b/docs/images/organization-ic.png
--- a/docs/images/organization-members-add.png
+++ b/docs/images/organization-members-add.png
--- a/docs/images/organization-members.png
+++ b/docs/images/organization-members.png
--- a/docs/images/organization.png
+++ b/docs/images/organization.png
--- a/docs/images/project-download.png
+++ b/docs/images/project-download.png
--- a/docs/images/project-drag-drop.png
+++ b/docs/images/project-drag-drop.png
--- a/docs/images/project-envar-toggle-moved.png
+++ b/docs/images/project-envar-toggle-moved.png
--- a/docs/images/project-envar-toggle-open.png
+++ b/docs/images/project-envar-toggle-open.png
--- a/docs/images/project-envar-toggle.png
+++ b/docs/images/project-envar-toggle.png
--- a/docs/images/project-environment.png
+++ b/docs/images/project-environment.png
--- a/docs/images/project-hide.png
+++ b/docs/images/project-hide.png
--- a/docs/images/project-integrations.png
+++ b/docs/images/project-integrations.png
--- a/docs/images/project-search-typed.png
+++ b/docs/images/project-search-typed.png
--- a/docs/images/project-search.png
+++ b/docs/images/project-search.png
--- a/docs/images/project-sort.png
+++ b/docs/images/project-sort.png
--- a/docs/images/project-token-add.png
+++ b/docs/images/project-token-add.png
--- a/docs/images/project-token-added.png
+++ b/docs/images/project-token-added.png
--- a/docs/images/project-token-name.png
+++ b/docs/images/project-token-name.png
--- a/docs/images/project-unhide.png
+++ b/docs/images/project-unhide.png
--- a/docs/images/signup-box.png
+++ b/docs/images/signup-box.png
--- a/docs/images/signup-complete-account.png
+++ b/docs/images/signup-complete-account.png
--- a/docs/images/signup-otp.png
+++ b/docs/images/signup-otp.png
--- a/docs/infisicalToken.mdx
+++ b/docs/infisicalToken.mdx
@ -1,68 +0,0 @@
---
-title: "Infisical Token"
-description: "Learn to authenticate via the CLI without in manually"
---
-
-## Background
-
-To authenticate the Infisical CLI in environments other than your local desktop environment, you will have to utilize the Infisical Token. 
-The Infisical Token is a quick and easy way to authenticate the CLI without having to type in your email and password. This is especially needed
-in production environments where you cannot type in your login details. 
-
-With the Infisical Token, you can allow read only access to a particular environment (dev, prod, etc.) for a given project for a set amount of time. Once the token expires, any CLI application 
-that relies on it for authentication will be denied access to retrieve the related secrets. 
-
-## Generate a Infisical Token
-To get started, navigate to your dashboard and select the project for which you would like to generate a Infisical Token for. 
-Then head over to project settings and you should see a similar page like below. 
-
-![title](./images/project_settings_page.png)
-
-To add a new Infisical Token, press the `add new token` button. This will bring up a page like below. 
-
-![title](./images/add_new_token.png)
-
-Enter a name to help you identify the token then choose the environment from which you would like the CLI to retrieve the secrets from. Lastly, choose a duration 
-for the token.
-
-<Info>
-Once the token is expired, the CLI using it will no longer be able to make requests with it. 
-</Info>
-
-
-## Use Infisical token with CLI
-Once you have generated a token, it is easy to tell the Infisical CLI to use it. 
-
-### Feeding the token to the CLI 
-The CLI looks out for an environment variable called `INFISICAL_TOKEN`. Setting this environment variable depends on where you run the CLI. 
-For example, if you are running the CLI in a Docker container, you may set the environment variable via the docker run command like so. 
-
-Docker run example:
-```
- docker run --env INFISICAL_TOKEN=<the token you generated>...
-```
-
-<Warning>
-In the event your token is exposed, visit the project settings page again and deactivate the token to expire it immediately. 
-</Warning>
-
-### Prepare `infisical run` command
-
-Once you have exposed the `INFISICAL_TOKEN` environment variable to the environment the CLI is running in you can prepare the run command.
-To have the CLI authenticate via the Infisical Token, you must provide values for flags `--stage` and `--projectId`
-
-Example:
-```
-infisical run --stage=prod --projectId=<the project id for the token you generated>
-```
-
-<Info>
-  Notice that we do not need to run any other command such as `infisical init` or `infisical login` when we use the Infisical Token.
-</Info>
-
-
-To learn more about the commands and it's flags [visit](/CLI)
-
-### Support
-
-Lastly, if you have any questions or inquiries, shoot an email over to [support@infisical.com](mailto:support@infisical.com) so we can assist you. Alternatively, feel free to post your question or DM us on Slack here; we'd be happy to connect with you.
--- a/docs/installCLI.mdx
+++ b/docs/installCLI.mdx
@ -1,124 +0,0 @@
---
-title: "Install CLI"
-description: "Install the official Infisical CLI for both your development and production environments"
---
-
-## Install
-
-Installing Infisical CLI is simple. Just follow the guide for your OS below.
-
-<Accordion title="Install on MacOS ">
-  Use [brew](https://brew.sh/) package manager
-
-	```
-	$ brew install infisical/get-cli/infisical  
-	$ infisical --version
-	```
-
-	To update:
-
-	```
-	$ brew upgrade infisical
-	```
-</Accordion>
-
-<Accordion title="Install on Windows ">
-	Use [Scoop](https://scoop.sh/) package manager
-
-	```
-	$ scoop bucket add org https://github.com/Infisical/scoop-infisical.git
-	$ scoop install infisical
-	$ infisical --version
-	```
-
-	To update:
-
-	```
-	$ scoop update infisical
-	```
-</Accordion>
-
-
-<Accordion title="Install on RedHat/CentOS">
-	```
-	$ curl https://raw.githubusercontent.com/Infisical/infisical/main/infisical-cli.repo | tee /etc/yum.repos.d/infisical-cli.repo 
-
-	$ yum update && sudo yum install infisical
-	```
-</Accordion>
-
-<Accordion title="Install on Alpine">
-	```
-	$ apk add --no-cache bash sudo curl
-	$ curl -1sLf \
-		'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' \
-		| sudo -E bash
-
-	$ sudo apk add infisical
-
-	$ infisical --help
-	```
-</Accordion>
-
-<Accordion title="Install on Debian/Ubuntu">
-	```
-	Add Infisical apt repo 
-	$ echo "deb [trusted=yes] https://apt.fury.io/infisical/ /" | tee -a /etc/apt/sources.list.d/infisical.list
-
-	Add prerequisites
-	$ apt update && apt -y curl ca-certificates sudo 
-
-	Install infisical cli
-	$ sudo apt update && apt install infisical
-
-	To make sure the CLI has been installed, you may run this command.
-	$ infisical --version 
-	```
-</Accordion>
-
-## Usage
-Once you have the CLI installed in your system, follow the guide to login and sync your first project.
-
-#### Login
-Login to the CLI by running the following command in your terminal
-
-```
-infisical login 
-```
-<Info>
-To authenticate without logging in manually, read about [Infisical Token](/infisicalToken)
-</Info>
-#### Link secrets to your project
-After logging in, `CD` into the root of your local project. Then run the following command in the terminal to link your Infisical project to your local project.
-
-```
-infisical init 
-```
-
-#### Inject 
-To inject the secrets from the Infisical project you have selected in step 2 into your application process, run the following command.
-
-```
-infisical run -- <your application start command>
-```
-
-Example:
-
-```
-infisical run -- npm run dev 
-```
-
-By default, Infisical injects secrets from your development environment. To modify from which environment your secrets are pulled from, use the --stage flag 
-
-Example:
-
-```
-infisical run --stage=prod -- npm run dev 
-```
-
-You're now automatically pulling and injecting secrets as environment variables into your application!
-
-### Support
-We're constantly improving Infisical, so we'd love to get your feedback and take feature requests.
-
-Lastly, if you have any questions or inquiries, shoot an email over to [support@infisical.com](mailto:support@infisical.com) so we can assist you. Alternatively, feel free to post your question or DM us on Slack here; we'd be happy to connect with you.
--- a/docs/integrations/docker-compose.mdx
+++ b/docs/integrations/docker-compose.mdx
@ -0,0 +1,57 @@
+---
+title: "Docker Compose"
+---
+
+### Step 1: Add CLI to your Dockerfile
+Follow steps 1 through 3 on our [guide to configure Infisical CLI](/docker) in your Dockerfile. 
+
+### Step 2: Generate Infisical Token
+In order for Infisical CLI to authenticate and retrieve your project's secrets without exposing your login credentials, you must generate a Infisical Token.
+To learn how, visit [Infisical Token](../getting-started/cli/infisical-token). Once you have generated the token, keep it handy. 
+
+<Info>
+If you have multiple services and they do not use the same secrets, you will have to generate a Infisical Token for each service.
+</Info>
+
+### Step 3: Tell Docker Compose your Infisical Token
+For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a useful shell variable name.
+This will ensure that you can set Infisical Tokens for multiple services. 
+
+
+```yaml
+# Example Docker Compose file
+services:
+  web:
+    build: .
+    image: auledge-frontend
+    container_name: auledge-frontend
+    environment:
+      - INFISICAL_TOKEN: ${INFISICAL_TOEKN_FOR_WEB}
+
+  api:
+    build: .
+    image: auledge-backend
+    container_name: auledge-backend
+    environment:
+      - INFISICAL_TOKEN: ${INFISICAL_TOEKN_FOR_API}
+
+```
+### 4: Set shell variables
+Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once donce, it will be used to populate the corresponding `INFISICAL_TOKEN`
+in your Docker Compose file. 
+
+``` bash
+#Example
+
+# Token refers to the token we generated in step 2 for this service
+INFISICAL_TOEKN_FOR_WEB=<token>
+
+# Token refers to the token we generated in step 2 for this service
+INFISICAL_TOEKN_FOR_API=<token>
+```
+
+Then run your compose file in the same terminal. 
+
+```bash 
+docker-compose
+```
--- a/docs/integrations/docker.mdx
+++ b/docs/integrations/docker.mdx
@ -0,0 +1,62 @@
+---
+title: "Docker"
+---
+
+Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).
+
+## Step 1: Add CLI to your Dockerfile
+
+<Tabs>
+	 <Tab title="Alpine">
+		```dockerfile
+    	RUN apk add --no-cache bash curl && curl -1sLf \
+      'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
+      && apk add infisical
+    	```
+
+   </Tab>
+	 <Tab title="RedHat/CentOs/Amazon-linux">
+		```dockerfile
+    RUN curl -1sLf \
+    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \ 
+    && yum install -y infisical
+		```
+   </Tab>
+	 <Tab title="Debian/Ubuntu">
+		```dockerfile
+    RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
+      'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
+      && apt-get update && apt-get install -y infisical
+		```
+   </Tab>
+</Tabs>
+
+## Step 2: Generate Infisical Token
+
+In order for the CLI to authenticate and retrieve your project's secrets without requiring your login credentials, you must [generate an Infisical Token](../../getting-started/dashboard/token); keep it handy.
+
+## Step 3: Set start command of your container
+
+```dockerfile
+CMD ["infisical", "--env=[your-project-env-name]", "projectId=[your-project-id]", "run", "---", "<your application start command>"]
+
+# example
+CMD ["infisical", "--env=prod", "projectId=62faf98ae0b05e83239b5da41", "run", "---", "npm run start"]
+```
+
+Required options:
+
+| Option        | Description                                                                                                 | Default value |
+| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId` | Used to link a local project to the platform                                                                | `None`        |
+
+## Step 4: Feed Docker your Infisical Token
+
+The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which you can set depending on where you run the CLI. If `INFISICAL_TOKEN` is detected by the CLI, it will authenticate and retrieve the environment variables which the token is authorized for.
+
+```bash
+ docker run --env INFISICAL_TOKEN=<the-token-you-got-from-step-2>...
+```
+
+Note: `INFISICAL_TOKEN` is the token you generated in step 2.
--- a/docs/integrations/heroku.mdx
+++ b/docs/integrations/heroku.mdx
--- a/docs/mint.json
+++ b/docs/mint.json
@ -15,6 +15,10 @@
    "ultraDark": "#8D9F4C",
    "background": {
      "dark": "#0D1117"
+    },
+    "anchors": {
+      "from": "#A1B659",
+      "to": "#F8B7BD"
    }
  },
  "topbarLinks": [{ "name": "Log In", "url": "https://infisical.com/login" }],
@ -23,11 +27,6 @@
    "url": "https://infisical.com/signup"
  },
  "anchors": [
-    {
-      "name": "Security",
-      "icon": "shield-halved",
-      "url": "https://infisical.com/security"
-    },
    {
      "name": "Blog",
      "icon": "newspaper",
@ -36,47 +35,71 @@
  ],
  "navigation": [
    {
-      "group": "Documentation",
+      "group": "Platform",
      "pages": [
-        "gettingStarted",
-        "installCLI",
-        "infisicalToken",
-        "CLI"
+        "getting-started/introduction",
+        "getting-started/features",
+        {
+          "group": "Security",
+          "pages": [
+            "getting-started/security/overview",
+            "getting-started/security/data-model",
+            "getting-started/security/mechanics",
+            "getting-started/security/statement"
+          ]
+        },
+        {
+          "group": "Web UI",
+          "pages": [
+            "getting-started/dashboard/create-account",
+            "getting-started/dashboard/organization",
+            "getting-started/dashboard/project",
+            "getting-started/dashboard/integrations",
+            "getting-started/dashboard/token"
+          ]
+        },
+        {
+          "group": "Command Line",
+          "pages": [
+            "getting-started/cli/installation", 
+            "getting-started/cli/cli-guide", 
+            "getting-started/cli/token",
+            "getting-started/cli/reference"
+          ]
+        }
      ]
    },
    {
      "group": "Integrations",
      "pages": [
-        "Heroku"
+        "integrations/heroku",
+        "integrations/docker",
+        "integrations/docker-compose"
      ]
    },
    {
      "group": "Self-hosting",
      "pages": [
-        "self_host_overview",
+        "self-hosting/overview",
        {
          "group": "Deployments",
-          "pages": ["linux"]
+          "pages": ["self-hosting/deployments/linux"]
        },
        {
-          "group": "Configure",
-          "pages": ["envars"]
+          "group": "Configuration",
+          "pages": ["self-hosting/configuration/envars"]
        }
      ]
    },
    {
      "group": "Contributing",
      "pages": [
-        "contributing",
-        "codeOfConduct",
-        "developing"
+        "contributing/overview",
+        "contributing/code-of-conduct",
+        "contributing/developing",
+        "contributing/architecture"
      ]
    }
  ],
-  "classes": {
-    "topbarCtaButton": "bg-[#BADC58] hover:opacity-80 text-black rounded-md px-7 py-2.5 font-semibold",
-    "anchors": "group-hover:bg-gradient-to-br from-sky-400 to-primary",
-    "activeAnchors": "bg-gradient-to-br"
-  },
-  "backgroundImage": "/docs/images/background.png"
+  "backgroundImage": "/images/background.png"
 }
--- a/docs/self-hosting/configuration/envars.mdx
+++ b/docs/self-hosting/configuration/envars.mdx
@ -15,16 +15,16 @@ Configuring Infisical requires setting some environment variables. There is a fi
 | `JWT_SIGNUP_SECRET`               | ❗️JWT token secret                                                                                         | `None`           |
 | `JWT_REFRESH_SECRET`              | ❗️ JWT token secret                                                                                        | `None`           |
 | `JWT_AUTH_SECRET`                 | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SECRET_SECRET`               | ❗️ JWT token secret                                                                                        | `None`           |
 | `JWT_SIGNUP_LIFETIME`             | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `15m`            |
 | `JWT_REFRESH_LIFETIME`            | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `90d`            |
 | `JWT_AUTH_LIFETIME`               | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `10d`            |
 | `EMAIL_TOKEN_LIFETIME`            | Email OTP/magic-link lifetime expressed in seconds                                                          | `86400`          |
 | `MONGO_URL`                       | ❗️ MongoDB instance connection string either to container instance or MongoDB Cloud                        | `None`           |
-| `MONGO_USERNAME`                  | MongoDB container username                                                                                  | `None`           |
-| `MONGO_PASSWORD`                  | MongoDB container password                                                                                  | `None`           |
+| `MONGO_INITDB_ROOT_USERNAME`      | MongoDB container username                                                                                  | `None`           |
+| `MONGO_INITDB_ROOT_PASSWORD`      | MongoDB container password                                                                                  | `None`           |
 | `ME_CONFIG_MONGODB_ADMINUSERNAME` | Same as `MONGO_USERNAME` for mongo-express in development                                                   | `None`           |
 | `ME_CONFIG_MONGODB_ADMINPASSWORD` | Same as `MONGO_PASSWORD` for mongo-express in development                                                   | `None`           |
+| `NODE_ENV`                        | ❗️ `production` or `development`                                                                           | `None`           |
 | `NEXT_PUBLIC_WEBSITE_URL`         | ❗️ Site URL - should be an absolute URL including the protocol (e.g. `https://infisical.com`)              | `None`           |
 | `SMT_HOST`                        | Whether the user joined the community                                                                       | `smtp.gmail.com` |
 | `SMTP_NAME`                       | ❗️ Whether the user joined the community                                                                   | `None`           |
--- a/docs/self-hosting/deployments/linux.mdx
+++ b/docs/self-hosting/deployments/linux.mdx
@ -27,18 +27,17 @@ apt install docker-compose

 ```bash
 # Download env file template
-wget -O .env https://raw.githubusercontent.com/Infisical/infisical-merge/main/.env.example
+wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.example

 # Download docker compose template
-wget -O docker-compose.yml https://raw.githubusercontent.com/Infisical/infisical-merge/main/docker-compose.yml
-wget -O docker-compose.yml https://raw.githubusercontent.com/Infisical/infisical-merge/main/docker-compose.prod.yml
+wget -O docker-compose.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.yml

 # Download nginx config
-mkdir nginx && cd nginx && wget -O https://raw.githubusercontent.com/Infisical/infisical-merge/main/nginx/default.conf
+mkdir nginx && cd nginx && wget -O default.conf https://raw.githubusercontent.com/Infisical/infisical/main/nginx/default.conf
 cd ..
 ```

-3. Tweak the `.env` according to your preferences. Refer to the available [environment variables](envars).
+3. Tweak the `.env` according to your preferences. Refer to the available [environment variables](../../self-hosting/configuration/envars)

 ```bash
 # update environment variables like mongo login
@ -49,7 +48,7 @@ nano .env

 ```bash
 # Start up services in detached mode
-docker-compose -f docker-compose.yaml -f docker-compose.prod.yml up -d
+docker-compose -f docker-compose.yml up -d
 ```

-5. Your Infisical installation is complete. Please note that the containers are not exposed to the internet and only bind to the localhost. It's up to you to set up a firewall and implement any additional security measures.
+5. Your Infisical installation is complete and should be running on ports 40 and 443. Please note that the containers are not exposed to the internet and only bind to the localhost. It's up to you to configure a firewall, SSL certificates, and implement any additional security measures.
--- a/docs/self-hosting/overview.mdx
+++ b/docs/self-hosting/overview.mdx
@ -1,6 +1,5 @@
 ---
 title: "Overview"
-description: "Options for hosting Infisical"
 ---

 <Info>
--- a/nginx/default.conf
+++ b/nginx/default.conf
@ -1,10 +1,25 @@
 server {
    listen 80;
+    listen [::]:80;
    
+    server_name api.infisical.com;
+    
+    return 302 https://$server_name$request_uri;
+}
+
+server {
+    listen 443 default_server ssl http2;
+    listen [::]:443 ssl http2;
+
+    server_name api.infiscal.com;
+
+    ssl_certificate /etc/ssl/cert.pem;
+    ssl_certificate_key /etc/ssl/cert.key;
+
    location /api {
        proxy_set_header X-Real-RIP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        
+
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

@ -13,16 +28,16 @@ server {

        proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
    }
-    
+
    location / {
        include /etc/nginx/mime.types;
-        
+
        proxy_set_header X-Real-RIP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        
+
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
-        
+
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

--- a/nginx/default.dev.conf
+++ b/nginx/default.dev.conf
@ -0,0 +1,32 @@
+server {
+    listen 80;
+    
+    location /api {
+        proxy_set_header X-Real-RIP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+
+        proxy_pass http://backend:4000;
+        proxy_redirect off;
+
+        proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+    }
+    
+    location / {
+        include /etc/nginx/mime.types;
+        
+        proxy_set_header X-Real-RIP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+        
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_pass http://frontend:3000;
+        proxy_redirect off;
+    }
+}
Author	SHA1	Message	Date
Maidul Islam	11b7309301	ignore .infisical.json	2022-11-20 22:51:57 -05:00
Maidul Islam	16061a0b8d	increase version and fix infisical token name	2022-11-20 22:50:40 -05:00
Maidul Islam	fc49eaae18	Merge branch 'main' of https://github.com/Infisical/infisical into main	2022-11-20 18:47:36 -05:00
Maidul Islam	2f1e2acc69	Update to new backend	2022-11-20 18:47:21 -05:00
Tuan Dang	0f6675942d	Remove build context for prod compose file	2022-11-20 12:54:03 -05:00
Tuan Dang	a8fbca6625	Update self-hosting docs	2022-11-20 12:49:32 -05:00
Maidul Islam	2420a41bb7	Added helpful message to show secrets are being injected	2022-11-20 00:24:19 -05:00
Maidul Islam	47ad4f0620	update .deb files to be any-distro/any-version	2022-11-20 00:12:10 -05:00
Maidul Islam	5ee323ee26	Merge branch 'main' of https://github.com/Infisical/infisical into main	2022-11-19 23:52:30 -05:00
Maidul Islam	e64ba7e0f2	merge with tony's docs changes	2022-11-19 23:52:25 -05:00
Tuan Dang	43c4303b68	Add LICENSE	2022-11-19 23:51:35 -05:00
Maidul Islam	83f56e0621	docker compose docs	2022-11-19 23:50:19 -05:00
Tuan Dang	067d8ff025	Update development docs	2022-11-19 22:04:07 -05:00
Tuan Dang	0f3e29bb26	Remove security card from intro in docs	2022-11-19 21:12:43 -05:00
Tuan Dang	870a66cc5b	Add security section to docs and new YT video	2022-11-19 21:07:50 -05:00
Tuan Dang	67b21e8705	Update docs for Infisical Token	2022-11-19 15:07:03 -05:00
Maidul Islam	af3b1e8359	Merge branch 'main' of https://github.com/Infisical/infisical into main	2022-11-19 14:16:29 -05:00
Maidul Islam	2062d667e8	change flag --stage to --env	2022-11-19 14:16:17 -05:00
Maidul Islam	b164a2f7ac	change flag --stage to --env	2022-11-19 11:35:13 -05:00
Tuan Dang	321b040fe7	Merge branch 'main' of https://github.com/Infisical/infisical	2022-11-19 10:24:41 -05:00
Tuan Dang	96cbdfdaca	Continue modifying docs	2022-11-19 10:24:39 -05:00
Maidul Islam	e66c30b855	update go dependencies	2022-11-19 10:09:27 -05:00
BlackMagiq	7c78b0f443	Merge pull request #19 from hanywang2/main Update anchor colors and background image	2022-11-18 21:49:43 -05:00
Han Wang	f832fdfb0c	Update anchor colors and background image	2022-11-19 01:04:54 +00:00
Tuan Dang	0f6756f2f1	Update README	2022-11-18 18:35:22 -05:00
Maidul Islam	82621e34a8	Merge branch 'main' of https://github.com/Infisical/infisical into main	2022-11-18 18:25:14 -05:00
Maidul Islam	94abacbf61	Update docs for cli install to use tabs	2022-11-18 18:24:58 -05:00
vlad-matsiiako	45466741f1	Update CONTRIBUTING.md	2022-11-18 18:16:53 -05:00
Tuan Dang	f38ec6605d	Resolve merge with README/docs	2022-11-18 18:13:48 -05:00
Tuan Dang	baa0a21b38	Add boilerplate nginx setup for prod self-hosting	2022-11-18 18:12:27 -05:00
vlad-matsiiako	cf216dfbbf	Added a new contributor	2022-11-18 18:06:21 -05:00
vlad-matsiiako	8cef83a90b	Merge pull request #18 from tobias-mintlify/patch-1 Switch to new gradient syntax	2022-11-18 15:01:22 -05:00
Tobias	41ce9cea7c	Switch to new gradient syntax	2022-11-18 14:58:03 -05:00
Maidul Islam	688aa856ab	fix cloud smith upload to cd into dist	2022-11-18 00:35:16 -05:00