fix variable assignment when pulling via token

Update README.md

.env.example

@@ -27,19 +27,14 @@ EMAIL_TOKEN_LIFETIME=
 # Required
 MONGO_URL=mongodb://root:example@mongo:27017/?authSource=admin
 
-# Optional credentials for MongoDB container instance
-MONGO_INITDB_ROOT_USERNAME=root
-MONGO_INITDB_ROOT_PASSWORD=example
-
-# Mongo-Express vars (needed for development only)
-ME_CONFIG_MONGODB_ADMINUSERNAME=root
-ME_CONFIG_MONGODB_ADMINPASSWORD=example
-ME_CONFIG_MONGODB_URL=mongodb://root:example@mongo:27017/
+# Optional credentials for MongoDB container instance and Mongo-Express
+MONGO_USERNAME=root
+MONGO_PASSWORD=example
 
 # Website URL
 # Required
-NODE_ENV=development
-NEXT_PUBLIC_WEBSITE_URL=http://localhost:8080
+
+SITE_URL=http://localhost:8080
 
 # Mail/SMTP
 # Required to send emails

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+### Describe the bug
+A clear and concise description of what the bug is.
+
+### To Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+### Expected behavior
+A clear and concise description of what you expected to happen.
+
+### Screenshots
+If applicable, add screenshots to help explain your problem.
+
+### Platform you are having the issue on:
+
+### Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,17 @@
+---
+name: Feature Request
+about: Let us now what feature you would want to have in Infisical
+title: ''
+labels: 'feature request'
+assignees: ''
+
+---
+
+### Feature description
+A clear and concise description of what the the feature should be.
+
+### Why would it be useful?
+Why would this feature be useful for Infisical users? 
+
+### Additional context
+Add any other context about the problem here.

.github/workflows/check-be-pull-request.yml

@@ -0,0 +1,41 @@
+name: Check Backend Pull Request
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - 'backend/**'
+      - '!backend/README.md'
+      - '!backend/.*'
+      - 'backend/.eslintrc.js'
+
+
+jobs:
+
+  check-be-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: backend/package-lock.json
+      -
+        name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: backend
+      # -
+      #   name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: backend
+      -
+        name: 🏗️ Run build
+        run: npm run build
+        working-directory: backend

.github/workflows/check-fe-pull-request.yml

@@ -0,0 +1,41 @@
+name: Check Frontend Pull Request
+
+on:
+  pull_request:
+    types: [ opened, synchronize ]
+    paths:
+      - 'frontend/**'
+      - '!frontend/README.md'
+      - '!frontend/.*'
+      - 'frontend/.eslintrc.js'
+
+
+jobs:
+
+  check-fe-pr:
+    name: Check
+    runs-on: ubuntu-latest
+
+    steps:
+      -
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Setup Node 16
+        uses: actions/setup-node@v3
+        with:
+          node-version: '16'
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+      -
+        name: 📦 Install dependencies
+        run: npm ci --only-production --ignore-scripts
+        working-directory: frontend
+      # -
+      #   name: 🧪 Run tests
+      #   run: npm run test:ci
+      #   working-directory: frontend
+      -
+        name: 🏗️ Run build
+        run: npm run build
+        working-directory: frontend

.github/workflows/close_inactive_issues.yml

@@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/docker-image.yml

@@ -0,0 +1,90 @@
+name: Push to Docker Hub
+
+on: [workflow_dispatch]
+
+jobs:
+
+  backend-image:
+    name: Build backend image
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # -
+      #   name: 📦 Build backend and export to Docker
+      #   uses: docker/build-push-action@v3
+      #   with:
+      #     load: true
+      #     context: backend
+      #     tags: infisical/backend:test
+      # -
+      #   name: 🧪 Test backend image
+      #   run: |
+      #     docker run --rm infisical/backend:test
+      -
+        name: 🏗️ Build backend and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: backend
+          tags: infisical/backend:latest
+          platforms: linux/amd64,linux/arm64
+
+
+  frontend-image:
+    name: Build frontend image
+    runs-on: ubuntu-latest
+
+    steps:
+      - 
+        name: ☁️ Checkout source
+        uses: actions/checkout@v3
+      -
+        name: 🔧 Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: 🔧 Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: 🐋 Login to Docker Hub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      # -
+      #   name: 📦 Build frontend and export to Docker
+      #   uses: docker/build-push-action@v3
+      #   with:
+      #     load: true
+      #     context: frontend
+      #     tags: infisical/frontend:test
+      #     build-args: |
+      #       POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
+      # -
+      #   name: 🧪 Test frontend image
+      #   run: |
+      #     docker run --rm infisical/frontend:test
+      -
+        name: 🏗️ Build frontend and push
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          context: frontend
+          tags: infisical/frontend:latest
+          platforms: linux/amd64,linux/arm64
+          build-args: |
+            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}

.github/workflows/helm_chart_release.yml

@@ -0,0 +1,22 @@
+name: Release Helm Charts
+
+on: [workflow_dispatch]
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+      - name: Install python
+        uses: actions/setup-python@v4
+      - name: Install Cloudsmith CLI
+        run: pip install --upgrade cloudsmith-cli
+      - name: Build and push helm package to Cloudsmith
+        run: cd helm-charts && sh upload-to-cloudsmith.sh
+        env:
+          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}

.github/workflows/release_build.yml

@@ -1,4 +1,4 @@
-name: goreleaser
+name: Go releaser
 
 on:
   push:

.gitignore

@@ -49,3 +49,6 @@ yarn-error.log*
 .env.production.local
 .vercel
 .env.infisical
+
+# Infisical init
+.infisical.json

CONTRIBUTING.md

@@ -2,6 +2,6 @@
 
 Thanks for taking the time to contribute! 😃 🚀
 
-Please refer to our [Contributing Guide](https://infisical.com/docs/contributing) for instructions on how to contribute.
+Please refer to our [Contributing Guide](https://infisical.com/docs/contributing/overview) for instructions on how to contribute.
 
 We also have some 🔥amazing🔥 merch for our contributors. Please reach out to tony@infisical.com for more info 👀

Makefile

@@ -5,10 +5,10 @@ push:
 	docker-compose -f docker-compose.yml push
 
 up-dev:
-	docker-compose -f docker-compose.dev.yml up
+	docker-compose -f docker-compose.dev.yml up --build
 
 up-prod:
-	docker-compose -f docker-compose.yml up
+	docker-compose -f docker-compose.yml up --build
 
 down:
-	docker-compose down
+	docker-compose down

README.md

@@ -1,5 +1,5 @@
 <h1 align="center">
-  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="ifnisical">
+  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="infisical">
   <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
@@ -7,9 +7,10 @@
 </p>
 
 <h4 align="center">
-  <a href="https://infisical.com/signup">Infisical Cloud</a> |
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a> |
+  <a href="https://infisical.com/">Infisical Cloud</a> |
   <a href="https://infisical.com/docs/self-hosting/overview">Self-Hosting</a> |
-  <a href="https://infisical.com/docs/gettingStarted">Docs</a> |
+  <a href="https://infisical.com/docs/getting-started/introduction">Docs</a> |
   <a href="https://www.infisical.com">Website</a>
 </h4>
 
@@ -20,7 +21,10 @@
   <a href="https://github.com/infisical/infisical/blob/main/CONTRIBUTING.md">
     <img src="https://img.shields.io/badge/PRs-Welcome-brightgreen" alt="PRs welcome!" />
   </a>
-  <a href="https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA">
+  <a href="">
+    <img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
+  </a>
+  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">
     <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
   </a>
 </h4>
@@ -29,12 +33,12 @@
 
 **[Infisical](https://infisical.com)** is an open source, E2EE tool to help teams manage and sync environment variables across their development workflow and infrastructure. It's designed to be simple and take minutes to get going.
 
-- **User-Friendly Dashboard** to manage your team's environment variables within projects
-- **[Language-Agnostic CLI](https://infisical.com/docs/CLI)** that pulls and injects environment variables into your local workflow
-- **[Complete control over your data](https://infisical.com/docs/self_host_overview)** - host it yourself on any infrastructure
+- **[User-Friendly Dashboard](https://infisical.com/docs/getting-started/dashboard/project)** to manage your team's environment variables within projects
+- **[Language-Agnostic CLI](https://infisical.com/docs/cli/overview)** that pulls and injects environment variables into your local workflow
+- **[Complete control over your data](https://infisical.com/docs/self-hosting/overview)** - host it yourself on any infrastructure
 - **Navigate Multiple Environments** per project (e.g. development, staging, production, etc.)
 - **Personal/Shared** scoping for environment variables
-- **[Integrations](https://infisical.com/docs/Heroku)** with CI/CD and production infrastructure (Heroku available, more coming soon)
+- **[Integrations](https://infisical.com/docs/integrations/overview)** with CI/CD and production infrastructure (Heroku available, more coming soon)
 - 🔜 **1-Click Deploy** to Digital Ocean and Heroku
 - 🔜 **Authentication/Authorization** for projects (read/write controls soon)
 - 🔜 **Automatic Secret Rotation**
@@ -44,63 +48,236 @@
 
 And more.
 
-## What's cool about this?
+## 🚀 Get started
 
-Infisical is simple, E2EE, and (soon to be) complete.
+To quickly get started, visit our [get started guide](https://infisical.com/docs/getting-started/introduction).
 
-We're on a mission to make secret management more accessible to everyone — that means building for developers, not just security teams.
+<p>
+  <a href="https://infisical.com/docs/self-hosting/overview" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356882-2b773eed-b0da-4725-ae2f-83e3cd7f2713.png" height=120 /> </a>
+  <a href="https://www.youtube.com/watch?v=JS3OKYU2078" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356600-8833b128-6cae-408c-a703-07b2fc6aff4b.png" height=120 /> </a>
+  <a href="https://app.infisical.com/signup" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206355970-f4c09062-b88f-452a-94e0-9c61a0651170.png" height=120></a>
+</p>
+
+## 🔥 What's cool about this?
+
+Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>. 
+
+According to a [report](https://www.ekransystem.com/en/blog/secrets-management) in 2019, only 10% of organizations use secret management solutions despite all using digital secrets to some extent.
 
 If you care about efficiency and security, then Infisical is right for you.
 
-Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing) directly to the repository.
+We are currently working hard to make Infisical more extensive. Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing/overview) directly to the repository.
 
-## Contributing
+## 🌱 Contributing
 
-For full documentation, visit [infisical.com/docs](https://infisical.com/docs).
+Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).
 
-Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](./DEVELOPERS.md).
+Not sure where to get started? You can:
+- [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
+- Join our <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a>, and ask us any questions there.
 
-Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
+## 💚 Community & Support
 
-## Community & Support
+- [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g) (For live discussion with the community and the Infisical team)
+- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) (For help with building and deeper conversations about features)
+- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) (For any bugs and errors you encounter using Infisical)
+- [Twitter](https://twitter.com/infisical) (Get news fast) 
 
-- [GitHub Discussions](https://github.com/Infisical/infisical/discussions) for help with building and discussion.
-- [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) for any bugs and errors you encounter using Infisical.
-- [Community Slack](https://join.slack.com/t/infisical/shared_invite/zt-1dgg63ln8-G7PCNJdCymAT9YF3j1ewVA) for hanging out with the community and quick communication with the team.
-
-## Status
+## 🐥 Status
 
 - [x] Public Alpha: Anyone can sign up over at [infisical.com](https://infisical.com) but go easy on us, there are kinks and we're just getting started.
 - [ ] Public Beta: Stable enough for most non-enterprise use-cases.
 - [ ] Public: Production-ready.
 
-## Integrations
-
-We're currently setting the foundation and building integrations so secrets can be synced everywhere. Any help is welcome! :)
-
-- [x] Docker
-- [x] Docker Compose
-- [x] Heroku
-- [ ] Vercel
-- [ ] Kubernetes
-- [ ] AWS
-- [ ] GCP
-- [ ] Azure
-- [ ] Digital Ocean
-- [ ] GitLab
-- [ ] CircleCI
-
 We're currently in Public Alpha.
 
-## Open-source vs. paid
+## 🚨 Stay Up-to-Date
 
-This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
+Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
 
-## Security
+![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
+
+## 🔌 Integrations
+
+We're currently setting the foundation and building [integrations](https://infisical.com/docs/integrations/overview) so secrets can be synced everywhere. Any help is welcome! :)
+
+<table>
+<tr>
+  <th>Platforms </th>
+  <th>Frameworks</th>
+</tr>
+<tr> 
+  <td>
+
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker?ref=github.com">
+          ✔️ Docker
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/platforms/docker-compose?ref=github.com">
+          ✔️ Docker Compose
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/cloud/heroku?ref=github.com">
+          ✔️ Heroku
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Vercel (https://github.com/Infisical/infisical/issues/60)
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitLab CI/CD
+      </td>
+      <td align="left" valign="middle">
+        🔜 Fly.io
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 AWS
+      </td>
+      <td align="left" valign="middle">
+        🔜 GitHub Actions (https://github.com/Infisical/infisical/issues/54)
+      </td>
+      <td align="left" valign="middle">
+         🔜 Railway
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 GCP
+      </td>
+      <td align="left" valign="middle">
+        🔜 Kubernetes
+      </td>
+      <td align="left" valign="middle">
+        🔜 CircleCI
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        🔜 Jenkins
+      </td>
+      <td align="left" valign="middle">
+        🔜 Digital Ocean
+      </td>
+      <td align="left" valign="middle">
+        🔜 Azure
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+         🔜 TravisCI
+      </td>
+      <td align="left" valign="middle">
+         🔜 Netlify (https://github.com/Infisical/infisical/issues/55)
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+  </td>
+<td>
+
+
+<table>
+  <tbody>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/react?ref=github.com">
+          ✔️ React
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/express?ref=github.com">
+          ✔️ Express
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/gatsby?ref=github.com">
+          ✔️ Gatsby
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/flask?ref=github.com">
+          ✔️ Flask
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/django?ref=github.com">
+          ✔️ Django
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/laravel?ref=github.com">
+          ✔️ Laravel
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nestjs?ref=github.com">
+          ✔️ NestJS
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/remix?ref=github.com">
+          ✔️ Remix
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/nextjs?ref=github.com">
+          ✔️ Next.js
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vite?ref=github.com">
+          ✔️ Vite
+        </a>
+      </td>
+    </tr>
+    <tr>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/rails?ref=github.com">
+          ✔️ Ruby on Rails
+        </a>
+      </td>
+      <td align="left" valign="middle">
+        <a href="https://infisical.com/docs/integrations/frameworks/vue?ref=github.com">
+          ✔️ Vue
+        </a>
+      </td>
+    </tr>
+  </tbody>
+</table>
+
+</td>
+</tr> 
+</table>
+
+
+## 🏘 Open-source vs. paid
+
+This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.
+
+## 🛡 Security
 
 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.
 
-## Contributors 🦸
+## 🦸 Contributors
 
 [//]: contributor-faces
 
@@ -108,4 +285,4 @@ Looking to report a security vulnerability? Please don't post about it in GitHub
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->
 
-<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/vlad-matsiiako"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a>
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/asharonbaltazar"><img src="https://avatars.githubusercontent.com/u/58940073?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/edgarrmondragon"><img src="https://avatars.githubusercontent.com/u/16805946?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> 

backend/environment.d.ts

@@ -21,6 +21,7 @@ declare global {
       PRIVATE_KEY: string;
       PUBLIC_KEY: string;
       SENTRY_DSN: string;
+      SITE_URL: string;
       SMTP_HOST: string;
       SMTP_NAME: string;
       SMTP_PASSWORD: string;
@@ -31,7 +32,6 @@ declare global {
       STRIPE_PUBLISHABLE_KEY: string;
       STRIPE_SECRET_KEY: string;
       STRIPE_WEBHOOK_SECRET: string;
-      WEBSITE_URL: string;
     }
   }
 }

backend/package-lock.json

@@ -10,7 +10,7 @@
       "license": "ISC",
       "dependencies": {
         "@sentry/node": "^7.14.0",
-        "@sentry/tracing": "^7.14.0",
+        "@sentry/tracing": "^7.19.0",
         "@types/crypto-js": "^4.1.1",
         "axios": "^1.1.3",
         "bigint-conversion": "^2.2.2",
@@ -19,13 +19,13 @@
         "crypto-js": "^4.1.1",
         "dotenv": "^16.0.1",
         "express": "^4.18.1",
-        "express-rate-limit": "^6.5.1",
+        "express-rate-limit": "^6.7.0",
         "express-validator": "^6.14.2",
         "handlebars": "^4.7.7",
         "helmet": "^5.1.1",
         "jsonwebtoken": "^8.5.1",
         "jsrp": "^0.2.4",
-        "mongoose": "^6.7.1",
+        "mongoose": "^6.7.2",
         "nodemailer": "^6.8.0",
         "posthog-node": "^2.1.0",
         "query-string": "^7.1.1",
@@ -33,7 +33,7 @@
         "stripe": "^10.7.0",
         "tweetnacl": "^1.0.3",
         "tweetnacl-util": "^0.15.1",
-        "typescript": "^4.8.4"
+        "typescript": "^4.9.3"
       },
       "devDependencies": {
         "@posthog/plugin-scaffold": "^1.3.4",
@@ -43,6 +43,8 @@
         "@types/jsonwebtoken": "^8.5.9",
         "@types/node": "^18.11.3",
         "@types/nodemailer": "^6.4.6",
+        "@types/swagger-jsdoc": "^6.0.1",
+        "@types/swagger-ui-express": "^4.1.3",
         "@typescript-eslint/eslint-plugin": "^5.40.1",
         "@typescript-eslint/parser": "^5.40.1",
         "eslint": "^8.26.0",
@@ -2606,13 +2608,13 @@
       }
     },
     "node_modules/@sentry/node": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.17.4.tgz",
-      "integrity": "sha512-cR+Gsir9c/tzFWxvk4zXkMQy6tNRHEYixHrb88XIjZVYDqDS9l2/bKs5nJusdmaUeLtmPp5Et2o7RJyS7gvKTQ==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.19.0.tgz",
+      "integrity": "sha512-yG7Tx32WqOkEHVotFLrumCcT9qlaSDTkFNZ+yLSvZXx74ifsE781DzBA9W7K7bBdYO3op+p2YdsOKzf3nPpAyQ==",
       "dependencies": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "cookie": "^0.4.1",
         "https-proxy-agent": "^5.0.0",
         "lru_map": "^0.3.3",
@@ -2622,14 +2624,80 @@
         "node": ">=8"
       }
     },
-    "node_modules/@sentry/tracing": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.17.4.tgz",
-      "integrity": "sha512-9Fz6DI16ddnd970mlB5MiCNRSmSXp4SVZ1Yv3L22oS3kQeNxjBTE+htYNwJzSPrQp9aL/LqTYwlnrCy24u9XQA==",
+    "node_modules/@sentry/node/node_modules/@sentry/core": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+      "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
       "dependencies": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/node/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/node/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
+      "dependencies": {
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/core": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+      "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
+        "tslib": "^1.9.3"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/types": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+      "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA==",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/@sentry/tracing/node_modules/@sentry/utils": {
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+      "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+      "dependencies": {
+        "@sentry/types": "7.19.0",
         "tslib": "^1.9.3"
       },
       "engines": {
@@ -2915,6 +2983,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "node_modules/@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "node_modules/@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "dependencies": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "node_modules/@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
@@ -4499,9 +4583,9 @@
       }
     },
     "node_modules/express-rate-limit": {
-      "version": "6.6.0",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
-      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
       "engines": {
         "node": ">= 12.9.0"
       },
@@ -6434,9 +6518,9 @@
       }
     },
     "node_modules/mongoose": {
-      "version": "6.7.1",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.1.tgz",
-      "integrity": "sha512-qbagtqSyvIhUz4EWzXC00EA0DJHFrQwlzTlNGX5DjiESoJiPKqkEga1k9hviFKRFgBna+OlW54mkdi+0+AqxCw==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "dependencies": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",
@@ -10490,9 +10574,9 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.8.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
-      "integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ==",
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
+      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA==",
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -13040,28 +13124,80 @@
       }
     },
     "@sentry/node": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.17.4.tgz",
-      "integrity": "sha512-cR+Gsir9c/tzFWxvk4zXkMQy6tNRHEYixHrb88XIjZVYDqDS9l2/bKs5nJusdmaUeLtmPp5Et2o7RJyS7gvKTQ==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/node/-/node-7.19.0.tgz",
+      "integrity": "sha512-yG7Tx32WqOkEHVotFLrumCcT9qlaSDTkFNZ+yLSvZXx74ifsE781DzBA9W7K7bBdYO3op+p2YdsOKzf3nPpAyQ==",
       "requires": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "cookie": "^0.4.1",
         "https-proxy-agent": "^5.0.0",
         "lru_map": "^0.3.3",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sentry/tracing": {
-      "version": "7.17.4",
-      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.17.4.tgz",
-      "integrity": "sha512-9Fz6DI16ddnd970mlB5MiCNRSmSXp4SVZ1Yv3L22oS3kQeNxjBTE+htYNwJzSPrQp9aL/LqTYwlnrCy24u9XQA==",
+      "version": "7.19.0",
+      "resolved": "https://registry.npmjs.org/@sentry/tracing/-/tracing-7.19.0.tgz",
+      "integrity": "sha512-SWY17M3TsgBePaGowUcSqBwaT0TJQzuNexVnLojuU0k6F57L9hubvP9zaoosoCfARXQ/3NypAFWnlJyf570rFQ==",
       "requires": {
-        "@sentry/core": "7.17.4",
-        "@sentry/types": "7.17.4",
-        "@sentry/utils": "7.17.4",
+        "@sentry/core": "7.19.0",
+        "@sentry/types": "7.19.0",
+        "@sentry/utils": "7.19.0",
         "tslib": "^1.9.3"
+      },
+      "dependencies": {
+        "@sentry/core": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/core/-/core-7.19.0.tgz",
+          "integrity": "sha512-YF9cTBcAnO4R44092BJi5Wa2/EO02xn2ziCtmNgAVTN2LD31a/YVGxGBt/FDr4Y6yeuVehaqijVVvtpSmXrGJw==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "@sentry/utils": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        },
+        "@sentry/types": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/types/-/types-7.19.0.tgz",
+          "integrity": "sha512-oGRAT6lfzoKrxO1mvxiSj0XHxWPd6Gd1wpPGuu6iJo03xgWDS+MIlD1h2unqL4N5fAzLjzmbC2D2lUw50Kn2pA=="
+        },
+        "@sentry/utils": {
+          "version": "7.19.0",
+          "resolved": "https://registry.npmjs.org/@sentry/utils/-/utils-7.19.0.tgz",
+          "integrity": "sha512-2L6lq+c9Ol2uiRxQDdcgoapmHJp24MhMN0gIkn2alSfMJ+ls6bGXzQHx6JAIdoOiwFQXRZHKL9ecfAc8O+vItA==",
+          "requires": {
+            "@sentry/types": "7.19.0",
+            "tslib": "^1.9.3"
+          }
+        }
       }
     },
     "@sentry/types": {
@@ -13337,6 +13473,22 @@
       "integrity": "sha512-Hl219/BT5fLAaz6NDkSuhzasy49dwQS/DSdu4MdggFB8zcXv7vflBI3xp7FEmkmdDkBUI2bPUNeMttp2knYdxw==",
       "dev": true
     },
+    "@types/swagger-jsdoc": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@types/swagger-jsdoc/-/swagger-jsdoc-6.0.1.tgz",
+      "integrity": "sha512-+MUpcbyxD528dECUBCEVm6abNuORdbuGjbrUdHDeAQ+rkPuo2a+L4N02WJHF3bonSSE6SJ3dUJwF2V6+cHnf0w==",
+      "dev": true
+    },
+    "@types/swagger-ui-express": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/@types/swagger-ui-express/-/swagger-ui-express-4.1.3.tgz",
+      "integrity": "sha512-jqCjGU/tGEaqIplPy3WyQg+Nrp6y80DCFnDEAvVKWkJyv0VivSSDCChkppHRHAablvInZe6pijDFMnavtN0vqA==",
+      "dev": true,
+      "requires": {
+        "@types/express": "*",
+        "@types/serve-static": "*"
+      }
+    },
     "@types/webidl-conversions": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/@types/webidl-conversions/-/webidl-conversions-7.0.0.tgz",
@@ -14489,9 +14641,9 @@
       }
     },
     "express-rate-limit": {
-      "version": "6.6.0",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
-      "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+      "version": "6.7.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+      "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
       "requires": {}
     },
     "express-validator": {
@@ -15930,9 +16082,9 @@
       }
     },
     "mongoose": {
-      "version": "6.7.1",
-      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.1.tgz",
-      "integrity": "sha512-qbagtqSyvIhUz4EWzXC00EA0DJHFrQwlzTlNGX5DjiESoJiPKqkEga1k9hviFKRFgBna+OlW54mkdi+0+AqxCw==",
+      "version": "6.7.2",
+      "resolved": "https://registry.npmjs.org/mongoose/-/mongoose-6.7.2.tgz",
+      "integrity": "sha512-lrP2V5U1qhaf+z33fiIn7aYAZZ1fVDly+TkFRjTujNBF/FIHESATj2RbgAOSlWqv32fsZXkXejXzeVfjbv35Ow==",
       "requires": {
         "bson": "^4.7.0",
         "kareem": "2.4.1",
@@ -18791,9 +18943,9 @@
       }
     },
     "typescript": {
-      "version": "4.8.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.8.4.tgz",
-      "integrity": "sha512-QCh+85mCy+h0IGff8r5XWzOVSbBO+KfeYrMQh7NJ58QujwcE22u+NUSmUxqF+un70P9GXKxa2HCNiTTMJknyjQ=="
+      "version": "4.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.3.tgz",
+      "integrity": "sha512-CIfGzTelbKNEnLpLdGFgdyKhG23CKdKgQPOBc+OUNrkJ2vr+KSzsSV5kq5iWhEQbok+quxgGzrAtGWCyU7tHnA=="
     },
     "uglify-js": {
       "version": "3.17.4",

backend/package.json

@@ -1,7 +1,7 @@
 {
   "dependencies": {
     "@sentry/node": "^7.14.0",
-    "@sentry/tracing": "^7.14.0",
+    "@sentry/tracing": "^7.19.0",
     "@types/crypto-js": "^4.1.1",
     "axios": "^1.1.3",
     "bigint-conversion": "^2.2.2",
@@ -10,13 +10,13 @@
     "crypto-js": "^4.1.1",
     "dotenv": "^16.0.1",
     "express": "^4.18.1",
-    "express-rate-limit": "^6.5.1",
+    "express-rate-limit": "^6.7.0",
     "express-validator": "^6.14.2",
     "handlebars": "^4.7.7",
     "helmet": "^5.1.1",
     "jsonwebtoken": "^8.5.1",
     "jsrp": "^0.2.4",
-    "mongoose": "^6.7.1",
+    "mongoose": "^6.7.2",
     "nodemailer": "^6.8.0",
     "posthog-node": "^2.1.0",
     "query-string": "^7.1.1",
@@ -24,7 +24,7 @@
     "stripe": "^10.7.0",
     "tweetnacl": "^1.0.3",
     "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.8.4"
+    "typescript": "^4.9.3"
   },
   "name": "infisical-api",
   "version": "1.0.0",
@@ -56,6 +56,8 @@
     "@types/jsonwebtoken": "^8.5.9",
     "@types/node": "^18.11.3",
     "@types/nodemailer": "^6.4.6",
+    "@types/swagger-jsdoc": "^6.0.1",
+    "@types/swagger-ui-express": "^4.1.3",
     "@typescript-eslint/eslint-plugin": "^5.40.1",
     "@typescript-eslint/parser": "^5.40.1",
     "eslint": "^8.26.0",

backend/src/config/index.ts

@@ -1,5 +1,5 @@
 const PORT = process.env.PORT || 4000;
-const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400'; // investigate
+const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400';
 const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY!;
 const JWT_AUTH_LIFETIME = process.env.JWT_AUTH_LIFETIME! || '10d';
 const JWT_AUTH_SECRET = process.env.JWT_AUTH_SECRET!;
@@ -12,11 +12,12 @@ const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
 const OAUTH_CLIENT_SECRET_HEROKU = process.env.OAUTH_CLIENT_SECRET_HEROKU!;
 const OAUTH_TOKEN_URL_HEROKU = process.env.OAUTH_TOKEN_URL_HEROKU!;
-const POSTHOG_HOST = process.env.POSTHOG_HOST!;
-const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY!;
+const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
+const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY! || 'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
 const PRIVATE_KEY = process.env.PRIVATE_KEY!;
 const PUBLIC_KEY = process.env.PUBLIC_KEY!;
 const SENTRY_DSN = process.env.SENTRY_DSN!;
+const SITE_URL = process.env.SITE_URL!;
 const SMTP_HOST = process.env.SMTP_HOST! || 'smtp.gmail.com';
 const SMTP_NAME = process.env.SMTP_NAME!;
 const SMTP_USERNAME = process.env.SMTP_USERNAME!;
@@ -27,7 +28,7 @@ const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
-const WEBSITE_URL = 'http://frontend:3000';
+const TELEMETRY_ENABLED = (process.env.TELEMETRY_ENABLED! !== 'false') && true;
 
 export {
 	PORT,
@@ -49,6 +50,7 @@ export {
 	PRIVATE_KEY,
 	PUBLIC_KEY,
 	SENTRY_DSN,
+	SITE_URL,
 	SMTP_HOST,
 	SMTP_NAME,
 	SMTP_USERNAME,
@@ -59,5 +61,5 @@ export {
 	STRIPE_PUBLISHABLE_KEY,
 	STRIPE_SECRET_KEY,
 	STRIPE_WEBHOOK_SECRET,
-	WEBSITE_URL
+	TELEMETRY_ENABLED
 };

backend/src/controllers/membershipController.ts

@@ -6,7 +6,7 @@ import {
 	deleteMembership as deleteMember
 } from '../helpers/membership';
 import { sendMail } from '../helpers/nodemailer';
-import { WEBSITE_URL } from '../config';
+import { SITE_URL } from '../config';
 import { ADMIN, MEMBER, GRANTED, ACCEPTED } from '../variables';
 
 /**
@@ -217,11 +217,10 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 				inviterFirstName: req.user.firstName,
 				inviterEmail: req.user.email,
 				workspaceName: req.membership.workspace.name,
-				callback_url: WEBSITE_URL + '/login'
+				callback_url: SITE_URL + '/login'
 			}
 		});
 	} catch (err) {
-		console.error(err);
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
 		return res.status(400).send({

backend/src/controllers/membershipOrgController.ts

@@ -1,7 +1,7 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import crypto from 'crypto';
-import { WEBSITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
+import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
 import { MembershipOrg, Organization, User, Token } from '../models';
 import { deleteMembershipOrg as deleteMemberFromOrg } from '../helpers/membershipOrg';
 import { checkEmailVerification } from '../helpers/signup';
@@ -186,7 +186,7 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 					organizationName: organization.name,
 					email: inviteeEmail,
 					token,
-					callback_url: WEBSITE_URL + '/signupinvite'
+					callback_url: SITE_URL + '/signupinvite'
 				}
 			});
 		}

backend/src/controllers/organizationController.ts

@@ -1,13 +1,14 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import {
+	SITE_URL,
 	STRIPE_SECRET_KEY,
 	STRIPE_PRODUCT_STARTER,
 	STRIPE_PRODUCT_PRO,
-	STRIPE_PRODUCT_CARD_AUTH,
-	WEBSITE_URL
+	STRIPE_PRODUCT_CARD_AUTH
 } from '../config';
 import Stripe from 'stripe';
+
 const stripe = new Stripe(STRIPE_SECRET_KEY, {
 	apiVersion: '2022-08-01'
 });
@@ -350,13 +351,13 @@ export const createOrganizationPortalSession = async (
 				customer: req.membershipOrg.organization.customerId,
 				mode: 'setup',
 				payment_method_types: ['card'],
-				success_url: WEBSITE_URL + '/dashboard',
-				cancel_url: WEBSITE_URL + '/dashboard'
+				success_url: SITE_URL + '/dashboard',
+				cancel_url: SITE_URL + '/dashboard'
 			});
 		} else {
 			session = await stripe.billingPortal.sessions.create({
 				customer: req.membershipOrg.organization.customerId,
-				return_url: WEBSITE_URL + '/dashboard'
+				return_url: SITE_URL + '/dashboard'
 			});
 		}
 

backend/src/controllers/secretController.ts

@@ -7,16 +7,9 @@ import {
 	reformatPullSecrets
 } from '../helpers/secret';
 import { pushKeys } from '../helpers/key';
-import { PostHog } from 'posthog-node';
 import { ENV_SET } from '../variables';
-import { NODE_ENV, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST } from '../config';
 
-let client: any;
-if (NODE_ENV === 'production' && POSTHOG_PROJECT_API_KEY && POSTHOG_HOST) {
-	client = new PostHog(POSTHOG_PROJECT_API_KEY, {
-		host: POSTHOG_HOST
-	});
-}
+import { postHogClient } from '../services';
 
 interface PushSecret {
 	ciphertextKey: string;
@@ -68,11 +61,10 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			keys
 		});
 
-		if (client) {
-			// capture secrets pushed event in production
-			client.capture({
-				distinctId: req.user.email,
+		if (postHogClient) {
+			postHogClient.capture({
 				event: 'secrets pushed',
+				distinctId: req.user.email,
 				properties: {
 					numberOfSecrets: secrets.length,
 					environment,
@@ -81,6 +73,7 @@ export const pushSecrets = async (req: Request, res: Response) => {
 				}
 			});
 		}
+
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@@ -131,9 +124,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 			secrets = reformatPullSecrets({ secrets });
 		}
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.user.email,
 				event: 'secrets pulled',
 				properties: {
@@ -198,9 +191,9 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 			workspace: req.serviceToken.workspace
 		};
 
-		if (client) {
+		if (postHogClient) {
 			// capture secrets pushed event in production
-			client.capture({
+			postHogClient.capture({
 				distinctId: req.serviceToken.user.email,
 				event: 'secrets pulled',
 				properties: {

backend/src/helpers/rateLimiter.ts

@@ -3,7 +3,7 @@ import rateLimit from 'express-rate-limit';
 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
 	windowMs: 15 * 60 * 1000,
-	max: 300,
+	max: 400,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -11,7 +11,7 @@ const apiLimiter = rateLimit({
 // 5 requests per hour
 const signupLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -19,7 +19,7 @@ const signupLimiter = rateLimit({
 // 10 requests per hour
 const loginLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 10,
+	max: 20,
 	standardHeaders: true,
 	legacyHeaders: false
 });
@@ -27,7 +27,7 @@ const loginLimiter = rateLimit({
 // 5 requests per hour
 const passwordLimiter = rateLimit({
 	windowMs: 60 * 60 * 1000,
-	max: 5,
+	max: 10,
 	standardHeaders: true,
 	legacyHeaders: false
 });

backend/src/helpers/signup.ts

@@ -66,7 +66,7 @@ const checkEmailVerification = async ({
 			email,
 			token: code
 		});
-
+	
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
@@ -106,7 +106,7 @@ const initializeDefaultOrg = async ({
 
 		// initialize a default workspace inside the new organization
 		const workspace = await createWorkspace({
-			name: `${user.firstName}'s Project`,
+			name: `Example Project`,
 			organizationId: organization._id.toString()
 		});
 

backend/src/index.ts

@@ -4,9 +4,10 @@ import cors from 'cors';
 import cookieParser from 'cookie-parser';
 import mongoose from 'mongoose';
 import dotenv from 'dotenv';
+
 dotenv.config();
 import * as Sentry from '@sentry/node';
-import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, WEBSITE_URL } from './config';
+import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, SITE_URL, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST, TELEMETRY_ENABLED } from './config';
 import { apiLimiter } from './helpers/rateLimiter';
 
 const app = express();
@@ -38,7 +39,6 @@ import {
 } from './routes';
 
 const connectWithRetry = () => {
-	console.log('MONGO_URL', MONGO_URL);
 	mongoose.connect(MONGO_URL)
 	.then(() => console.log('Successfully connected to DB'))
 	.catch((e) => {
@@ -55,7 +55,7 @@ app.enable('trust proxy');
 app.use(cookieParser());
 app.use(cors({
 	credentials: true,
-	origin: WEBSITE_URL
+	origin: SITE_URL
 }));
 
 if (NODE_ENV === 'production') {

backend/src/models/token.ts

@@ -18,7 +18,7 @@ const tokenSchema = new Schema<IToken>({
 	},
 	createdAt: {
 		type: Date,
-		expires: EMAIL_TOKEN_LIFETIME,
+		expires: parseInt(EMAIL_TOKEN_LIFETIME),
 		default: Date.now
 	}
 });

backend/src/routes/auth.ts

@@ -13,7 +13,7 @@ router.post(
 
 router.post(
 	'/login1',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientPublicKey').exists().trim().notEmpty(),
 	validateRequest,
@@ -22,7 +22,7 @@ router.post(
 
 router.post(
 	'/login2',
-	// loginLimiter,
+	loginLimiter,
 	body('email').exists().trim().notEmpty(),
 	body('clientProof').exists().trim().notEmpty(),
 	validateRequest,

backend/src/routes/signup.ts

@@ -7,7 +7,7 @@ import { signupLimiter } from '../helpers/rateLimiter';
 
 router.post(
 	'/email/signup',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	validateRequest,
 	signupController.beginEmailSignup
@@ -15,7 +15,7 @@ router.post(
 
 router.post(
 	'/email/verify',
-	// signupLimiter,
+	signupLimiter,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('code').exists().trim().notEmpty(),
 	validateRequest,
@@ -24,7 +24,7 @@ router.post(
 
 router.post(
 	'/complete-account/signup',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),
@@ -42,7 +42,7 @@ router.post(
 
 router.post(
 	'/complete-account/invite',
-	// signupLimiter,
+	signupLimiter,
 	requireSignupAuth,
 	body('email').exists().trim().notEmpty().isEmail(),
 	body('firstName').exists().trim().notEmpty(),

backend/src/services/PostHogClient.ts

@@ -0,0 +1,15 @@
+import { PostHog } from 'posthog-node';
+import { NODE_ENV, POSTHOG_HOST, POSTHOG_PROJECT_API_KEY, TELEMETRY_ENABLED } from '../config';
+
+let postHogClient: any;
+if (
+    NODE_ENV === 'production'
+    && TELEMETRY_ENABLED
+) {
+    // case: enable opt-out telemetry in production
+    postHogClient = new PostHog(POSTHOG_PROJECT_API_KEY, {
+        host: POSTHOG_HOST
+    });
+}
+
+export default postHogClient;

backend/src/services/index.ts

@@ -0,0 +1,5 @@
+import postHogClient from './PostHogClient';
+
+export {
+    postHogClient
+}

cli/packages/cmd/export.go

@@ -0,0 +1,140 @@
+/*
+Copyright © 2022 NAME HERE <EMAIL ADDRESS>
+*/
+package cmd
+
+import (
+	"encoding/csv"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/Infisical/infisical-merge/packages/models"
+	"github.com/Infisical/infisical-merge/packages/util"
+	log "github.com/sirupsen/logrus"
+	"github.com/spf13/cobra"
+)
+
+const (
+	FormatDotenv string = "dotenv"
+	FormatJson   string = "json"
+	FormatCSV    string = "csv"
+)
+
+// exportCmd represents the export command
+var exportCmd = &cobra.Command{
+	Use:                   "export",
+	Short:                 "Used to export environment variables to a file",
+	DisableFlagsInUseLine: true,
+	Example:               "infisical export --env=prod --format=json > secrets.json",
+	Args:                  cobra.NoArgs,
+	PreRun:                toggleDebug,
+	Run: func(cmd *cobra.Command, args []string) {
+		envName, err := cmd.Flags().GetString("env")
+		if err != nil {
+			log.Errorln("Unable to parse the environment flag")
+			log.Debugln(err)
+			return
+		}
+
+		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
+		if err != nil {
+			log.Errorln("Unable to parse the substitute flag")
+			log.Debugln(err)
+			return
+		}
+
+		projectId, err := cmd.Flags().GetString("projectId")
+		if err != nil {
+			log.Errorln("Unable to parse the project id flag")
+			log.Debugln(err)
+			return
+		}
+
+		format, err := cmd.Flags().GetString("format")
+		if err != nil {
+			log.Errorln("Unable to parse the format flag")
+			log.Debugln(err)
+			return
+		}
+
+		envsFromApi, err := util.GetAllEnvironmentVariables(projectId, envName)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
+			log.Debugln(err)
+			return
+		}
+
+		var output string
+		if shouldExpandSecrets {
+			substitutions := util.SubstituteSecrets(envsFromApi)
+			output, err = formatEnvs(substitutions, format)
+			if err != nil {
+				log.Errorln(err)
+				return
+			}
+		} else {
+			output, err = formatEnvs(envsFromApi, format)
+			if err != nil {
+				log.Errorln(err)
+				return
+			}
+		}
+		fmt.Print(output)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(exportCmd)
+	exportCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
+	exportCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
+	exportCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
+	exportCmd.Flags().StringP("format", "f", "dotenv", "Set the format of the output file (dotenv, json, csv)")
+}
+
+// Format according to the format flag
+func formatEnvs(envs []models.SingleEnvironmentVariable, format string) (string, error) {
+	switch strings.ToLower(format) {
+	case FormatDotenv:
+		return formatAsDotEnv(envs), nil
+	case FormatJson:
+		return formatAsJson(envs), nil
+	case FormatCSV:
+		return formatAsCSV(envs), nil
+	default:
+		return "", fmt.Errorf("invalid format flag: %s", format)
+	}
+}
+
+// Format environment variables as a CSV file
+func formatAsCSV(envs []models.SingleEnvironmentVariable) string {
+	csvString := &strings.Builder{}
+	writer := csv.NewWriter(csvString)
+	writer.Write([]string{"Key", "Value"})
+	for _, env := range envs {
+		writer.Write([]string{env.Key, env.Value})
+	}
+	writer.Flush()
+	return csvString.String()
+}
+
+// Format environment variables as a dotenv file
+func formatAsDotEnv(envs []models.SingleEnvironmentVariable) string {
+	var dotenv string
+	for _, env := range envs {
+		dotenv += fmt.Sprintf("%s='%s'\n", env.Key, env.Value)
+	}
+	return dotenv
+}
+
+// Format environment variables as a JSON file
+func formatAsJson(envs []models.SingleEnvironmentVariable) string {
+	// Dump as a json array
+	json, err := json.Marshal(envs)
+	if err != nil {
+		log.Errorln("Unable to marshal environment variables to JSON")
+		log.Debugln(err)
+		return ""
+	}
+	return string(json)
+}

cli/packages/cmd/init.go

@@ -36,7 +36,7 @@ var initCmd = &cobra.Command{
 			return
 		}
 
-		if util.WorkspaceConfigFileExists() {
+		if util.WorkspaceConfigFileExistsInCurrentPath() {
 			shouldOverride, err := shouldOverrideWorkspacePrompt()
 			if err != nil {
 				log.Errorln("Unable to parse your answer")

cli/packages/cmd/login.go

@@ -114,8 +114,8 @@ func init() {
 
 func askForLoginCredentials() (email string, password string, err error) {
 	validateEmail := func(input string) error {
-		result, err := regexp.MatchString("^\\w+@[a-zA-Z_]+?\\.[a-zA-Z]{2,3}$", input)
-		if err != nil || !result {
+		matched, err := regexp.MatchString("^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\\.[a-zA-Z0-9-.]+$", input)
+		if err != nil || !matched {
 			return errors.New("this doesn't look like an email address")
 		}
 		return nil

cli/packages/cmd/root.go

@@ -15,7 +15,7 @@ var rootCmd = &cobra.Command{
 	Short:             "Infisical CLI is used to inject environment variables into any process",
 	Long:              `Infisical is a simple, end-to-end encrypted service that enables teams to sync and manage their environment variables across their development life cycle.`,
 	CompletionOptions: cobra.CompletionOptions{DisableDefaultCmd: true},
-	Version:           "1.0.0",
+	Version:           "0.1.10",
 }
 
 // Execute adds all child commands to the root command and sets flags appropriately.

cli/packages/cmd/run.go

@@ -33,6 +33,13 @@ var runCmd = &cobra.Command{
 			return
 		}
 
+		shouldExpandSecrets, err := cmd.Flags().GetBool("expand")
+		if err != nil {
+			log.Errorln("Unable to parse the substitute flag")
+			log.Debugln(err)
+			return
+		}
+
 		projectId, err := cmd.Flags().GetString("projectId")
 		if err != nil {
 			log.Errorln("Unable to parse the project id flag")
@@ -40,49 +47,19 @@ var runCmd = &cobra.Command{
 			return
 		}
 
-		var envsFromApi []models.SingleEnvironmentVariable
-		infisicalToken := os.Getenv(util.INFISICAL_SERVICE_TOKEN)
-		if infisicalToken == "" {
-			hasUserLoggedInbefore, loggedInUserEmail, err := util.IsUserLoggedIn()
-			if err != nil {
-				log.Info("Unexpected issue occurred while checking login status. To see more details, add flag --debug")
-				log.Debugln(err)
-				return
-			}
-
-			if !hasUserLoggedInbefore {
-				log.Infoln("No logged in user. To login, please run command [infisical login]")
-				return
-			}
-
-			userCreds, err := util.GetUserCredsFromKeyRing(loggedInUserEmail)
-			if err != nil {
-				log.Infoln("Unable to get user creds from key ring")
-				log.Debug(err)
-				return
-			}
-
-			if !util.WorkspaceConfigFileExists() {
-				log.Infoln("Your project is not connected to a project yet. Run command [infisical init]")
-				return
-			}
-
-			envsFromApi, err = util.GetSecretsFromAPIUsingCurrentLoggedInUser(envName, userCreds)
-			if err != nil {
-				log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
-				log.Debugln(err)
-				return
-			}
-		} else {
-			envsFromApi, err = util.GetSecretsFromAPIUsingInfisicalToken(infisicalToken, envName, projectId)
-			if err != nil {
-				log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
-				log.Debugln(err)
-				return
-			}
+		secrets, err := util.GetAllEnvironmentVariables(projectId, envName)
+		if err != nil {
+			log.Debugln(err)
+			return
+		}
+
+		if shouldExpandSecrets {
+			secretsWithSubstitutions := util.SubstituteSecrets(secrets)
+			execCmd(args[0], args[1:], secretsWithSubstitutions)
+		} else {
+			execCmd(args[0], args[1:], secrets)
 		}
 
-		execCmd(args[0], args[1:], envsFromApi)
 	},
 }
 
@@ -90,13 +67,17 @@ func init() {
 	rootCmd.AddCommand(runCmd)
 	runCmd.Flags().StringP("env", "e", "dev", "Set the environment (dev, prod, etc.) from which your secrets should be pulled from")
 	runCmd.Flags().String("projectId", "", "The project ID from which your secrets should be pulled from")
+	runCmd.Flags().Bool("expand", true, "Parse shell parameter expansions in your secrets")
 }
 
 // Credit: inspired by AWS Valut
 func execCmd(command string, args []string, envs []models.SingleEnvironmentVariable) error {
-	log.Infof("\x1b[%dm%s\x1b[0m", 32, "\u2713 Injected Infisical secrets into your application process successfully")
-	log.Debugln("Secrets to inject:", envs)
+	numberOfSecretsInjected := fmt.Sprintf("\u2713 Injected %v Infisical secrets into your application process successfully", len(envs))
+
+	log.Infof("\x1b[%dm%s\x1b[0m", 32, numberOfSecretsInjected)
 	log.Debugf("executing command: %s %s \n", command, strings.Join(args, " "))
+	log.Debugln("Secrets injected:", envs)
+
 	cmd := exec.Command(command, args...)
 	cmd.Stdin = os.Stdin
 	cmd.Stdout = os.Stdout

cli/packages/models/error.go

@@ -0,0 +1,17 @@
+package models
+
+import log "github.com/sirupsen/logrus"
+
+// Custom error type so that we can give helpful messages in CLI
+type Error struct {
+	Err             error
+	FriendlyMessage string
+}
+
+func (e *Error) printFriendlyMessage() {
+	log.Infoln(e.FriendlyMessage)
+}
+
+func (e *Error) printDebuError() {
+	log.Debugln(e.Err)
+}

cli/packages/util/common.go

@@ -9,7 +9,7 @@ const (
 	CONFIG_FILE_NAME                     = "infisical-config.json"
 	CONFIG_FOLDER_NAME                   = ".infisical"
 	INFISICAL_WORKSPACE_CONFIG_FILE_NAME = ".infisical.json"
-	INFISICAL_SERVICE_TOKEN              = "INFISICAL_SERVICE_TOKEN"
+	INFISICAL_TOKEN_NAME                 = "INFISICAL_TOKEN"
 )
 
 var INFISICAL_URL = "https://app.infisical.com/api"

cli/packages/util/config.go

@@ -56,7 +56,7 @@ func ConfigFileExists() bool {
 	}
 }
 
-func WorkspaceConfigFileExists() bool {
+func WorkspaceConfigFileExistsInCurrentPath() bool {
 	if _, err := os.Stat(INFISICAL_WORKSPACE_CONFIG_FILE_NAME); err == nil {
 		return true
 	} else {
@@ -90,3 +90,65 @@ func GetFullConfigFilePath() (fullPathToFile string, fullPathToDirectory string,
 	fullDirPath := fmt.Sprintf("%s/%s", homeDir, CONFIG_FOLDER_NAME)
 	return fullPath, fullDirPath, err
 }
+
+// Given a path to a workspace config, unmarshal workspace config
+func GetWorkspaceConfigByPath(path string) (workspaceConfig models.WorkspaceConfigFile, err error) {
+	workspaceConfigFileAsBytes, err := os.ReadFile(path)
+	if err != nil {
+		return models.WorkspaceConfigFile{}, fmt.Errorf("GetWorkspaceConfigByPath: Unable to read workspace config file because [%s]", err)
+	}
+
+	var workspaceConfigFile models.WorkspaceConfigFile
+	err = json.Unmarshal(workspaceConfigFileAsBytes, &workspaceConfigFile)
+	if err != nil {
+		return models.WorkspaceConfigFile{}, fmt.Errorf("GetWorkspaceConfigByPath: Unable to unmarshal workspace config file because [%s]", err)
+	}
+
+	return workspaceConfigFile, nil
+}
+
+// Will get the list of .infisical.json files that are located
+// within the root of each sub folder from where the CLI is ran from
+func GetAllWorkSpaceConfigsStartingFromCurrentPath() (workspaces []models.WorkspaceConfigFile, err error) {
+	currentDir, err := os.Getwd()
+	if err != nil {
+		return nil, fmt.Errorf("GetAllProjectConfigs: unable to get the current directory because [%s]", err)
+	}
+
+	files, err := os.ReadDir(currentDir)
+	if err != nil {
+		return nil, fmt.Errorf("GetAllProjectConfigs: unable to read the contents of the current directory because [%s]", err)
+	}
+
+	listOfWorkSpaceConfigs := []models.WorkspaceConfigFile{}
+	for _, file := range files {
+		if !file.IsDir() && file.Name() == INFISICAL_WORKSPACE_CONFIG_FILE_NAME {
+			pathToWorkspaceConfigFile := currentDir + "/" + INFISICAL_WORKSPACE_CONFIG_FILE_NAME
+
+			workspaceConfig, err := GetWorkspaceConfigByPath(pathToWorkspaceConfigFile)
+			if err != nil {
+				return nil, fmt.Errorf("GetAllProjectConfigs: Unable to get config file because [%s]", err)
+			}
+
+			listOfWorkSpaceConfigs = append(listOfWorkSpaceConfigs, workspaceConfig)
+
+		} else if file.IsDir() {
+			pathToSubFolder := currentDir + "/" + file.Name()
+			pathToMaybeWorkspaceConfigFile := pathToSubFolder + "/" + INFISICAL_WORKSPACE_CONFIG_FILE_NAME
+
+			_, err := os.Stat(pathToMaybeWorkspaceConfigFile)
+			if err != nil {
+				continue // workspace config file doesn't exist
+			}
+
+			workspaceConfig, err := GetWorkspaceConfigByPath(pathToMaybeWorkspaceConfigFile)
+			if err != nil {
+				return nil, fmt.Errorf("GetAllProjectConfigs: Unable to get config file because [%s]", err)
+			}
+
+			listOfWorkSpaceConfigs = append(listOfWorkSpaceConfigs, workspaceConfig)
+		}
+	}
+
+	return listOfWorkSpaceConfigs, nil
+}

cli/packages/util/crypto.go

@@ -3,12 +3,9 @@ package util
 import (
 	"crypto/aes"
 	"crypto/cipher"
-
-	log "github.com/sirupsen/logrus"
 )
 
 func DecryptSymmetric(key []byte, encryptedPrivateKey []byte, tag []byte, IV []byte) ([]byte, error) {
-	log.Debugln("Key:", key, "encryptedPrivateKey", encryptedPrivateKey, "tag", tag, "IV", IV)
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err

cli/packages/util/secrets.go

@@ -4,6 +4,8 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"os"
+	"regexp"
 	"strings"
 
 	"github.com/Infisical/infisical-merge/packages/models"
@@ -12,19 +14,7 @@ import (
 	"golang.org/x/crypto/nacl/box"
 )
 
-func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
-	log.Debugln("envName", envName, "userCreds", userCreds)
-	// check if user has configured a workspace
-	workspace, err := GetWorkSpaceFromFile()
-	if err != nil {
-		return nil, fmt.Errorf("Unable to read workspace file:", err)
-	}
-
-	// create http client
-	httpClient := resty.New().
-		SetAuthToken(userCreds.JTWToken).
-		SetHeader("Accept", "application/json")
-
+func getSecretsByWorkspaceIdAndEnvName(httpClient resty.Client, envName string, workspace models.WorkspaceConfigFile, userCreds models.UserCredentials) (listOfSecrets []models.SingleEnvironmentVariable, err error) {
 	var pullSecretsRequestResponse models.PullSecretsResponse
 	response, err := httpClient.
 		R().
@@ -33,14 +23,11 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.
 		SetResult(&pullSecretsRequestResponse).
 		Get(fmt.Sprintf("%v/v1/secret/%v", INFISICAL_URL, workspace.WorkspaceId)) // need to change workspace id
 
-	log.Debugln("Response from get secrets:", response)
-
 	if err != nil {
 		return nil, err
 	}
 
 	if response.StatusCode() > 299 {
-		log.Debugln(response)
 		return nil, fmt.Errorf(response.Status())
 	}
 
@@ -65,7 +52,7 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.
 		return nil, err
 	}
 
-	log.Debugln("workspaceKey", workspaceKey, "nonce", nonce, "senderPublicKey", senderPublicKey, "currentUsersPrivateKey", currentUsersPrivateKey)
+	// log.Debugln("workspaceKey", workspaceKey, "nonce", nonce, "senderPublicKey", senderPublicKey, "currentUsersPrivateKey", currentUsersPrivateKey)
 	workspaceKeyInBytes, _ := box.Open(nil, workspaceKey, (*[24]byte)(nonce), (*[32]byte)(senderPublicKey), (*[32]byte)(currentUsersPrivateKey))
 	var listOfEnv []models.SingleEnvironmentVariable
 
@@ -99,6 +86,32 @@ func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.
 	return listOfEnv, nil
 }
 
+func GetSecretsFromAPIUsingCurrentLoggedInUser(envName string, userCreds models.UserCredentials) ([]models.SingleEnvironmentVariable, error) {
+	log.Debugln("GetSecretsFromAPIUsingCurrentLoggedInUser", "envName", envName, "userCreds", userCreds)
+	// check if user has configured a workspace
+	workspaces, err := GetAllWorkSpaceConfigsStartingFromCurrentPath()
+	if err != nil {
+		return nil, fmt.Errorf("Unable to read workspace file(s):", err)
+	}
+
+	// create http client
+	httpClient := resty.New().
+		SetAuthToken(userCreds.JTWToken).
+		SetHeader("Accept", "application/json")
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, workspace := range workspaces {
+		secretsFromAPI, err := getSecretsByWorkspaceIdAndEnvName(*httpClient, envName, workspace, userCreds)
+		if err != nil {
+			return nil, fmt.Errorf("GetSecretsFromAPIUsingCurrentLoggedInUser: Unable to get secrets by workspace id and env name")
+		}
+
+		secrets = append(secrets, secretsFromAPI...)
+	}
+
+	return secrets, nil
+}
+
 func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string, projectId string) ([]models.SingleEnvironmentVariable, error) {
 	if infisicalToken == "" || projectId == "" || envName == "" {
 		return nil, errors.New("infisical token, project id and or environment name cannot be empty")
@@ -125,7 +138,6 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string,
 	}
 
 	if response.StatusCode() > 299 {
-		log.Debugln(response)
 		return nil, fmt.Errorf(response.Status())
 	}
 
@@ -183,6 +195,60 @@ func GetSecretsFromAPIUsingInfisicalToken(infisicalToken string, envName string,
 	return listOfEnv, nil
 }
 
+func GetAllEnvironmentVariables(projectId string, envName string) ([]models.SingleEnvironmentVariable, error) {
+	infisicalToken := os.Getenv(INFISICAL_TOKEN_NAME)
+
+	if infisicalToken == "" {
+		hasUserLoggedInbefore, loggedInUserEmail, err := IsUserLoggedIn()
+		if err != nil {
+			log.Info("Unexpected issue occurred while checking login status. To see more details, add flag --debug")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		if !hasUserLoggedInbefore {
+			log.Infoln("No logged in user. To login, please run command [infisical login]")
+			return nil, fmt.Errorf("user not logged in")
+		}
+
+		userCreds, err := GetUserCredsFromKeyRing(loggedInUserEmail)
+		if err != nil {
+			log.Infoln("Unable to get user creds from key ring")
+			log.Debug(err)
+			return nil, err
+		}
+
+		workspaceConfigs, err := GetAllWorkSpaceConfigsStartingFromCurrentPath()
+		if err != nil {
+			return nil, fmt.Errorf("unable to check if you have a %s file in your current directory", INFISICAL_WORKSPACE_CONFIG_FILE_NAME)
+		}
+
+		if len(workspaceConfigs) == 0 {
+			log.Infoln("Your local project is not connected to a Infisical project yet. Run command [infisical init]")
+			return nil, fmt.Errorf("project not initialized")
+		}
+
+		envsFromApi, err := GetSecretsFromAPIUsingCurrentLoggedInUser(envName, userCreds)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your logged in credentials. If the issue persists, double check your project id/try logging in again.")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		return envsFromApi, nil
+
+	} else {
+		envsFromApi, err := GetSecretsFromAPIUsingInfisicalToken(infisicalToken, envName, projectId)
+		if err != nil {
+			log.Errorln("Something went wrong when pulling secrets using your Infisical token. Double check the token, project id or environment name (dev, prod, ect.)")
+			log.Debugln(err)
+			return nil, err
+		}
+
+		return envsFromApi, nil
+	}
+}
+
 func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models.Workspace, err error) {
 	// create http client
 	httpClient := resty.New().
@@ -205,3 +271,73 @@ func GetWorkSpacesFromAPI(userCreds models.UserCredentials) (workspaces []models
 
 	return getWorkSpacesResponse.Workspaces, nil
 }
+
+func getExpandedEnvVariable(secrets []models.SingleEnvironmentVariable, variableWeAreLookingFor string, hashMapOfCompleteVariables map[string]string, hashMapOfSelfRefs map[string]string) string {
+	if value, found := hashMapOfCompleteVariables[variableWeAreLookingFor]; found {
+		return value
+	}
+
+	for _, secret := range secrets {
+		if secret.Key == variableWeAreLookingFor {
+			regex := regexp.MustCompile(`\${([^\}]*)}`)
+			variablesToPopulate := regex.FindAllString(secret.Value, -1)
+
+			// case: variable is a constant so return its value
+			if len(variablesToPopulate) == 0 {
+				return secret.Value
+			}
+
+			valueToEdit := secret.Value
+			for _, variableWithSign := range variablesToPopulate {
+				variableWithoutSign := strings.Trim(variableWithSign, "}")
+				variableWithoutSign = strings.Trim(variableWithoutSign, "${")
+
+				// case: reference to self
+				if variableWithoutSign == secret.Key {
+					hashMapOfSelfRefs[variableWithoutSign] = variableWithoutSign
+					continue
+				} else {
+					var expandedVariableValue string
+
+					if preComputedVariable, found := hashMapOfCompleteVariables[variableWithoutSign]; found {
+						expandedVariableValue = preComputedVariable
+					} else {
+						expandedVariableValue = getExpandedEnvVariable(secrets, variableWithoutSign, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+						hashMapOfCompleteVariables[variableWithoutSign] = expandedVariableValue
+					}
+
+					// If after expanding all the vars above, is the current var a self ref? if so no replacement needed for it
+					if _, found := hashMapOfSelfRefs[variableWithoutSign]; found {
+						continue
+					} else {
+						valueToEdit = strings.ReplaceAll(valueToEdit, variableWithSign, expandedVariableValue)
+					}
+				}
+			}
+
+			return valueToEdit
+
+		} else {
+			continue
+		}
+	}
+
+	return "${" + variableWeAreLookingFor + "}"
+}
+
+func SubstituteSecrets(secrets []models.SingleEnvironmentVariable) []models.SingleEnvironmentVariable {
+	hashMapOfCompleteVariables := make(map[string]string)
+	hashMapOfSelfRefs := make(map[string]string)
+	expandedSecrets := []models.SingleEnvironmentVariable{}
+
+	for _, secret := range secrets {
+		expandedVariable := getExpandedEnvVariable(secrets, secret.Key, hashMapOfCompleteVariables, hashMapOfSelfRefs)
+		expandedSecrets = append(expandedSecrets, models.SingleEnvironmentVariable{
+			Key:   secret.Key,
+			Value: expandedVariable,
+		})
+
+	}
+
+	return expandedSecrets
+}

cli/packages/util/secrets_test.go

@@ -0,0 +1,160 @@
+package util
+
+import (
+	"testing"
+
+	"github.com/Infisical/infisical-merge/packages/models"
+)
+
+// References to self should return the value unaltered
+func Test_SubstituteSecrets_When_ReferenceToSelf(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${A}", ExpectedValue: "${A}"},
+		{Key: "A", Value: "${A} ${A}", ExpectedValue: "${A} ${A}"},
+		{Key: "A", Value: "${A}${A}", ExpectedValue: "${A}${A}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist(t *testing.T) {
+
+	var tests = []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{Key: "A", Value: "${X}", ExpectedValue: "${X}"},
+		{Key: "A", Value: "${H}HELLO", ExpectedValue: "${H}HELLO"},
+		{Key: "A", Value: "${L}${S}", ExpectedValue: "${L}${S}"},
+	}
+
+	for _, test := range tests {
+		secret := models.SingleEnvironmentVariable{
+			Key:   test.Key,
+			Value: test.Value,
+		}
+
+		secrets := []models.SingleEnvironmentVariable{secret}
+		result := SubstituteSecrets(secrets)
+
+		if result[0].Value != test.ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected %s but got %s for input %s", test.ExpectedValue, result[0].Value, test.Value)
+		}
+
+	}
+}
+
+func Test_SubstituteSecrets_When_ReferenceDoesNotExist_And_Self_Referencing(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "O",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "X",
+			Value:         "DOMAIN",
+			ExpectedValue: "DOMAIN",
+		},
+		{
+			Key:           "A",
+			Value:         "*${A}* ${X}",
+			ExpectedValue: "*${A}* DOMAIN",
+		},
+		{
+			Key:           "H",
+			Value:         "${X} >>>",
+			ExpectedValue: "DOMAIN >>>",
+		},
+		{
+			Key:           "P",
+			Value:         "DOMAIN === ${A} ${H}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>>",
+		},
+		{
+			Key:           "T",
+			Value:         "${P} ==$$ ${X} ${UNKNOWN} ${A} ${P} ==$$ ${X} ${UNKNOWN} ${A}",
+			ExpectedValue: "DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A} DOMAIN === ${A} DOMAIN >>> ==$$ DOMAIN ${UNKNOWN} ${A}",
+		},
+		{
+			Key:           "S",
+			Value:         "${ SSS$$ ${HEY}",
+			ExpectedValue: "${ SSS$$ ${HEY}",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}
+
+func Test_SubstituteSecrets_When_No_SubstituteNeeded(t *testing.T) {
+
+	tests := []struct {
+		Key           string
+		Value         string
+		ExpectedValue string
+	}{
+		{
+			Key:           "DOMAIN",
+			Value:         "infisical.com",
+			ExpectedValue: "infisical.com",
+		},
+		{
+			Key:           "API_KEY",
+			Value:         "hdgsvjshcgkdckhevdkd",
+			ExpectedValue: "hdgsvjshcgkdckhevdkd",
+		},
+		{
+			Key:           "ENV",
+			Value:         "PROD",
+			ExpectedValue: "PROD",
+		},
+	}
+
+	secrets := []models.SingleEnvironmentVariable{}
+	for _, test := range tests {
+		secrets = append(secrets, models.SingleEnvironmentVariable{Key: test.Key, Value: test.Value})
+	}
+
+	results := SubstituteSecrets(secrets)
+
+	for index, expanded := range results {
+		if expanded.Value != tests[index].ExpectedValue {
+			t.Errorf("Test_SubstituteSecrets_When_ReferenceToSelf: expected [%s] but got [%s] for input [%s]", tests[index].ExpectedValue, expanded.Value, tests[index].Value)
+		}
+	}
+}

cli/upload_to_cloudsmith.sh

@@ -1,15 +1,15 @@
 cd dist
 for i in *.apk; do
     [ -f "$i" ] || break
-    cloudsmith push alpine infisical/infisical-cli/alpine/any-version $i
+    cloudsmith push alpine --republish infisical/infisical-cli/alpine/any-version $i
 done
 
 for i in *.deb; do
     [ -f "$i" ] || break
-    cloudsmith push deb --no-republish infisical/infisical-cli/any-distro/any-version $i
+    cloudsmith push deb --republish infisical/infisical-cli/any-distro/any-version $i
 done
 
 for i in *.rpm; do
     [ -f "$i" ] || break
-    cloudsmith push rpm --no-republish infisical/infisical-cli/any-distro/any-version $i
+    cloudsmith push rpm --republish infisical/infisical-cli/any-distro/any-version $i
 done

docker-compose.dev.yml

@@ -4,6 +4,7 @@ services:
   nginx:
     container_name: infisical-dev-nginx
     image: nginx
+    restart: always
     ports:
       - 8080:80
     volumes:
@@ -22,13 +23,14 @@ services:
     build:
       context: ./backend
       dockerfile: Dockerfile
-    image: infisical/backend
     volumes:
       - ./backend/src:/app/src
       - ./backend/nodemon.json:/app/nodemon.json
       - /app/node_modules
     command: npm run dev
     env_file: .env
+    environment:
+      - NODE_ENV=development
     networks:
       - infisical-dev
   
@@ -40,13 +42,16 @@ services:
     build:
       context: ./frontend
       dockerfile: Dockerfile.dev
-    image: infisical/frontend
     volumes:
       - ./frontend/pages:/app/pages
       - ./frontend/public:/app/public
       - ./frontend/styles:/app/styles
       - ./frontend/components:/app/components
     env_file: .env
+    environment:
+      - NEXT_PUBLIC_ENV=development
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
     networks:
       - infisical-dev
 
@@ -55,6 +60,9 @@ services:
     container_name: infisical-dev-mongo
     restart: always
     env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
     volumes:
       - mongo-data:/data/db
     networks:
@@ -64,7 +72,13 @@ services:
     container_name: infisical-dev-mongo-express
     image: mongo-express
     restart: always
+    depends_on:
+      - mongo
     env_file: .env
+    environment:
+      - ME_CONFIG_MONGODB_ADMINUSERNAME=${MONGO_USERNAME}
+      - ME_CONFIG_MONGODB_ADMINPASSWORD=${MONGO_PASSWORD}
+      - ME_CONFIG_MONGODB_URL=mongodb://${MONGO_USERNAME}:${MONGO_PASSWORD}@mongo:27017/
     ports:
       - 8081:8081
     networks:
@@ -75,4 +89,4 @@ volumes:
     driver: local
 
 networks:
-  infisical-dev:
+  infisical-dev:

docker-compose.yml

@@ -4,6 +4,7 @@ services:
   nginx:
     container_name: infisical-nginx
     image: nginx
+    restart: always
     ports:
       - 80:80
       - 443:443
@@ -16,35 +17,30 @@ services:
       - infisical
   
   backend:
-    platform: linux/amd64
     container_name: infisical-backend
     restart: unless-stopped
     depends_on:
       - mongo
     image: infisical/backend
-    volumes:
-      - ./backend/src:/app/src
-      - ./backend/nodemon.json:/app/nodemon.json
-      - /app/node_modules
     command: npm run start
     env_file: .env
+    environment:
+      - NODE_ENV=production
     networks:
       - infisical
   
   frontend:
-    platform: linux/amd64
     container_name: infisical-frontend
     restart: unless-stopped
     depends_on:
       - backend
     image: infisical/frontend
-    volumes:
-      - ./frontend/pages:/app/pages
-      - ./frontend/public:/app/public
-      - ./frontend/styles:/app/styles
-      - ./frontend/components:/app/components
-      - ./frontend/next.config.js:/app/next.config.js
     env_file: .env
+    environment:
+      # - NEXT_PUBLIC_POSTHOG_API_KEY=${POSTHOG_PROJECT_API_KEY}
+      - INFISICAL_TELEMETRY_ENABLED=${TELEMETRY_ENABLED}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_PRO=${STRIPE_PRODUCT_PRO}
+      - NEXT_PUBLIC_STRIPE_PRODUCT_STARTER=${STRIPE_PRODUCT_STARTER}
     networks:
       - infisical
 
@@ -52,19 +48,18 @@ services:
     container_name: infisical-mongo
     image: mongo
     restart: always
+    env_file: .env
+    environment:
+      - MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
+      - MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}
     volumes:
       - mongo-data:/data/db
     networks:
       - infisical
-  
-  watchtower:
-    image: containrrr/watchtower
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
 
 volumes:
   mongo-data:
     driver: local
 
 networks:
-  infisical:
+  infisical:

docs/cli/commands/commands.mdx

@@ -0,0 +1,20 @@
+---
+title: "Commands"
+---
+
+## Commands
+
+| Command | Description                                                          |
+| ------- | -------------------------------------------------------------------- |
+| `login` | Used to authenticate and set the logged in user.                     |
+| `init`  | Used to link a local project to the platform.                        |
+| `run`   | Used to inject envars from the platform into an application process. |
+
+## Global options
+
+| Option            | Description                                     |
+| ----------------- | ----------------------------------------------- |
+| `--help`, `-h`    | List help for any command                       |
+| `--debug`, `-d`   | Enable verbose logging                          |
+| `--domain`        | Use to direct Infisical to a self-hosted domain |
+| `--version`, `-v` | Print version information and quit              |

docs/cli/commands/export.mdx

@@ -0,0 +1,33 @@
+---
+title: "infisical export"
+---
+
+```bash
+infisical export [options]
+```
+
+## Description
+
+Export environment variables from the platform into a file format.
+
+## Options
+
+| Option        | Description                                                                                                                                  | Default value |
+| ------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod`                                  | `dev`         |
+| `--projectId` | Only required if injecting via the [service token method](../token). If you are not using service token, the project id will be automatically retrieved from the `.infisical.json` located at the root of your local project.  | `None`        |
+| `--expand`    | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)                                                                         | `true`        |
+| `--format`    | Format of the output file. Accepted values: `dotenv`, `csv` and `json`                                                                       | `dotenv`      |
+
+## Examples
+
+```bash
+# Export variables to a .env file
+infisical export > .env
+
+# Export variables to a CSV file
+infisical export --format=csv > secrets.csv
+
+# Export variables to a JSON file
+infisical export --format=json > secrets.json
+```

docs/cli/commands/init.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical init"
+---
+
+```bash
+infisical init
+```
+
+## Description
+
+Link a local project to the platform
+
+The command creates a `infisical.json` file containing your Project ID.

docs/cli/commands/login.mdx

@@ -0,0 +1,13 @@
+---
+title: "infisical login"
+---
+
+```bash
+infisical login
+```
+
+## Description
+
+Verify a user and save credentials to the system keyring.
+
+To change the logged in user, run the command again to overwrite the previous login.

docs/cli/commands/run.mdx

@@ -0,0 +1,19 @@
+---
+title: "infisical run"
+---
+
+```bash
+infisical run [options] -- [your application start command]
+```
+
+## Description
+
+Inject environment variables from the platform into an application process.
+
+## Options
+
+| Option         | Description                                                                                                 | Default value |
+| -------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
+| `--env`        | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
+| `--projectId`  | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`     | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)      | `true`        |

docs/cli/overview.mdx

@@ -1,10 +1,12 @@
 ---
-title: "Installation"
+title: "Install"
 ---
 
-Prerequisite: [Setup an account](../../getting-started/dashboard/create-account) with Infisical Cloud or via self-hosted installation.
+Prerequisite: Set up an account with [Infisical Cloud](https://app.infisical.com) or via a [self-hosted installation](/self-hosting/overview).
 
-Follow the guide for your OS below to install the CLI.
+The Infisical CLI provides a way to inject environment variables from the platform into your apps and infrastructure.
+
+## Installation
 
 <Tabs>
    <Tab title="MacOS">
@@ -18,7 +20,7 @@ Follow the guide for your OS below to install the CLI.
     	infisical --version
     	```
 
-    	To update:
+    	## Updates
 
     	```bash
     	brew upgrade infisical
@@ -37,7 +39,7 @@ Follow the guide for your OS below to install the CLI.
     		infisical --version
     		```
 
-    		To update:
+    		## Updates
 
     		```bash
     		scoop update infisical
@@ -59,7 +61,7 @@ Follow the guide for your OS below to install the CLI.
 
     	Then install CLI
     	```bash
-    	$ apk update && apk add infisical
+    	$ sudo apk update && sudo apk add infisical
     	```
 
    </Tab>
@@ -73,7 +75,7 @@ Follow the guide for your OS below to install the CLI.
 
     	Then install CLI
     	```bash
-    	$ yum install infisical
+    	$ sudo yum install infisical
     	```
 
    </Tab>
@@ -88,8 +90,14 @@ Follow the guide for your OS below to install the CLI.
 
     	Then install CLI
     	```bash
-    	$ apt-get update && apt-get install -y infisical
+    	$ sudo apt-get update && sudo apt-get install -y infisical
     	```
 
    </Tab>
 </Tabs>
+
+## Log in to the Infisical CLI
+
+```bash
+infisical login
+```

docs/cli/token.mdx

@@ -12,8 +12,8 @@ The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which
 
 A common use-case is to use the Infisical Token to fetch environment variables with Docker. More specifically, a token can be passed to a container as an environment variable for the CLI to authenticate and pull its corresponding secrets. Check out the integration guides for that:
 
-- [Docker](../../integrations/docker)
-- [Docker Compose](../../integrations/docker-compose)
+- [Docker](../../integrations/platforms/docker)
+- [Docker Compose](../../integrations/platforms/docker-compose)
 
 <Info>
   Once the token is expired, the CLI using it will no longer be able to make

docs/cli/usage.mdx

@@ -2,33 +2,22 @@
 title: "Usage"
 ---
 
-Prerequisite: [Install the CLI](../../getting-started/cli/installation)
+Prerequisite: [Install the CLI](/cli/overview)
 
-## Login
-
-Login in using the `login` command in your terminal. Logging in is a one-time, post-installation action that authenticates you with the platform — to change users, you can run the command again.
-
-```bash
-infisical login
-```
-
-## Initialization
-
-In the root of your local project, initialize Infisical and follow steps to connect your project to the platform.
+## Initialize Infisical for your project
 
 ```bash
+# move to your project
 cd /path/to/project
 
-# initialization
+# initialize infisical
 infisical init
 ```
 
-## Injecting environment variables
-
-To inject environment variables from the platform to your project, use the `run` command.
+## Inject environment variables
 
 ```bash
-# command
+# inject environment variables into app
 infisical run -- [your application start command]
 ```
 
@@ -38,8 +27,9 @@ Options you can specify:
 | ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
 | `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
 | `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |
+| `--expand`    | Parse shell parameter expansions in your secrets (e.g., `${DOMAIN}`)                                        | `true`        |
 
-Examples:
+## Examples:
 
 ```bash
 # example with node

docs/contributing/FAQ.mdx

@@ -0,0 +1,16 @@
+---
+title: "Frequently Asked Questions"
+description: "Have any questions? [Join our Slack community](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g)."
+---
+
+## Problem with SMTP
+
+You can normally populate `SMTP_USERNAME` and `SMTP_PASSWORD` with your usual login and password (you could also create a 'burner' email). Sometimes, there still are problems. 
+
+You can go to your Gmail account settings > security and enable “less secure apps”. This would allow Infisical to use your Gmail to send emails.
+
+If it still doesn't work, [this](https://stackoverflow.com/questions/72547853/unable-to-send-email-in-c-sharp-less-secure-app-access-not-longer-available/72553362#72553362) should help.
+
+## `MONGO_URL` issues
+
+Your `MONGO_URL` should be something like `mongodb://root:example@mongo:27017/?authSource=admin`. If you want to change it (not recommended), you should make sure that you keep this URL in line with `MONGO_USERNAME=root` and `MONGO_PASSWORD=example`.

docs/contributing/architecture.mdx

@@ -1,27 +0,0 @@
----
-title: "Architecture"
----
-
-Infisical is an open-source collection of services for simple secret management built on top of Typescript, Javascript (ongoing conversion to TS), and Go. It's all dockerized and can be spun up with Docker Compose.
-
-![architecture](../images/architecture-diagram2.png)
-
-## NGINX
-
-NGINX is a reverse-proxy and load balancer that sits in front of Infisical. It forwards requests to the frontend and backend services.
-
-## Frontend
-
-The frontend service renders the Web UI using Next.js.
-
-## Backend
-
-The backend service provides the back-of-house logic for secret management.
-
-## Database
-
-The (MongoDB) database stores all data and (encrypted) secrets.
-
-## CLI
-
-The platform-agnostic CLI allows you to inject environment variables from Infisical into apps and infrastructure.

docs/contributing/developing.mdx

@@ -16,7 +16,7 @@ cd infisical
 
 ## Set up environment variables
 
-Tweak the `.env` according to your preferences. Refer to the available [environment variables](envars).
+Tweak the `.env` according to your preferences. Refer to the available [environment variables](/self-hosting/configuration/envars).
 
 ```bash
 cp .env.example .env
@@ -40,6 +40,7 @@ docker-compose -f docker-compose.dev.yml up
 
 The docker-compose development environment consists of:
 
+- nginx
 - frontend
 - backend
 - mongo

docs/getting-started/cli/reference.mdx

@@ -1,55 +0,0 @@
----
-title: "Reference"
----
-
-## Commands
-
-| Command | Description                                                          | Options                |
-| ------- | -------------------------------------------------------------------- | ---------------------- |
-| `login` | Used to authenticate and set the logged in user.                     |
-| `init`  | Used to link a local project to the platform.                        |
-| `run`   | Used to inject envars from the platform into an application process. | `--projectId`, `--env` |
-
-## Global options
-
-| Option            | Description                        |
-| ----------------- | ---------------------------------- |
-| `--help`, `-h`    | List help for any command          |
-| `--debug`, `-d`   | Enable verbose logging             |
-| `--domain`        | Use to direct Infisical to         |
-| `--version`, `-v` | Print version information and quit |
-
-### Login
-
-Used to authenticate and set the logged in user.
-
-Post-authentication credentials are saved securely in your system keyring. Since only one user can be logged in at a time, to change the logged in user, run the command again to overwrite the previous login.
-
-```bash
-infisical login
-```
-
-### Init
-
-Used to link a local project to the platform (cloud or self-hosted)
-
-Run this command at the root of your local project. You will have to run this command for each new project you create locally.
-
-```bash
-infisical init
-```
-
-### Run
-
-Used to inject environment variables from the platform into an application process.
-
-```bash
-infisical run [options] -- [your application start command]
-```
-
-Options you can specify:
-
-| Option        | Description                                                                                                 | Default value |
-| ------------- | ----------------------------------------------------------------------------------------------------------- | ------------- |
-| `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
-| `--projectId` | Used to link a local project to the platform (required only if injecting via the service token method)      | `None`        |

docs/getting-started/dashboard/create-account.mdx

@@ -4,28 +4,11 @@ title: "Sign up"
 
 ## Self-hosted
 
-If you're using a self-hosted installation, follow the [setup](/self-hosting/overview) then open your website URL `{WEBSITE_URL}/login`.
+If you're using a self-hosted installation, follow the [setup](/self-hosting/overview) then open your site URL `{SITE_URL}`.
 
 ## Infisical Cloud
 
-**Step 1:** Open [infisical.com](https://infisical.com/) and click on either "Try Infisical for free" or "Start for free" to head to the signup sequence.
-
-![title](../../images/landing-page.png)
-
-**Step 2:** Fill out the signup sequence.
-
-![signup start](../../images/signup-box.png)
-![signup one-time password](../../images/signup-otp.png)
-![signup complete account](../../images/signup-complete-account.png)
-
-You'll be prompted to fill out some required fields to set up your account.
-
-| Field      | Description                 |
-| ---------- | --------------------------- |
-| Email      | Enter a valid email address |
-| First name | Your first name             |
-| Last name  | Your last name              |
-| Password   | Password                    |
+Open [infisical.com](https://infisical.com/) and click on either "Try Infisical for free" or "Start for free" to complete the signup sequence.
 
 Once you've done that, you'll be taken to the dashboard where we've populated some default environment variables for demonstration.
 

docs/getting-started/dashboard/integrations.mdx

@@ -2,12 +2,13 @@
 title: "Integrations"
 ---
 
-We’re still early with integrations but you’ll be able to sync environment variables across your entire infrastructure from local development to CI/CD and production.
+Integrations allow environment variables to be synced across your entire infrastructure from local development to CI/CD and production.
+
+We're still early with integrations, but expect more soon. 
+
+<Card title="View integrations documentation" icon="link" href="/integrations/overview">
+  View all available integrations and their guide
+</Card>
 
 ![integrations](../../images/project-integrations.png)
 
-Check out integrations:
-
-- Heroku
-- Docker
-- Docker Compose

docs/getting-started/dashboard/organization.mdx

@@ -2,15 +2,12 @@
 title: "Organization"
 ---
 
-By default, Infisical creates an organization under your name such as "John's Organization." To make changes and add members to your organization, head to your organization settings.
+An organization houses projects and members.
 
-![organization name selected](../../images/dashboard-name-selected.png)
+By default, Infisical creates an organization under your name. You can manage your organization in your organization settings.
 
 ![organization name modal open](../../images/dashboard-name-modal-organization.png)
-
-![organization page](../../images/organization.png)
-
-Feel free to change the name of your organization.
+![organization name modal open](../../images/organization.png)
 
 ## Members
 
@@ -19,9 +16,12 @@ Members of an organization can create and add other members to projects within t
 To add a member to your organization, scroll down to the "Organization Members" section and invite the member via email. They'll receive an email to confirm their organization invitation. If the member is an existing user on the platform, they will be automatically added to the organization.
 
 ![organization members](../../images/organization-members.png)
-![organization members add](../../images/organization-members-add.png)
 
-Note that access to projects must be provisioned to new members after they've accepted their invitation, and they will not be added to any projects by default.
+<Note>
+  Note that access to projects must be provisioned to new members after they've
+  accepted their organization invitation, and they will not be added to any
+  projects by default.
+</Note>
 
 ## Incident contacts
 
@@ -30,4 +30,3 @@ Incident contacts of an organization are alerted if anything abnormal is detecte
 To add an incident contact to your organization, scroll down to the "Incident Contacts" section and add their email.
 
 ![organization incident contacts](../../images/organization-ic.png)
-![organization incident contacts add](../../images/organization-ic-add.png)

docs/getting-started/dashboard/project.mdx

@@ -2,7 +2,7 @@
 title: "Project"
 ---
 
-A project houses environment variables for an application or service.
+A project houses environment variables for an application.
 
 ## Dashboard
 
@@ -33,20 +33,14 @@ Every environment variable is classified as either personal or shared.
 
 You can toggle the classification of an environment variable by pressing on its settings:
 
-![project variable toggle](../../images/project-envar-toggle.png)
-
 ![project variable toggle open](../../images/project-envar-toggle-open.png)
 
-![project variable toggle moved](../../images/project-envar-toggle-moved.png)
-
 ### Search
 
 You can search for any environment variable by its key.
 
 ![project search](../../images/project-search.png)
 
-![project search typed](../../images/project-search-typed.png)
-
 ### Sort
 
 You can sort environment variables alphabetically by their keys.
@@ -59,8 +53,6 @@ You can hide or un-hide the values of your environment variables. By default, th
 
 ![project hide](../../images/project-hide.png)
 
-![project unhide](../../images/project-hide.png)
-
 ### Download as .env
 
 You can download your environment variables back in a .env file.

docs/getting-started/dashboard/token.mdx

@@ -2,22 +2,18 @@
 title: "Infisical Token"
 ---
 
-An Infisical Token is needed to authenticate the CLI when there isn't an easy way to manually type in your login credentials to sync environment variables to your applications.
+An Infisical Token is needed to authenticate the CLI when there isn't an easy way to input your login credentials.
 
-It grants read-only access to a particular environment and project for a specified amount of time; once the token expires, any CLI application that relies on it for authentication will be denied access to retrieve related secrets.
+It's useful for your CI/CD environments and integrations such as [Docker](/integrations/platforms/docker) and [Docker Compose](/integrations/platforms/docker-compose).
 
-This is useful in the following contexts:
+To generate the the token, head over to your project settings as shown below.
 
-- [Docker](../../integrations/docker)/[Docker-Compose](../../integrations/docker-compose) integration: An Infisical Token can be passed to a Docker container as an environment variable for the CLI to authenticate and pull its corresponding secrets.
-
-## Generate an Infisical Token
-
-It's possible to generate an Infisical token in the settings of a project.
 
 ![token add](../../images/project-token-add.png)
 
-![token name](../../images/project-token-name.png)
+<Note>
+  The token grants read-only access to a particular environment and project for
+  a specified amount of time. Once the token is expired, the CLI using it will no longer be able to make
+  requests with it.
+</Note>
 
-![token added](../../images/project-token-added.png)
-
-To use the Infisical Token in the CLI, check out the docs for that [here](../../getting-started/cli/token).

docs/getting-started/features.mdx

@@ -20,46 +20,24 @@ The CLI is used to inject environment variables into applications and infrastruc
 - Inject environment variables.
 - Inject environment variables into containers via service tokens for Docker.
 
-## Integrations
-
-We're still early with integrations but you'll be able to sync environment variables across your entire infrastructure from local development to CI/CD and production.
-
-| Integration    | Status      |
-| -------------- | ----------- |
-| Docker         | Available   |
-| Docker-Compose | Available   |
-| Kubernetes     | Coming soon |
-| Vercel         | Coming soon |
-| AWS            | Coming soon |
-| GCP            | Coming soon |
-| Azure          | Coming soon |
-| DigitalOcean   | Coming soon |
-| GitLab         | Coming soon |
-| CircleCI       | Coming soon |
-| TravisCI       | Coming soon |
-| GitHub Actions | Coming soon |
-| Jenkins        | Coming soon |
-
-Missing an integration? Throw in a request.
-
 ## Roadmap
 
 We're building the future of secret management, one that's comprehensive and accessible to all. Some high-level features we have in mind:
 
-| Feature                               | Status           |
-| ------------------------------------- | ---------------- |
-| Integrations                          | Ongoing          |
-| More hosting options                  | Ongoing          |
-| 1-Click Deploys                       | Ongoing          |
-| Account recovery: Backup key          | Ongoing          |
-| Account recovery: Member-assisted     | Noet yet started |
-| Slack & MS teams integrations         | Not yet started  |
-| Access logs                           | Not yet started  |
-| Version control for secrets           | Not yet started  |
-| 2FA                                   | Not yet started  |
-| Restricted IPs                        | Not yet started  |
-| Read/write access controls            | Not yet started  |
-| Secret rotation                       | Not yet started  |
-| Comparing secrets across environments | Not yet started  |
+| Feature                               | Status      |
+| ------------------------------------- | ----------- |
+| Integrations                          | Ongoing     |
+| More hosting options                  | Ongoing     |
+| 1-Click Deploys                       | Ongoing     |
+| Account recovery: Backup key          | Ongoing     |
+| Account recovery: Member-assisted     | Coming soon |
+| Slack & MS teams integrations         | Coming soon |
+| Access logs                           | Coming soon |
+| Version control for secrets           | Coming soon |
+| 2FA                                   | Coming soon |
+| Restricted IPs                        | Coming soon |
+| Read/write access controls            | Coming soon |
+| Secret rotation                       | Coming soon |
+| Comparing secrets across environments | Coming soon |
 
-Interested in contributing? Check out the guide.
+Interested in contributing? Check out the [guide](/contributing/overview).

docs/getting-started/introduction.mdx

@@ -2,20 +2,36 @@
 title: "Introduction"
 ---
 
-<iframe
-  src="https://www.youtube.com/embed/0q_IroMV1ns"
-  width="100%"
-  height="400"
-></iframe>
+Infisical is an [open-source](https://opensource.com/resources/what-open-source), [end-to-end encrypted](https://en.wikipedia.org/wiki/End-to-end_encryption) secret manager that enables teams to easily manage and sync their environment variables.
 
-Infisical is an [open-source](https://opensource.com/resources/what-open-source), end-to-end encrypted (E2EE) secret manager that enables teams to easily manage and sync their environment variables.
+Start syncing environment variables with [Infisical Cloud](https://app.infisical.com) or learn how to [host Infisical](/self-hosting/overview) yourself.
 
-It stops [secret sprawl](https://www.gitguardian.com/glossary/secret-sprawl-definition) by providing a single source-of-truth for environment variables. It offers a dashboard for teams to manage environment variables and a platform-agnostic CLI to inject them into apps and infrastructure.
-
-Some problems we solve:
-
-- Leaking .env files to version control.
-- Debugging missing environment variables.
-- Sending environment variables over email.
-
-Infisical uses [end-to-end encryption](https://en.wikipedia.org/wiki/End-to-end_encryption) to ensure that only designated team members can read their environment variables; unless intended for specific integrations, environment variables are always encrypted before being sent to the server.
+<CardGroup cols={2}>
+  <Card
+    title="Quickstart"
+    href="/getting-started/quickstart"
+    icon="timer"
+    color="#ea5a0c"
+  >
+    Tour Infisical in a few minutes.
+  </Card>
+  <Card href="/cli/overview" title="CLI" icon="square-terminal" color="#16a34a">
+    Install the CLI to inject secrets into apps and infra.
+  </Card>
+  <Card
+    href="/self-hosting/overview"
+    title="Self-hosting"
+    icon="server"
+    color="#0285c7"
+  >
+    Learn how to configure and deploy Infisical.
+  </Card>
+  <Card
+    href="/integrations/overview"
+    title="Integrations"
+    icon="plug"
+    color="#dc2626"
+  >
+    Explore integrations for Docker, AWS, Heroku, etc.
+  </Card>
+</CardGroup>

docs/getting-started/quickstart.mdx

@@ -0,0 +1,43 @@
+---
+title: "Quickstart"
+---
+
+This example demonstrates how to store and inject environment variables from [Infisical Cloud](https://app.infisical.com) into your application.
+
+Note that the Infisical CLI is platform-agnostic and can inject environment variables across many tech stacks and frameworks.
+
+## Set up Infisical Cloud
+
+1. Login or create an accout at `app.infisical.com`.
+2. Create a new project.
+3. Populate your environment variables as in the image below.
+
+![project quickstart](../images/project-quickstart.png)
+
+## Set up the CLI
+
+1. Follow the instructions to [install the CLI](/cli/overview).
+
+2. Initialize Infisical for your project.
+
+```bash
+# move to your project
+cd /path/to/project
+
+# initialize infisical
+infisical init
+```
+
+## Start your app with environment variables injected
+
+```bash
+# inject environment variables into app
+infisical run -- [your application start command]
+```
+
+<Info>
+  Check out our [integrations](/integrations/overview) for injecting environment
+  variables into frameworks and platforms like Docker.
+</Info>
+
+Your app should be running with the environment variables injected.

docs/getting-started/security/statement.mdx

@@ -1,11 +0,0 @@
----
-title: "Statement"
----
-
-As a secrets manager, we are deeply committed to enforcing the privacy and security of all users and data on the platform but acknowledge that it is virtually impossible to guarantee perfect security; unfortunately, even the most secure systems have vulnerabilities.
-
-As part of our commitment, we do our best to maintain platform privacy and security, notify users if anything goes wrong, and rectify adverse situations immediately if anything happens. As Infisical grows, we will be adding more opt-in security measures to ensure better data protection and maintain trust within the growing community. With that, let’s make the most simple and secure secrets management system out there!
-
-Best,
-
-Infisical Team

docs/integrations/cloud/heroku.mdx

@@ -0,0 +1,26 @@
+---
+title: "Heroku"
+description: "With this integration, you can automatically sync your secrets to Heroku as soon as you update secrets in Infisical."
+---
+
+## Instructions
+
+### Step 1: Open the integrations console
+
+Open the Infisical Dashboard. Choose the project in which you want to set up the intergation. Go to the integrations tab in the left sidebar.
+
+### Step 2: Authenticate with Heroku
+
+Click on "Heroku" tile. Log in if required and provide the necessary permissions to Infisical. You will afterwards be redirected back to the integrations page.
+
+Note: during an integration with Heroku, for security reasons, it is impossible to maintain end-to-end encryption. In theory, this lets Infisical decrypt yor environment variables. In practice, we can assure you that this will never be done, and it allows us to protect your secrets from bad actors online. With any questions, reach out support@infisical.com.
+
+### Step 3: Start integration
+
+Choose a Heroku App that you want to sync the secrets to, and the Infisical project environment that you want to sync the secrets from. Start the integration.
+
+The integration should now show status 'In Sync'. Every time you edit secrets, they will be automatically pushed to Heroku. 
+
+<Info> 
+  If you need to update your integration, you will have to delete the current one and create a new one.
+</Info>

docs/integrations/docker-compose.mdx

@@ -1,57 +0,0 @@
----
-title: "Docker Compose"
----
-
-### Step 1: Add CLI to your Dockerfile
-Follow steps 1 through 3 on our [guide to configure Infisical CLI](/docker) in your Dockerfile. 
-
-### Step 2: Generate Infisical Token
-In order for Infisical CLI to authenticate and retrieve your project's secrets without exposing your login credentials, you must generate a Infisical Token.
-To learn how, visit [Infisical Token](../getting-started/cli/infisical-token). Once you have generated the token, keep it handy. 
-
-<Info>
-If you have multiple services and they do not use the same secrets, you will have to generate a Infisical Token for each service.
-</Info>
-
-### Step 3: Tell Docker Compose your Infisical Token
-For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a useful shell variable name.
-This will ensure that you can set Infisical Tokens for multiple services. 
-
-
-```yaml
-# Example Docker Compose file
-services:
-  web:
-    build: .
-    image: auledge-frontend
-    container_name: auledge-frontend
-    environment:
-      - INFISICAL_TOKEN: ${INFISICAL_TOEKN_FOR_WEB}
-
-  api:
-    build: .
-    image: auledge-backend
-    container_name: auledge-backend
-    environment:
-      - INFISICAL_TOKEN: ${INFISICAL_TOEKN_FOR_API}
-
-```
-### 4: Set shell variables
-Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once donce, it will be used to populate the corresponding `INFISICAL_TOKEN`
-in your Docker Compose file. 
-
-``` bash
-#Example
-
-# Token refers to the token we generated in step 2 for this service
-INFISICAL_TOEKN_FOR_WEB=<token>
-
-# Token refers to the token we generated in step 2 for this service
-INFISICAL_TOEKN_FOR_API=<token>
-```
-
-Then run your compose file in the same terminal. 
-
-```bash 
-docker-compose
-```

docs/integrations/frameworks/django.mdx

@@ -0,0 +1,27 @@
+---
+title: "Django"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Django](https://www.djangoproject.com) project
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- python manage.py runserver
+```

docs/integrations/frameworks/express.mdx

@@ -0,0 +1,33 @@
+---
+title: "Express, Fastify, Koa"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+The steps apply to the following non-exhaustive list of frameworks:
+
+- [Express](https://expressjs.com)
+- [Fastify](https://www.fastify.io)
+- [Koa](https://koajs.com)
+
+## Initialize Infisical for your app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```

docs/integrations/frameworks/fiber.mdx

@@ -0,0 +1,27 @@
+---
+title: "Fiber"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Fiber](https://gofiber.io/) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example 
+infisical run -- go run server.go
+```

docs/integrations/frameworks/flask.mdx

@@ -0,0 +1,27 @@
+---
+title: "Flask"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Flask](https://flask.palletsprojects.com/en/2.2.x) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example 
+infisical run -- flask run
+```

docs/integrations/frameworks/gatsby.mdx

@@ -0,0 +1,33 @@
+---
+title: "Gatsby"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Gatsby](https://www.gatsbyjs.com) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run develop
+```
+
+<Note>
+  Note that for environment variables to be exposed to the client, you'll have
+  to prefix them with `GATSBY_`. Read more about that
+  [here](https://www.gatsbyjs.com/docs/how-to/local-development/environment-variables/#accessing-environment-variables-in-the-browser).
+</Note>

docs/integrations/frameworks/laravel.mdx

@@ -0,0 +1,27 @@
+---
+title: "Laravel"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Laravel](https://laravel.com/) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example 
+infisical run -- php artisan serve
+```

docs/integrations/frameworks/nestjs.mdx

@@ -0,0 +1,27 @@
+---
+title: "NestJS"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [NestJS](https://nestjs.com) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run start:dev
+```

docs/integrations/frameworks/nextjs.mdx

@@ -0,0 +1,33 @@
+---
+title: "Next.js"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Next.js](https://nextjs.org) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```
+
+<Note>
+  Note that for environment variables to be exposed to the client, you'll have
+  to prefix them with `NEXT_PUBLIC_`. Read more about that
+  [here](https://nextjs.org/docs/basic-features/environment-variables).
+</Note>

docs/integrations/frameworks/nuxt.mdx

@@ -0,0 +1,27 @@
+---
+title: "Nuxt"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Nuxt](https://nuxtjs.org) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```

docs/integrations/frameworks/rails.mdx

@@ -0,0 +1,27 @@
+---
+title: "Ruby on Rails"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Rails](https://rubyonrails.org) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example 
+infisical run -- bin/rails server
+```

docs/integrations/frameworks/react.mdx

@@ -0,0 +1,27 @@
+---
+title: "React"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Create React App](https://create-react-app.dev)
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```

docs/integrations/frameworks/remix.mdx

@@ -0,0 +1,27 @@
+---
+title: "Remix"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Remix](https://remix.run) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```

docs/integrations/frameworks/vite.mdx

@@ -0,0 +1,34 @@
+---
+title: "Vite"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Vite](https://vitejs.dev) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize Infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```
+
+<Note>
+  Note that for environment variables to be exposed to the client, you'll have
+  to prefix them with `VITE_` and export them from the `vite.config.js` file.
+  Read more about that [here](https://vitejs.dev/guide/env-and-mode.html) and
+  [here](https://main.vitejs.dev/config).
+</Note>

docs/integrations/frameworks/vue.mdx

@@ -0,0 +1,33 @@
+---
+title: "Vue"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
+- [Install the CLI](/cli/overview)
+
+## Initialize Infisical for your [Vue](https://vuejs.org) app
+
+```bash
+# navigate to the root of your of your project 
+cd /path/to/project
+
+# then initialize infisical
+infisical init
+```
+
+## Start your application as usual but with Infisical
+
+```bash
+infisical run -- <your application start command>
+
+# Example
+infisical run -- npm run dev
+```
+
+<Note>
+  Note that for environment variables to be exposed to the client, you'll have
+  to prefix them with `VUE_APP` Read more about that
+  [here](https://cli.vuejs.org/guide/mode-and-env.html).
+</Note>

docs/integrations/heroku.mdx

@@ -1,24 +0,0 @@
----
-title: "Heroku"
-description: "With this integration, you can automatically sync your secrets to Heroku as soon as you update secrets in Infisical."
----
-
-## Instructions
-
-### Step 1: Open the integrations csonsole
-
-Open the Infisical Dashboard. Choose the project in which you want to set up the intergation. Go to the integrations tab in the left sidebar.
-
-### Step 2: Authenticate with Heroku
-
-Click on Heroku in the list of available integrations. Log in if asked by Heroku and provide the necessary permissions to Infisical. You will afterwards be redirected back to the integrations page.
-
-Note: during an integration with Heroku, for security reasons, it is impossible to maintain end-to-end encryption. In theory, this lets Infisical decrypt yor environment variables. In practice, we can assure you that this will never be done, and it allows us to protect your secrets from bad actors online. The core Infisical service will always stay end-to-end encrypted. With any questions, reach out support@infisical.com.
-
-### Step 3: Start integration
-
-Once the integration is set up, choose a Heroku App that you want to sync the secrets to, and the Infisical project environment that you would to sync the secrets from. Click on the "Start Integration" button.
-
-### Step 4: You're good to go!
-
-The integration should now show status 'In Sync'. Every time you edit the secrets, they will be automatically pushed to Heroku. If you want to update anything in your integration, you will have to delete the current one and create a new one.

docs/integrations/overview.mdx

@@ -0,0 +1,38 @@
+---
+title: "Overview"
+---
+
+Integrations allow environment variables to be synced from Infisical into your local development workflow, CI/CD pipelines, and production infrastructure.
+
+Missing an integration? Throw in a [request](https://github.com/Infisical/infisical/issues).
+
+| Integration                                              | Type      | Status      |
+| -------------------------------------------------------- | --------- | ----------- |
+| [Docker](/integrations/platforms/docker)                 | Platform  | Available   |
+| [Docker-Compose](/integrations/platforms/docker-compose) | Platform  | Available   |
+| Kubernetes                                               | Platform  | Coming soon |
+| [Heroku](/integrations/cloud/heroku)                     | Cloud     | Available   |
+| Vercel                                                   | Cloud     | Coming soon |
+| AWS                                                      | Cloud     | Coming soon |
+| GCP                                                      | Cloud     | Coming soon |
+| Azure                                                    | Cloud     | Coming soon |
+| DigitalOcean                                             | Cloud     | Coming soon |
+| GitLab                                                   | CI/CD     | Coming soon |
+| CircleCI                                                 | CI/CD     | Coming soon |
+| TravisCI                                                 | CI/CD     | Coming soon |
+| GitHub Actions                                           | CI/CD     | Coming soon |
+| Jenkins                                                  | CI/CD     | Coming soon |
+| [React](/integrations/frameworks/react)                  | Framework | Available   |
+| [Vue](/integrations/frameworks/vue)                      | Framework | Available   |
+| [Express](/integrations/frameworks/express)              | Framework | Available   |
+| [Next.js](/integrations/frameworks/nextjs)               | Framework | Available   |
+| [NestJS](/integrations/frameworks/nestjs)                | Framework | Available   |
+| [Nuxt](/integrations/frameworks/nuxt)                    | Framework | Available   |
+| [Gatsby](/integrations/frameworks/gatsby)                | Framework | Available   |
+| [Remix](/integrations/frameworks/remix)                  | Framework | Available   |
+| [Vite](/integrations/frameworks/vite)                    | Framework | Available   |
+| [Fiber](/integrations/frameworks/fiber)                  | Framework | Coming soon |
+| [Django](/integrations/frameworks/django)                | Framework | Available   |
+| [Flask](/integrations/frameworks/flask)                  | Framework | Available   |
+| [Laravel](/integrations/frameworks/laravel)              | Framework | Coming soon |
+| [Ruby on Rails](/integrations/frameworks/rails)          | Framework | Available   |

docs/integrations/platforms/docker-compose.mdx

@@ -0,0 +1,62 @@
+---
+title: "Docker Compose"
+---
+
+The Docker Compose integration enables you to inject environment variables from Infisical into the containers defined in your compose file.
+
+## Add the CLI to your Dockerfile(s) start command
+
+Follow the [guide to configure Infisical CLI](./docker) in your your Dockerfile first.
+
+## Generate Infisical Token
+
+In order for Infisical CLI to authenticate and retrieve your project's secrets without exposing your login credentials, you must generate a Infisical Token.
+To learn how, visit [Infisical Token](../../getting-started/dashboard/token). Once you have generated the token, keep it handy.
+
+<Info>
+  If you have multiple services and they do not use the same secrets, you will
+  have to generate a Infisical Token for each service.
+</Info>
+
+## Tell Docker Compose your Infisical Token
+
+For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a helpful identifier variable.
+This will ensure that you can set Infisical Tokens for multiple services.
+
+For the example below, we have set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the corresponding service.
+
+```yaml
+# Example Docker Compose file
+services:
+  web:
+    build: .
+    image: auledge-frontend
+    container_name: auledge-frontend
+    environment:
+      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}
+
+  api:
+    build: .
+    image: auledge-backend
+    container_name: auledge-backend
+    environment:
+      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
+```
+
+## Export shell variables
+
+Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN`
+in your Docker Compose file.
+
+```bash
+#Example
+
+# Token refers to the token we generated in step 2 for this service
+export INFISICAL_TOKEN_FOR_WEB=<token>
+
+# Token refers to the token we generated in step 2 for this service
+export INFISICAL_TOKEN_FOR_API=<token>
+
+# Then run your compose file in the same terminal.
+docker-compose ...
+```

docs/integrations/platforms/docker.mdx

@@ -2,9 +2,9 @@
 title: "Docker"
 ---
 
-Prerequisite: [Infisical Token and How to Generate One](../../getting-started/dashboard/token).
+Infisical can be used in a Dockerfile to inject environment variables into a Docker container.
 
-## Step 1: Add CLI to your Dockerfile
+## Add the CLI to your Dockerfile
 
 <Tabs>
 	 <Tab title="Alpine">
@@ -31,14 +31,10 @@ Prerequisite: [Infisical Token and How to Generate One](../../getting-started/da
    </Tab>
 </Tabs>
 
-## Step 2: Generate Infisical Token
-
-In order for the CLI to authenticate and retrieve your project's secrets without requiring your login credentials, you must [generate an Infisical Token](../../getting-started/dashboard/token); keep it handy.
-
-## Step 3: Set start command of your container
+## Modify the start command in your Dockerfile
 
 ```dockerfile
-CMD ["infisical", "--env=[your-project-env-name]", "projectId=[your-project-id]", "run", "---", "<your application start command>"]
+CMD ["infisical", "--env=[env]", "projectId=[projectId]", "run", "---", "[your application start command]"]
 
 # example
 CMD ["infisical", "--env=prod", "projectId=62faf98ae0b05e83239b5da41", "run", "---", "npm run start"]
@@ -51,12 +47,14 @@ Required options:
 | `--env`       | Used to set the environment that secrets are pulled from. Accepted values: `dev`, `staging`, `test`, `prod` | `dev`         |
 | `--projectId` | Used to link a local project to the platform                                                                | `None`        |
 
-## Step 4: Feed Docker your Infisical Token
+## Generate an Infisical Token
 
-The CLI looks out for an environment variable called the `INFISICAL_TOKEN` which you can set depending on where you run the CLI. If `INFISICAL_TOKEN` is detected by the CLI, it will authenticate and retrieve the environment variables which the token is authorized for.
+[Generate an Infisical Token](../../getting-started/dashboard/token) and keep it handy.
+
+## Feed Docker your Infisical Token
+
+The CLI looks out for an environment variable called `INFISICAL_TOKEN`. If the token is detected, the CLI will authenticate, retrieve, and inject the environment variables which the token is authorized for.
 
 ```bash
- docker run --env INFISICAL_TOKEN=<the-token-you-got-from-step-2>...
+ docker run --env INFISICAL_TOKEN=[token]...
 ```
-
-Note: `INFISICAL_TOKEN` is the token you generated in step 2.

docs/mint.json

@@ -21,60 +21,80 @@
       "to": "#F8B7BD"
     }
   },
-  "topbarLinks": [{ "name": "Log In", "url": "https://infisical.com/login" }],
+  "topbarLinks": [{ "name": "Log In", "url": "https://app.infisical.com/login" }],
   "topbarCtaButton": {
     "name": "Start for Free",
-    "url": "https://infisical.com/signup"
+    "url": "https://app.infisical.com/signup"
   },
   "anchors": [
+    {
+      "name": "Security",
+      "icon": "shield-halved",
+      "url": "security"
+    },
+    {
+      "name": "Self-hosting",
+      "icon": "server",
+      "url": "self-hosting"
+    },
+    {
+      "name": "Integrations",
+      "icon": "plug",
+      "url": "integrations"
+    },
+    {
+      "name": "Contributing",
+      "icon": "code",
+      "url": "contributing"
+    },
     {
       "name": "Blog",
       "icon": "newspaper",
-      "url": "https://infisical.com/blog"
+      "url": "https://blog.infisical.com/"
+    },
+    {
+      "name": "Slack",
+      "icon": "slack",
+      "url": "https://join.slack.com/t/infisical-users/shared_invite/zt-1kovn1q6p-p5fvJo7o083naouDkOzgZQ"
+    },
+    {
+      "name": "GitHub",
+      "icon": "github",
+      "url": "https://github.com/Infisical/infisical"
     }
   ],
   "navigation": [
     {
-      "group": "Platform",
+      "group": "Overview",
       "pages": [
         "getting-started/introduction",
-        "getting-started/features",
-        {
-          "group": "Security",
-          "pages": [
-            "getting-started/security/overview",
-            "getting-started/security/data-model",
-            "getting-started/security/mechanics",
-            "getting-started/security/statement"
-          ]
-        },
-        {
-          "group": "Web UI",
-          "pages": [
-            "getting-started/dashboard/create-account",
-            "getting-started/dashboard/organization",
-            "getting-started/dashboard/project",
-            "getting-started/dashboard/integrations",
-            "getting-started/dashboard/token"
-          ]
-        },
-        {
-          "group": "Command Line",
-          "pages": [
-            "getting-started/cli/installation", 
-            "getting-started/cli/cli-guide", 
-            "getting-started/cli/token",
-            "getting-started/cli/reference"
-          ]
-        }
+        "getting-started/quickstart",
+        "getting-started/features"
       ]
     },
     {
-      "group": "Integrations",
+      "group": "Platform",
       "pages": [
-        "integrations/heroku",
-        "integrations/docker",
-        "integrations/docker-compose"
+        "getting-started/dashboard/organization",
+        "getting-started/dashboard/project",
+        "getting-started/dashboard/integrations",
+        "getting-started/dashboard/token"
+      ]
+    },
+    {
+      "group": "CLI",
+      "pages": [
+        "cli/overview",
+        "cli/usage",
+        {
+          "group": "Commands",
+          "pages": [
+            "cli/commands/login",
+            "cli/commands/init",
+            "cli/commands/run",
+            "cli/commands/export"
+          ]
+        }
       ]
     },
     {
@@ -82,14 +102,63 @@
       "pages": [
         "self-hosting/overview",
         {
-          "group": "Deployments",
-          "pages": ["self-hosting/deployments/linux"]
+          "group": "Deployments options",
+          "pages": [
+            "self-hosting/deployments/linux",
+            "self-hosting/deployments/kubernetes"
+          ]
         },
         {
           "group": "Configuration",
           "pages": ["self-hosting/configuration/envars"]
         }
       ]
+    }, 
+    {
+      "group": "Integrations",
+      "pages": [
+        "integrations/overview"
+      ]
+    },
+    {
+      "group": "Platforms",
+      "pages": [
+        "integrations/platforms/docker",
+        "integrations/platforms/docker-compose"
+      ]
+    },
+    {
+      "group": "Cloud",
+      "pages": [
+        "integrations/cloud/heroku"
+      ]
+    },
+    {
+      "group": "Frameworks",
+      "pages": [
+        "integrations/frameworks/react",
+        "integrations/frameworks/vue",
+        "integrations/frameworks/express",
+        "integrations/frameworks/nextjs",
+        "integrations/frameworks/nestjs",
+        "integrations/frameworks/nuxt",
+        "integrations/frameworks/gatsby",
+        "integrations/frameworks/remix",
+        "integrations/frameworks/vite",
+        "integrations/frameworks/fiber",
+        "integrations/frameworks/django",
+        "integrations/frameworks/flask",
+        "integrations/frameworks/laravel",
+        "integrations/frameworks/rails"
+      ]
+    },
+    {
+      "group": "Security",
+      "pages": [
+        "security/overview",
+        "security/data-model",
+        "security/mechanics"
+      ]
     },
     {
       "group": "Contributing",
@@ -97,7 +166,7 @@
         "contributing/overview",
         "contributing/code-of-conduct",
         "contributing/developing",
-        "contributing/architecture"
+        "contributing/FAQ"
       ]
     }
   ],

docs/security/overview.mdx

@@ -18,3 +18,13 @@ In subsequent sections, we refer:
 
 - To users uploading their secrets to Infisical as “senders” and those receiving secrets as “receivers". For instance, if Bob and Alice are both enrolled in a project and Bob adds new secrets to the project to be pulled by Alice, then Bob is considered to be the sender and Alice the receiver.
 - To any activity involving uploading or modifying secrets to Infisical as "pushing" and fetching secrets from Infisical as "pulling."
+
+## Statement
+
+As a secrets manager, we are deeply committed to enforcing the privacy and security of all users and data on the platform but acknowledge that it is virtually impossible to guarantee perfect security; unfortunately, even the most secure systems have vulnerabilities.
+
+As part of our commitment, we do our best to maintain platform privacy and security, notify users if anything goes wrong, and rectify adverse situations immediately if anything happens. As Infisical grows, we will be adding more opt-in security measures to ensure better data protection and maintain trust within the growing community. With that, let’s make the most simple and secure secrets management system out there!
+
+Best,
+
+Infisical Team

docs/self-hosting/configuration/envars.mdx

@@ -7,29 +7,27 @@ description: ""
 
 Configuring Infisical requires setting some environment variables. There is a file called `.env.example` at the root directory of our main repo that you can use to create a `.env` before you start the server.
 
-| Variable                          | Description                                                                                                 | Default Value    |
-| --------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------- |
-| `PRIVATE_KEY`                     | ❗️ NaCl-generated server secret key                                                                        | `None`           |
-| `PUBLIC_KEY`                      | ❗️ NaCl-generated server public key                                                                        | `None`           |
-| `ENCRYPTION_KEY`                  | ❗️ Strong hex encryption key                                                                               | `None`           |
-| `JWT_SIGNUP_SECRET`               | ❗️JWT token secret                                                                                         | `None`           |
-| `JWT_REFRESH_SECRET`              | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_AUTH_SECRET`                 | ❗️ JWT token secret                                                                                        | `None`           |
-| `JWT_SIGNUP_LIFETIME`             | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `15m`            |
-| `JWT_REFRESH_LIFETIME`            | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `90d`            |
-| `JWT_AUTH_LIFETIME`               | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `10d`            |
-| `EMAIL_TOKEN_LIFETIME`            | Email OTP/magic-link lifetime expressed in seconds                                                          | `86400`          |
-| `MONGO_URL`                       | ❗️ MongoDB instance connection string either to container instance or MongoDB Cloud                        | `None`           |
-| `MONGO_INITDB_ROOT_USERNAME`      | MongoDB container username                                                                                  | `None`           |
-| `MONGO_INITDB_ROOT_PASSWORD`      | MongoDB container password                                                                                  | `None`           |
-| `ME_CONFIG_MONGODB_ADMINUSERNAME` | Same as `MONGO_USERNAME` for mongo-express in development                                                   | `None`           |
-| `ME_CONFIG_MONGODB_ADMINPASSWORD` | Same as `MONGO_PASSWORD` for mongo-express in development                                                   | `None`           |
-| `NODE_ENV`                        | ❗️ `production` or `development`                                                                           | `None`           |
-| `NEXT_PUBLIC_WEBSITE_URL`         | ❗️ Site URL - should be an absolute URL including the protocol (e.g. `https://infisical.com`)              | `None`           |
-| `SMT_HOST`                        | Whether the user joined the community                                                                       | `smtp.gmail.com` |
-| `SMTP_NAME`                       | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_USERNAME`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `SMTP_PASSWORD`                   | ❗️ Whether the user joined the community                                                                   | `None`           |
-| `OAUTH_CLIENT_SECRET_HEROKU`      | OAuth client secret for Heroku integration                                                                  | `None`           |
-| `OAUTH_TOKEN_URL_HEROKU`          | OAuth token URL for Heroku integration                                                                      | `None`           |
-| `SENTRY_DSN`                      | DSN for error-monitoring with Sentry                                                                        | `None`           |
+| Variable                     | Description                                                                                                 | Default Value    |
+| ---------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------- |
+| `PRIVATE_KEY`                | ❗️ NaCl-generated server secret key                                                                         | `None`           |
+| `PUBLIC_KEY`                 | ❗️ NaCl-generated server public key                                                                         | `None`           |
+| `ENCRYPTION_KEY`             | ❗️ Strong hex encryption key                                                                                | `None`           |
+| `JWT_SIGNUP_SECRET`          | ❗️ JWT token secret                                                                                         | `None`           |
+| `JWT_REFRESH_SECRET`         | ❗️ JWT token secret                                                                                         | `None`           |
+| `JWT_AUTH_SECRET`            | ❗️ JWT token secret                                                                                         | `None`           |
+| `JWT_SIGNUP_LIFETIME`        | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `15m`            |
+| `JWT_REFRESH_LIFETIME`       | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `90d`            |
+| `JWT_AUTH_LIFETIME`          | JWT token lifetime expressed in seconds or a string describing a time span (e.g. 60, "2 days", "10h", "7d") | `10d`            |
+| `EMAIL_TOKEN_LIFETIME`       | Email OTP/magic-link lifetime expressed in seconds                                                          | `86400`          |
+| `MONGO_URL`                  | ❗️ MongoDB instance connection string either to container instance or MongoDB Cloud                         | `None`           |
+| `MONGO_USERNAME`             | MongoDB username if using container                                                                         | `None`           |
+| `MONGO_PASSWORD`             | MongoDB password if using container                                                                         | `None`           |
+| `SITE_URL`                   | ❗️ Site URL - should be an absolute URL including the protocol (e.g. `https://app.infisical.com`)           | `None`           |
+| `SMTP_HOST`                  | Hostname to connect to for establishing SMTP connections                                                    | `smtp.gmail.com` |
+| `SMTP_NAME`                  | Name label to be used in From field (e.g. `Team`)                                                           | `None`           |
+| `SMTP_USERNAME`              | ❗️ Credential to connect to host (e.g. `team@infisical.com`)                                                | `None`           |
+| `SMTP_PASSWORD`              | ❗️ Credential to connect to host                                                                            | `None`           |
+| `TELEMETRY_ENABLED`          | `true` or `false`. [More](../overview).                                                                     | `true`           |
+| `OAUTH_CLIENT_SECRET_HEROKU` | OAuth client secret for Heroku integration                                                                  | `None`           |
+| `OAUTH_TOKEN_URL_HEROKU`     | OAuth token URL for Heroku integration                                                                      | `None`           |
+| `SENTRY_DSN`                 | DSN for error-monitoring with Sentry                                                                        | `None`           |

docs/self-hosting/deployments/kubernetes.mdx

@@ -0,0 +1,54 @@
+---
+title: "Kubernetes"
+description: "Deploy with Kubernetes"
+---
+
+<Info>
+Self-host vs. Infisical Cloud
+
+Self-hosting Infisical means managing the service yourself, taking care of upgrades, scaling, security, etc.
+
+If you're less technical and looking for a hands-free experience with minimal overhead then we recommend Infisical Cloud.
+
+</Info>
+
+**Prerequisites**
+- You have understanding of [Kubernetes](https://kubernetes.io/)
+- You have understanding of [Helm package manager](https://helm.sh/) 
+- You have [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/) installed and connected to your kubernetes cluster
+
+
+#### 1. Fill our environment variables
+
+Before you can deploy the Helm chart, you must fill out the required environment variables. To do so, please either download or copy the
+contents of [this file](https://raw.githubusercontent.com/Infisical/infisical/main/helm-charts/infisical/values.yaml) to a `.yaml` file. 
+_Refer to the available [environment variables](../../self-hosting/configuration/envars)_
+
+Once you have a local copy of the values file, fill our the required environment variables and save the file.
+
+
+#### 2. Install Infisical Helm repository 
+
+```bash
+helm repo add infisical-helm-charts 'https://dl.cloudsmith.io/public/infisical/helm-charts/helm/charts/' 
+  
+helm repo update
+```
+
+#### 3. Install the Helm chart 
+
+By default, the helm chart will be installed on your default namespace. If you wish to install the Chart on a different namespace, you may specify
+that by adding the `--namespace <namespace-to-install-to>` to your `helm install` command.
+
+```bash
+## Installs to default namespace
+helm install infisical-helm-charts/infisical --values <path to the values.yaml you downloaded/created in step 2>
+```
+
+<Note>
+If you have not filled out all of the required environment variables, you will see an error message prompting you to 
+do so. 
+</Note>
+
+4. Your Infisical installation is complete and should be running on the host name you specified in Ingress in `values.yaml`.
+Note: Please allow an additional time (2 minutes) for the frontend pods to be fully ready.

docs/self-hosting/deployments/linux.mdx

@@ -33,7 +33,7 @@ wget -O .env https://raw.githubusercontent.com/Infisical/infisical/main/.env.exa
 wget -O docker-compose.yml https://raw.githubusercontent.com/Infisical/infisical/main/docker-compose.yml
 
 # Download nginx config
-mkdir nginx && cd nginx && wget -O default.conf https://raw.githubusercontent.com/Infisical/infisical/main/nginx/default.conf
+mkdir nginx && cd nginx && wget -O default.conf https://raw.githubusercontent.com/Infisical/infisical/main/nginx/default.dev.conf
 cd ..
 ```
 
@@ -51,4 +51,4 @@ nano .env
 docker-compose -f docker-compose.yml up -d
 ```
 
-5. Your Infisical installation is complete and should be running on ports 40 and 443. Please note that the containers are not exposed to the internet and only bind to the localhost. It's up to you to configure a firewall, SSL certificates, and implement any additional security measures.
+5. Your Infisical installation is complete and should be running on [http://localhost:8080](http://localhost:8080). Please note that the containers are not exposed to the internet and only bind to the localhost. It's up to you to configure a firewall, SSL certificates, and implement any additional security measures.

docs/self-hosting/overview.mdx

@@ -9,10 +9,27 @@ Self-hosting Infisical means managing the service yourself, taking care of upgra
 
 If you're less technical and looking for a hands-free experience with minimal overhead then we recommend Infisical Cloud.
 
-Infisical Cloud also comes with some extra features unavailabe in the self-hosted edition. You can find more information about Infisical Cloud's offering on the pricing page.
+Infisical Cloud also comes with some extra features unavailable in the self-hosted edition. You can find more information about Infisical Cloud's offering on the pricing page.
 
 </Info>
 
 ## Deployment options
 
-Infisical can be deployed on a Linux VM with docker-compose. We're rolling out more specific deployment options for DigitalOcean, AWS, GCP, and Azure soon.
+Infisical can be deployed on a Linux VM with docker-compose and Kubernetes. We're rolling out more specific deployment options for DigitalOcean, AWS, GCP, and Azure soon.
+
+<CardGroup cols={2}>
+  <Card title="Any Linux" icon="square-1" color="#ea5a0c" href="/self-hosting/deployments/linux">
+    Deploy to any Linux with Docker
+  </Card>
+  <Card title="Kubernetes" icon="square-2" color="#0285c7" href="/self-hosting/deployments/kubernetes">
+    Deploy to your Kubernetes cluster
+  </Card>
+</CardGroup>
+
+## Telemetry
+
+Infisical collects telemetry data about general usage.
+
+The data helps us understand how the product is doing and guide our product development to create the best possible platform; it also helps us demonstrate growth for investors as we support Infisical as open-source software.
+
+To opt out of telemetry, you can set `TELEMETRY_ENABLED=false` within the [environment variables](./configuration/envars).

frontend/.eslintrc

@@ -0,0 +1,49 @@
+{
+  "extends": [
+    "eslint:recommended",
+    "plugin:@typescript-eslint/recommended",
+    "next",
+    "next/core-web-vitals"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "plugins": ["simple-import-sort", "@typescript-eslint"],
+  "rules": {
+    "react-hooks/exhaustive-deps": "off",
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": "off",
+    "@typescript-eslint/no-var-requires": "off",
+    "@typescript-eslint/no-empty-function": "off",
+    "@typescript-eslint/no-explicit-any": "off",
+    "@typescript-eslint/no-non-null-assertion": "off",
+    
+    "simple-import-sort/exports": "warn",
+    "simple-import-sort/imports": [
+      "warn",
+      {
+        "groups": [
+          // Node.js builtins. You could also generate this regex if you use a `.js` config.
+          // For example: `^(${require("module").builtinModules.join("|")})(/|$)`
+          // Note that if you use the `node:` prefix for Node.js builtins,
+          // you can avoid this complexity: You can simply use "^node:".
+          [
+            "^(assert|buffer|child_process|cluster|console|constants|crypto|dgram|dns|domain|events|fs|http|https|module|net|os|path|punycode|querystring|readline|repl|stream|string_decoder|sys|timers|tls|tty|url|util|vm|zlib|freelist|v8|process|async_hooks|http2|perf_hooks)(/.*|$)"
+          ],
+          // Packages `react` related packages
+          ["^react", "^next", "^@?\\w"],
+          // Internal packages.
+          ["^~(/.*|$)"],
+          // Relative imports
+          [
+            "^\\.\\.(?!/?$)",
+            "^\\.\\./?$",
+            "^\\./(?=.*/)(?!/?$)",
+            "^\\.(?!/?$)",
+            "^\\./?$"
+          ],
+          // Style imports.
+          ["^.+\\.?(css|scss)$"]
+        ]
+      }
+    ]
+  }
+}

frontend/.prettierrc

@@ -1,4 +1,4 @@
 {
-	"tabWidth": 4,
-	"useTabs": true
+  "tabWidth": 2,
+  "useTabs": false
 }

frontend/Dockerfile

@@ -0,0 +1,64 @@
+ARG POSTHOG_HOST=https://app.posthog.com
+ARG POSTHOG_API_KEY=posthog-api-key
+
+FROM node:16-alpine AS deps
+# Install dependencies only when needed. Check https://github.com/nodejs/docker-node/tree/b4117f9333da4138b03a546ec926ef50a31506c3#nodealpine to understand why libc6-compat might be needed.
+# RUN apk add --no-cache libc6-compat
+WORKDIR /app
+
+# Copy over dependency files 
+COPY package.json package-lock.json next.config.js ./
+
+# Install dependencies
+RUN npm ci --only-production
+
+
+# Rebuild the source code only when needed
+FROM node:16-alpine AS builder
+WORKDIR /app
+
+# Copy dependencies
+COPY --from=deps /app/node_modules ./node_modules
+# Copy all files 
+COPY . .
+
+ENV NODE_ENV production
+ENV NEXT_PUBLIC_ENV production
+ARG POSTHOG_HOST
+ENV NEXT_PUBLIC_POSTHOG_HOST $POSTHOG_HOST
+ARG POSTHOG_API_KEY
+ENV NEXT_PUBLIC_POSTHOG_API_KEY $POSTHOG_API_KEY
+
+# Build
+RUN npm run build
+
+
+# Production image
+FROM node:16-alpine AS runner
+WORKDIR /app
+
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
+
+RUN mkdir -p /app/.next/cache/images && chown nextjs:nodejs /app/.next/cache/images
+VOLUME /app/.next/cache/images
+
+ARG POSTHOG_API_KEY
+ENV NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY \
+    BAKED_NEXT_PUBLIC_POSTHOG_API_KEY=$POSTHOG_API_KEY
+
+COPY --chown=nextjs:nodejs --chmod=555 scripts ./scripts
+COPY --from=builder /app/public ./public
+RUN chown nextjs:nodejs ./public/data
+COPY --from=builder --chown=nextjs:nodejs /app/.next/standalone ./
+COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
+
+USER nextjs
+
+EXPOSE 3000
+
+ENV PORT 3000
+ENV NEXT_TELEMETRY_DISABLED 1
+
+
+CMD ["/app/scripts/start.sh"]

frontend/Dockerfile.dev

@@ -7,10 +7,9 @@ WORKDIR /app
 # Copy over dependency files 
 COPY package.json ./
 COPY package-lock.json ./
-COPY yarn.lock ./
 
 # Install 
-RUN yarn install 
+RUN npm install 
 
 # Copy over next.js config 
 COPY next.config.js ./next.config.js
@@ -18,4 +17,4 @@ COPY next.config.js ./next.config.js
 # Copy all files 
 COPY . .
 
-CMD ["yarn", "dev"]
+CMD ["npm", "run", "dev"]

frontend/Dockerfile.prod

@@ -7,7 +7,6 @@ WORKDIR /app
 # Copy over dependency files 
 COPY package.json ./
 COPY package-lock.json ./
-COPY yarn.lock ./
 
 # Install 
 RUN npm install