script for helm upload to cloudsmith

2025-03-24 00:15:26 +00:00 · 2022-12-05 11:53:49 -05:00
670 changed files with 9186 additions and 38689 deletions
--- a/.env.example
+++ b/.env.example
@ -1,19 +1,21 @@
 # Keys
-# Required key for platform encryption/decryption ops
-ENCRYPTION_KEY=6c1fe4e407b8911c104518103505b218
+# Required keys for platform encryption/decryption ops
+PRIVATE_KEY=replace_with_nacl_sk
+PUBLIC_KEY=replace_with_nacl_pk
+ENCRYPTION_KEY=replace_with_lengthy_secure_hex

 # JWT
 # Required secrets to sign JWT tokens
-JWT_SIGNUP_SECRET=3679e04ca949f914c03332aaaeba805a
-JWT_REFRESH_SECRET=5f2f3c8f0159068dc2bbb3a652a716ff
-JWT_AUTH_SECRET=4be6ba5602e0fa0ac6ac05c3cd4d247f
-JWT_SERVICE_SECRET=f32f716d70a42c5703f4656015e76200
+JWT_SIGNUP_SECRET=replace_with_lengthy_secure_hex
+JWT_REFRESH_SECRET=replace_with_lengthy_secure_hex
+JWT_AUTH_SECRET=replace_with_lengthy_secure_hex

 # JWT lifetime
 # Optional lifetimes for JWT tokens expressed in seconds or a string 
 # describing a time span (e.g. 60, "2 days", "10h", "7d")
 JWT_AUTH_LIFETIME=
 JWT_REFRESH_LIFETIME=
+JWT_SERVICE_SECRET=
 JWT_SIGNUP_LIFETIME=

 # Optional lifetimes for OTP expressed in seconds
@ -31,28 +33,21 @@ MONGO_PASSWORD=example

 # Website URL
 # Required
+
 SITE_URL=http://localhost:8080

 # Mail/SMTP
-SMTP_HOST= # required
-SMTP_USERNAME= # required
-SMTP_PASSWORD= # required
-SMTP_PORT=587
-SMTP_SECURE=false
-SMTP_FROM_ADDRESS= # required
-SMTP_FROM_NAME=Infisical
+# Required to send emails
+# By default, SMTP_HOST is set to smtp.gmail.com
+SMTP_HOST=smtp.gmail.com
+SMTP_NAME=Team
+SMTP_USERNAME=team@infisical.com
+SMTP_PASSWORD=

 # Integration
 # Optional only if integration is used
-CLIENT_ID_HEROKU=
-CLIENT_ID_VERCEL=
-CLIENT_ID_NETLIFY=
-CLIENT_ID_GITHUB=
-CLIENT_SECRET_HEROKU=
-CLIENT_SECRET_VERCEL=
-CLIENT_SECRET_NETLIFY=
-CLIENT_SECRET_GITHUB=
-CLIENT_SLUG_VERCEL=
+OAUTH_CLIENT_SECRET_HEROKU=
+OAUTH_TOKEN_URL_HEROKU=

 # Sentry (optional) for monitoring errors
 SENTRY_DSN=
--- a/.eslintignore
+++ b/.eslintignore
@ -1,3 +0,0 @@
-node_modules
-built
-healthcheck.js
--- a/.github/images/star-infisical.gif
+++ b/.github/images/star-infisical.gif
--- a/.github/resources/docker-compose.be-test.yml
+++ b/.github/resources/docker-compose.be-test.yml
@ -1,30 +0,0 @@
-version: '3'
-
-services:
-  backend:
-    container_name: infisical-backend-test
-    restart: unless-stopped
-    depends_on:
-      - mongo
-    image: infisical/backend:test
-    command: npm run start
-    environment:
-      - NODE_ENV=production
-      - MONGO_URL=mongodb://test:example@mongo:27017/?authSource=admin
-      - MONGO_USERNAME=test
-      - MONGO_PASSWORD=example
-    networks:
-      - infisical-test
-
-  mongo:
-    container_name: infisical-mongo-test
-    image: mongo
-    restart: always
-    environment:
-      - MONGO_INITDB_ROOT_USERNAME=test
-      - MONGO_INITDB_ROOT_PASSWORD=example
-    networks:
-      - infisical-test
-
-networks:
-  infisical-test:
--- a/.github/resources/healthcheck.sh
+++ b/.github/resources/healthcheck.sh
@ -1,26 +0,0 @@
-# Name of the target container to check
-container_name="$1"
-# Timeout in seconds. Default: 60
-timeout=$((${2:-60}));
-
-if [ -z $container_name ]; then
-  echo "No container name specified";
-  exit 1;
-fi
-
-echo "Container: $container_name";
-echo "Timeout: $timeout sec";
-
-try=0;
-is_healthy="false";
-while [ $is_healthy != "true" ];
-do
-  try=$(($try + 1));
-  printf "■";
-  is_healthy=$(docker inspect --format='{{json .State.Health}}' $container_name | jq '.Status == "healthy"');
-  sleep 1;
-  if [[ $try -eq $timeout ]]; then
-    echo " Container was not ready within timeout";
-    exit 1;
-  fi
-done
--- a/.github/workflows/be-test-report.yml
+++ b/.github/workflows/be-test-report.yml
@ -1,41 +0,0 @@
-name: "Backend Test Report"
-
-on:
-  workflow_run:
-    workflows: ["Check Backend Pull Request"]
-    types:
-      - completed
-
-jobs:
-  be-report:
-    name: Backend test report
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v2
-      - name: 📁 Download test results
-        id: download-artifact
-        uses: dawidd6/action-download-artifact@v2
-        with:
-          name: be-test-results
-          path: backend
-          workflow: check-be-pull-request.yml
-          workflow_conclusion: success
-      - name: 📋 Publish test results
-        uses: dorny/test-reporter@v1
-        with:
-          name: Test Results
-          path: reports/jest-*.xml
-          reporter: jest-junit
-          working-directory: backend
-      - name: 📋 Publish coverage
-        uses: ArtiomTr/jest-coverage-report-action@v2
-        id: coverage
-        with:
-          output: comment, report-markdown
-          coverage-file: coverage/report.json
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          working-directory: backend
-      - uses: marocchino/sticky-pull-request-comment@v2
-        with:
-          message: ${{ steps.coverage.outputs.report }}
--- a/.github/workflows/check-be-pull-request.yml
+++ b/.github/workflows/check-be-pull-request.yml
@ -1,42 +0,0 @@
-name: "Check Backend Pull Request"
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-    paths:
-      - "backend/**"
-      - "!backend/README.md"
-      - "!backend/.*"
-      - "backend/.eslintrc.js"
-
-jobs:
-  check-be-pr:
-    name: Check
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: 🔧 Setup Node 16
-        uses: actions/setup-node@v3
-        with:
-          node-version: "16"
-          cache: "npm"
-          cache-dependency-path: backend/package-lock.json
-      - name: 📦 Install dependencies
-        run: npm ci --only-production
-        working-directory: backend
-      - name: 🧪 Run tests
-        run: npm run test:ci
-        working-directory: backend
-      - name: 📁 Upload test results
-        uses: actions/upload-artifact@v3
-        if: always()
-        with:
-          name: be-test-results
-          path: |
-            ./backend/reports
-            ./backend/coverage
-      - name: 🏗️ Run build
-        run: npm run build
-        working-directory: backend
--- a/.github/workflows/check-fe-pull-request.yml
+++ b/.github/workflows/check-fe-pull-request.yml
@ -1,41 +0,0 @@
-name: Check Frontend Pull Request
-
-on:
-  pull_request:
-    types: [ opened, synchronize ]
-    paths:
-      - 'frontend/**'
-      - '!frontend/README.md'
-      - '!frontend/.*'
-      - 'frontend/.eslintrc.js'
-
-
-jobs:
-
-  check-fe-pr:
-    name: Check
-    runs-on: ubuntu-latest
-
-    steps:
-      -
-        name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      -
-        name: 🔧 Setup Node 16
-        uses: actions/setup-node@v3
-        with:
-          node-version: '16'
-          cache: 'npm'
-          cache-dependency-path: frontend/package-lock.json
-      -
-        name: 📦 Install dependencies
-        run: npm ci --only-production --ignore-scripts
-        working-directory: frontend
-      # -
-      #   name: 🧪 Run tests
-      #   run: npm run test:ci
-      #   working-directory: frontend
-      -
-        name: 🏗️ Run build
-        run: npm run build
-        working-directory: frontend
--- a/.github/workflows/close_inactive_issues.yml
+++ b/.github/workflows/close_inactive_issues.yml
@ -0,0 +1,22 @@
+name: Close inactive issues
+on:
+  schedule:
+    - cron: "30 1 * * *"
+
+jobs:
+  close-issues:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v4
+        with:
+          days-before-issue-stale: 30
+          days-before-issue-close: 14
+          stale-issue-label: "stale"
+          stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
+          close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
+          days-before-pr-stale: -1
+          days-before-pr-close: -1
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@ -1,102 +1,37 @@
-name: Push frontend and backend to Dockerhub
+name: Push to Docker Hub

 on: [workflow_dispatch]

 jobs:
-  backend-image:
-    name: Build backend image
+  docker:
    runs-on: ubuntu-latest
-
    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: 🔧 Set up Docker Buildx
+      - name: Checkout
+        uses: actions/checkout@v2
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
+      -
+        name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
-      - name: 📦 Build backend and export to Docker
-        uses: depot/build-push-action@v1
+      -
+        name: Build and push backend
+        uses: docker/build-push-action@v3
        with:
-          project: 64mmf0n610
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          load: true
+          push: true
          context: backend
          tags: infisical/backend:test
-      - name: ⏻ Spawn backend container and dependencies
-        run: |
-          docker compose -f .github/resources/docker-compose.be-test.yml up --wait --quiet-pull
-      - name: 🧪 Test backend image
-        run: |
-          ./.github/resources/healthcheck.sh infisical-backend-test
-      - name: ⏻ Shut down backend container and dependencies
-        run: |
-          docker compose -f .github/resources/docker-compose.be-test.yml down
-      - name: 🏗️ Build backend and push
-        uses: depot/build-push-action@v1
+      -
+        name: Build and push frontend
+        uses: docker/build-push-action@v3
        with:
-          project: 64mmf0n610
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
          push: true
-          context: backend
-          tags: infisical/backend:${{ steps.commit.outputs.short }}, 
-                infisical/backend:latest
-          platforms: linux/amd64,linux/arm64
-
-  frontend-image:
-    name: Build frontend image
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: ☁️ Checkout source
-        uses: actions/checkout@v3
-      - name: Save commit hashes for tag
-        id: commit
-        uses: pr-mpt/actions-commit-hash@v2
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: Set up Depot CLI
-        uses: depot/setup-action@v1
-      - name: 📦 Build frontend and export to Docker
-        uses: depot/build-push-action@v1
-        with:
-          load: true
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          project: 64mmf0n610
+          file: frontend/Dockerfile.dev
          context: frontend
          tags: infisical/frontend:test
-          build-args: |
-            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
-      - name: ⏻ Spawn frontend container
-        run: |
-          docker run -d --rm --name infisical-frontend-test infisical/frontend:test
-      - name: 🧪 Test frontend image
-        run: |
-          ./.github/resources/healthcheck.sh infisical-frontend-test
-      - name: ⏻ Shut down frontend container
-        run: |
-          docker stop infisical-frontend-test
-      - name: 🏗️ Build frontend and push
-        uses: depot/build-push-action@v1
-        with:
-          project: 64mmf0n610
-          push: true
-          token: ${{ secrets.DEPOT_PROJECT_TOKEN }}
-          context: frontend
-          tags: infisical/frontend:${{ steps.commit.outputs.short }}, 
-                infisical/frontend:latest
-          platforms: linux/amd64,linux/arm64
-          build-args: |
-            POSTHOG_API_KEY=${{ secrets.PUBLIC_POSTHOG_API_KEY }}
--- a/.github/workflows/helm-chart-release.yaml
+++ b/.github/workflows/helm-chart-release.yaml
@ -0,0 +1,33 @@
+name: Release Charts
+
+on: [workflow_dispatch]
+
+jobs:
+  release:
+    # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
+    # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
+    permissions:
+      contents: write
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.10.0
+
+      - name: Run chart-releaser
+        uses: helm/chart-releaser-action@v1.4.1
+        with:
+          charts_dir: helm-charts
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
--- a/.github/workflows/helm_chart_release.yml
+++ b/.github/workflows/helm_chart_release.yml
@ -1,22 +0,0 @@
-name: Release Helm Charts
-
-on: [workflow_dispatch]
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Install Helm
-        uses: azure/setup-helm@v3
-        with:
-          version: v3.10.0
-      - name: Install python
-        uses: actions/setup-python@v4
-      - name: Install Cloudsmith CLI
-        run: pip install --upgrade cloudsmith-cli
-      - name: Build and push helm package to Cloudsmith
-        run: cd helm-charts && sh upload-to-cloudsmith.sh
-        env:
-          CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }}
--- a/.github/workflows/release_build.yml
+++ b/.github/workflows/release_build.yml
@ -1,4 +1,4 @@
-name: Build and release CLI
+name: goreleaser

 on:
  push:
@ -13,7 +13,7 @@ permissions:

 jobs:
  goreleaser:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
@ -24,15 +24,6 @@ jobs:
          go-version: '>=1.19.3'
          cache: true
          cache-dependency-path: cli/go.sum
-      - name: libssl1.1 => libssl1.0-dev for OSXCross
-        run: |
-          echo 'deb http://security.ubuntu.com/ubuntu bionic-security main' | sudo tee -a /etc/apt/sources.list
-          sudo apt update && apt-cache policy libssl1.0-dev
-          sudo apt-get install libssl1.0-dev
-      - name: OSXCross for CGO Support
-        run: |
-          mkdir ../../osxcross
-          git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
      - uses: goreleaser/goreleaser-action@v2
        with:
          distribution: goreleaser
@ -41,7 +32,6 @@ jobs:
        env:
          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
          FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
-          AUR_KEY: ${{ secrets.AUR_KEY }}
      - uses: actions/setup-python@v4
      - run: pip install --upgrade cloudsmith-cli
      - name: Publish to CloudSmith 
--- a/.github/workflows/release_docker_k8_operator.yaml
+++ b/.github/workflows/release_docker_k8_operator.yaml
@ -1,29 +0,0 @@
-name: Release Docker image for K8 operator 
-on: [workflow_dispatch]
-
-jobs:
-  release:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: 🔧 Set up QEMU
-        uses: docker/setup-qemu-action@v1
-
-      - name: 🔧 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
-
-      - name: 🐋 Login to Docker Hub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and push
-        id: docker_build
-        uses: docker/build-push-action@v2
-        with:
-          context: k8-operator
-          push: true
-          platforms: linux/amd64,linux/arm64
-          tags: infisical/kubernetes-operator:latest
--- a/.gitignore
+++ b/.gitignore
@ -12,8 +12,6 @@ node_modules
 .DS_Store

 /dist
-/completions/
-/manpages/

 # frontend

@ -27,9 +25,7 @@ node_modules
 .env

 # testing
-coverage
-reports
-junit.xml
+/coverage

 # next.js
 /.next/
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -6,59 +6,35 @@
 #     - cd cli && go mod tidy
 #     # you may remove this if you don't need go generate
 #     - cd cli && go generate ./...
-before:
-  hooks:
-    - ./cli/scripts/completions.sh
-    - ./cli/scripts/manpages.sh
-
 builds:
-  - id: darwin-build
-    binary: infisical
-    env:
-      - CGO_ENABLED=1
-      - CC=/home/runner/work/osxcross/target/bin/o64-clang
-      - CXX=/home/runner/work/osxcross/target/bin/o64-clang++
-    goos:
-      - darwin
-    ignore:
-      - goos: darwin
-        goarch: "386"
-    dir: ./cli
-  - id: all-other-builds
-    env:
+  - env:
      - CGO_ENABLED=0
    binary: infisical
+    id: infisical
    goos:
+      - darwin
      - freebsd
      - linux
      - netbsd
      - openbsd
      - windows
    goarch:
-      - "386"
+      - 386
      - amd64
      - arm
      - arm64
    goarm:
-      - "6"
-      - "7"
+      - 6
+      - 7
    ignore:
+      - goos: darwin
+        goarch: "386"
      - goos: windows
        goarch: "386"
      - goos: freebsd
        goarch: "386"
    dir: ./cli

-archives:
-  - format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - README*
-      - LICENSE*
-      - manpages/*
-      - completions/*
-
 release:
  replace_existing_draft: true
  mode: 'replace'
@ -95,27 +71,17 @@ nfpms:
 - id: infisical
  package_name: infisical
  builds:
-    - all-other-builds
+    - infisical
  vendor: Infisical, Inc
  homepage: https://infisical.com/
  maintainer: Infisical, Inc
  description: The offical Infisical CLI
-  license: MIT
+  license: Apache 2.0
  formats:
  - rpm
  - deb
  - apk
-  - archlinux
  bindir: /usr/bin
-  contents:
-    - src: ./completions/infisical.bash
-      dst: /etc/bash_completion.d/infisical
-    - src: ./completions/infisical.fish
-      dst: /usr/share/fish/vendor_completions.d/infisical.fish
-    - src: ./completions/infisical.zsh
-      dst: /usr/share/zsh/site-functions/_infisical
-    - src: ./manpages/infisical.1.gz
-      dst: /usr/share/man/man1/infisical.1.gz
 scoop:
  bucket:
    owner: Infisical
@ -125,31 +91,7 @@ scoop:
    email: ai@infisical.com
  homepage: "https://infisical.com"
  description: "The official Infisical CLI"
-  license: MIT
-aurs:
-  -
-    name: infisical-bin
-    homepage: "https://infisical.com"
-    description: "The official Infisical CLI"
-    maintainers:
-      - Infisical, Inc <support@infisical.com>
-    license: MIT
-    private_key: '{{ .Env.AUR_KEY }}'
-    git_url: 'ssh://aur@aur.archlinux.org/infisical-bin.git'
-    package: |-
-      # bin
-      install -Dm755 "./infisical" "${pkgdir}/usr/bin/infisical"
-      # license
-      install -Dm644 "./LICENSE" "${pkgdir}/usr/share/licenses/infisical/LICENSE"
-      # completions
-      mkdir -p "${pkgdir}/usr/share/bash-completion/completions/"
-      mkdir -p "${pkgdir}/usr/share/zsh/site-functions/"
-      mkdir -p "${pkgdir}/usr/share/fish/vendor_completions.d/"
-      install -Dm644 "./completions/infisical.bash" "${pkgdir}/usr/share/bash-completion/completions/infisical"
-      install -Dm644 "./completions/infisical.zsh" "${pkgdir}/usr/share/zsh/site-functions/infisical"
-      install -Dm644 "./completions/infisical.fish" "${pkgdir}/usr/share/fish/vendor_completions.d/infisical.fish"
-      # man pages
-      install -Dm644 "./manpages/infisical.1.gz" "${pkgdir}/usr/share/man/man1/infisical.1.gz"
+  license: Apache-2.0
 # dockers:
 #   - dockerfile: goreleaser.dockerfile
 #     goos: linux
--- a/.husky/pre-commit
+++ b/.husky/pre-commit
@ -1,5 +0,0 @@
-
-#!/usr/bin/env sh
-. "$(dirname -- "$0")/_/husky.sh"
-
-npx lint-staged
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <h1 align="center">
-  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="infisical">
+  <img width="300" src="/img/logoname-black.svg#gh-light-mode-only" alt="ifnisical">
  <img width="300" src="/img/logoname-white.svg#gh-dark-mode-only" alt="infisical">
 </h1>
 <p align="center">
@ -21,15 +21,12 @@
  <a href="https://github.com/infisical/infisical/blob/main/CONTRIBUTING.md">
    <img src="https://img.shields.io/badge/PRs-Welcome-brightgreen" alt="PRs welcome!" />
  </a>
-  <a href="https://github.com/Infisical/infisical/issues">
+  <a href="">
    <img src="https://img.shields.io/github/commit-activity/m/infisical/infisical" alt="git commit activity" />
  </a>
  <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">
    <img src="https://img.shields.io/badge/chat-on%20Slack-blueviolet" alt="Slack community channel" />
  </a>
-  <a href="https://twitter.com/infisical">
-    <img src="https://img.shields.io/twitter/follow/infisical?label=Follow" alt="Infisical Twitter" />
-  </a>
 </h4>

 <img src="/img/infisical_github_repo.png" width="100%" alt="Dashboard" />
@ -40,56 +37,45 @@
 - **[Language-Agnostic CLI](https://infisical.com/docs/cli/overview)** that pulls and injects environment variables into your local workflow
 - **[Complete control over your data](https://infisical.com/docs/self-hosting/overview)** - host it yourself on any infrastructure
 - **Navigate Multiple Environments** per project (e.g. development, staging, production, etc.)
- **Personal overrides** for environment variables
- **[Integrations](https://infisical.com/docs/integrations/overview)** with CI/CD and production infrastructure
- **[Secret Versioning](https://infisical.com/docs/getting-started/dashboard/versioning)** - check the history of change for any secret
- **[Activity Logs](https://infisical.com/docs/getting-started/dashboard/audit-logs)** - check what user in the project is performing what actions with secrets
- **[Point-in-time Secrets Recovery](https://infisical.com/docs/getting-started/dashboard/pit-recovery)** - roll back to any snapshot of you secrets
+- **Personal/Shared** scoping for environment variables
+- **[Integrations](https://infisical.com/docs/integrations/overview)** with CI/CD and production infrastructure (Heroku available, more coming soon)
 - 🔜 **1-Click Deploy** to Digital Ocean and Heroku
 - 🔜 **Authentication/Authorization** for projects (read/write controls soon)
 - 🔜 **Automatic Secret Rotation**
 - 🔜 **2FA**
+- 🔜 **Access Logs**
 - 🔜 **Slack Integration & MS Teams** integrations

 And more.

-## 🚀 Get started
+## Get started

 To quickly get started, visit our [get started guide](https://infisical.com/docs/getting-started/introduction).

-<p>
-  <a href="https://infisical.com/docs/self-hosting/overview" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356882-2b773eed-b0da-4725-ae2f-83e3cd7f2713.png" height=120 /> </a>
-  <a href="https://www.youtube.com/watch?v=JS3OKYU2078" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206356600-8833b128-6cae-408c-a703-07b2fc6aff4b.png" height=120 /> </a>
-  <a href="https://app.infisical.com/signup" target="_blank"><img src="https://user-images.githubusercontent.com/78047717/206355970-f4c09062-b88f-452a-94e0-9c61a0651170.png" height=120></a>
-</p>
+## What's cool about this?

-## 🔥 What's cool about this?
+Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>. 

-Infisical makes secret management simple and end-to-end encrypted by default. We're on a mission to make it more accessible to all developers, <i>not just security teams</i>.
-
-According to a [report](https://www.ekransystem.com/en/blog/secrets-management), only 10% of organizations use secret management solutions despite all using digital secrets to some extent.
+According to a [report](https://www.ekransystem.com/en/blog/secrets-management) in 2019, only 10% of organizations use secret management solutions despite all using digital secrets to some extent.

 If you care about efficiency and security, then Infisical is right for you.

 We are currently working hard to make Infisical more extensive. Need any integrations or want a new feature? Feel free to [create an issue](https://github.com/Infisical/infisical/issues) or [contribute](https://infisical.com/docs/contributing/overview) directly to the repository.

-## 🌱 Contributing
+## Contributing

 Whether it's big or small, we love contributions ❤️ Check out our guide to see how to [get started](https://infisical.com/docs/contributing/overview).

-Not sure where to get started? You can:
+Not sure where to get started? [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!

- [Book a free, non-pressure pairing sessions with one of our teammates](mailto:tony@infisical.com?subject=Pairing%20session&body=I'd%20like%20to%20do%20a%20pairing%20session!)!
- Join our <a href="https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g">Slack</a>, and ask us any questions there.
-
-## 💚 Community & Support
+## Community & Support

 - [Slack](https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g) (For live discussion with the community and the Infisical team)
 - [GitHub Discussions](https://github.com/Infisical/infisical/discussions) (For help with building and deeper conversations about features)
 - [GitHub Issues](https://github.com/Infisical/infisical-cli/issues) (For any bugs and errors you encounter using Infisical)
- [Twitter](https://twitter.com/infisical) (Get news fast)
+- [Twitter](https://twitter.com/infisical) (Get news fast) 

-## 🐥 Status
+## Status

 - [x] Public Alpha: Anyone can sign up over at [infisical.com](https://infisical.com) but go easy on us, there are kinks and we're just getting started.
 - [ ] Public Beta: Stable enough for most non-enterprise use-cases.
@ -97,7 +83,13 @@ Not sure where to get started? You can:

 We're currently in Public Alpha.

-## 🔌 Integrations
+## Stay Up-to-Date
+
+Infisical officially launched as v.1.0 on November 21st, 2022. However, a lot of new features are coming very quickly. Watch **releases** of this repository to be notified about future updates:
+
+![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
+
+## Integrations

 We're currently setting the foundation and building [integrations](https://infisical.com/docs/integrations/overview) so secrets can be synced everywhere. Any help is welcome! :)

@ -130,14 +122,10 @@ We're currently setting the foundation and building [integrations](https://infis
    </tr>
    <tr>
      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cloud/vercel?ref=github.com">
-          ✔️ Vercel
-        </a>
+        🔜 Vercel (https://github.com/Infisical/infisical/issues/60)
      </td>
      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/platforms/kubernetes?ref=github.com">
-          ✔️ Kubernetes
-        </a>
+        🔜 GitLab CI/CD
      </td>
      <td align="left" valign="middle">
        🔜 Fly.io
@ -148,9 +136,7 @@ We're currently setting the foundation and building [integrations](https://infis
        🔜 AWS
      </td>
      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cicd/githubactions">
-          ✔️ GitHub Actions
-        </a>
+        🔜 GitHub Actions (https://github.com/Infisical/infisical/issues/54)
      </td>
      <td align="left" valign="middle">
         🔜 Railway
@ -161,10 +147,10 @@ We're currently setting the foundation and building [integrations](https://infis
        🔜 GCP
      </td>
      <td align="left" valign="middle">
-        🔜 GitLab CI/CD (https://github.com/Infisical/infisical/issues/134)
+        🔜 Kubernetes
      </td>
      <td align="left" valign="middle">
-        🔜 CircleCI (https://github.com/Infisical/infisical/issues/91)
+        🔜 CircleCI
      </td>
    </tr>
    <tr>
@ -183,23 +169,7 @@ We're currently setting the foundation and building [integrations](https://infis
         🔜 TravisCI
      </td>
      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/cloud/netlify">
-          ✔️ Netlify
-        </a>
-      </td>
-      <td align="left" valign="middle">
-         🔜 Railway
-      </td>
-    </tr>
-    <tr>
-      <td align="left" valign="middle">
-         🔜 Bitbucket
-      </td>
-      <td align="left" valign="middle">
-         🔜 Supabase
-      </td>
-      <td align="left" valign="middle">
-         🔜 Render (https://github.com/Infisical/infisical/issues/132)
+         🔜 Netlify (https://github.com/Infisical/infisical/issues/55)
      </td>
    </tr>
  </tbody>
@ -208,6 +178,7 @@ We're currently setting the foundation and building [integrations](https://infis
  </td>
 <td>

+
 <table>
  <tbody>
    <tr>
@ -271,38 +242,16 @@ We're currently setting the foundation and building [integrations](https://infis
      </td>
    </tr>
    <tr>
-      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/vue?ref=github.com">
-          ✔️ Vue
-        </a>
-      </td>
      <td align="left" valign="middle">
        <a href="https://infisical.com/docs/integrations/frameworks/rails?ref=github.com">
          ✔️ Ruby on Rails
        </a>
      </td>
-    </tr>
-    <tr>
      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/fiber?ref=github.com">
-          ✔️ Fiber
+        <a href="https://infisical.com/docs/integrations/frameworks/vue?ref=github.com">
+          ✔️ Vue
        </a>
      </td>
-      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/nuxt?ref=github.com">
-          ✔️ Nuxt
-        </a>
-      </td>
-    </tr>
-    <tr>
-      <td align="left" valign="middle">
-        <a href="https://infisical.com/docs/integrations/frameworks/dotnet?ref=github.com">
-          ✔️ .NET
-        </a>
-      </td>
-      <td align="left" valign="middle">
-        And more...
-      </td>
    </tr>
  </tbody>
 </table>
@ -311,21 +260,16 @@ We're currently setting the foundation and building [integrations](https://infis
 </tr> 
 </table>

-## 🏘 Open-source vs. paid
+
+## Open-source vs. paid

 This repo is entirely MIT licensed, with the exception of the `ee` directory which will contain premium enterprise features requiring a Infisical license in the future. We're currently focused on developing non-enterprise offerings first that should suit most use-cases.

-## 🛡 Security
+## Security

 Looking to report a security vulnerability? Please don't post about it in GitHub issue. Instead, refer to our [SECURITY.md](./SECURITY.md) file.

-## 🚨 Stay Up-to-Date
-
-Infisical officially launched as v.1.0 on November 21st, 2022. There are a lot of new features coming very frequently. Watch **releases** of this repository to be notified about future updates:
-
-![infisical-star-github](https://github.com/Infisical/infisical/blob/main/.github/images/star-infisical.gif?raw=true)
-
-## 🦸 Contributors
+## Contributors 🦸

 [//]: contributor-faces

@ -333,10 +277,4 @@ Infisical officially launched as v.1.0 on November 21st, 2022. There are a lot o
 <!-- prettier-ignore-start -->
 <!-- markdownlint-disable -->

-<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gmgale"><img src="https://avatars.githubusercontent.com/u/62303146?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/asharonbaltazar"><img src="https://avatars.githubusercontent.com/u/58940073?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/JoaoVictor6"><img src="https://avatars.githubusercontent.com/u/68869379?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mocherfaoui"><img src="https://avatars.githubusercontent.com/u/37941426?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/jon4hz"><img src="https://avatars.githubusercontent.com/u/26183582?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/edgarrmondragon"><img src="https://avatars.githubusercontent.com/u/16805946?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/arjunyel"><img src="https://avatars.githubusercontent.com/u/11153289?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/LemmyMwaura"><img src="https://avatars.githubusercontent.com/u/20738858?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/Zamion101"><img src="https://avatars.githubusercontent.com/u/8071263?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/akhilmhdh"><img src="https://avatars.githubusercontent.com/u/31166322?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/naorpeled"><img src="https://avatars.githubusercontent.com/u/6171622?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/jonerrr"><img src="https://avatars.githubusercontent.com/u/73760377?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/adrianmarinwork"><img src="https://avatars.githubusercontent.com/u/118568289?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/arthurzenika"><img src="https://avatars.githubusercontent.com/u/445200?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/wjhurley"><img src="https://avatars.githubusercontent.com/u/15939055?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/wanjohiryan"><img src="https://avatars.githubusercontent.com/u/71614375?v=4" width="50" height="50" alt=""/></a>
-
-## 🌎 Translations
-
-Infisical is currently available in English and Korean. Help us translate Infisical to your language! 
-
-You can find all the info in [this issue](https://github.com/Infisical/infisical/issues/181).
+<a href="https://github.com/dangtony98"><img src="https://avatars.githubusercontent.com/u/25857006?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/mv-turtle"><img src="https://avatars.githubusercontent.com/u/78047717?s=96&v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/maidul98"><img src="https://avatars.githubusercontent.com/u/9300960?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/gangjun06"><img src="https://avatars.githubusercontent.com/u/50910815?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/reginaldbondoc"><img src="https://avatars.githubusercontent.com/u/7693108?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/SH5H"><img src="https://avatars.githubusercontent.com/u/25437192?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/hanywang2"><img src="https://avatars.githubusercontent.com/u/44352119?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/tobias-mintlify"><img src="https://avatars.githubusercontent.com/u/110702161?v=4" width="50" height="50" alt=""/></a> <a href="https://github.com/0xflotus"><img src="https://avatars.githubusercontent.com/u/26602940?v=4" width="50" height="50" alt=""/></a> 
--- a/backend/.eslintrc
+++ b/backend/.eslintrc
@ -1,12 +1,18 @@
 {
-  "parser": "@typescript-eslint/parser",
-  "plugins": ["@typescript-eslint"],
-  "extends": [
-    "eslint:recommended",
-    "plugin:@typescript-eslint/eslint-recommended",
-    "plugin:@typescript-eslint/recommended"
-  ],
-  "rules": {
-    "no-console": 2
-  }
-}
+    "root": true,
+    "parser": "@typescript-eslint/parser",
+    "plugins": [
+      "@typescript-eslint",
+      "prettier"
+    ],
+    "extends": [
+      "eslint:recommended",
+      "plugin:@typescript-eslint/eslint-recommended",
+      "plugin:@typescript-eslint/recommended",
+      "prettier"
+    ],
+    "rules": {
+      "no-console": 2,
+      "prettier/prettier": 2
+    }
+}
--- a/backend/.prettierrc
+++ b/backend/.prettierrc
@ -0,0 +1,7 @@
+{
+    "semi": true,
+    "trailingComma": "none",
+    "singleQuote": true,
+    "printWidth": 80,
+		"useTabs": true
+  }
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@ -2,17 +2,11 @@ FROM node:16-bullseye-slim

 WORKDIR /app

-COPY package.json package-lock.json ./
+COPY package*.json .

-# RUN npm ci --only-production --ignore-scripts
-# "prepare": "cd .. && npm install"
-
-RUN npm ci --only-production
+RUN npm install

 COPY . .

-HEALTHCHECK --interval=10s --timeout=3s --start-period=10s \  
-  CMD node healthcheck.js
-
-
 CMD ["npm", "run", "start"]
+
--- a/backend/tests/healthcheck.test.ts
+++ b/backend/tests/healthcheck.test.ts
@ -1,19 +0,0 @@
-import { server } from '../src/app';
-import { describe, expect, it, beforeAll, afterAll } from '@jest/globals';
-import supertest from 'supertest';
-import { setUpHealthEndpoint } from '../src/services/health';
-
-const requestWithSupertest = supertest(server);
-describe('Healthcheck endpoint', () => {
-  beforeAll(async () => {
-    setUpHealthEndpoint(server);
-  });
-  afterAll(async () => {
-    server.close();
-  });
-
-  it('GET /healthcheck should return OK', async () => {
-    const res = await requestWithSupertest.get('/healthcheck');
-    expect(res.status).toEqual(200);
-  });
-});
--- a/backend/api-documentation.json
+++ b/backend/api-documentation.json
--- a/backend/environment.d.ts
+++ b/backend/environment.d.ts
@ -14,16 +14,12 @@ declare global {
 			JWT_SIGNUP_SECRET: string;
      MONGO_URL: string;
      NODE_ENV: 'development' | 'staging' | 'testing' | 'production';
-      VERBOSE_ERROR_OUTPUT: string;
-      LOKI_HOST: string;
-      CLIENT_ID_HEROKU: string;
-      CLIENT_ID_VERCEL: string;
-      CLIENT_ID_NETLIFY: string;
-      CLIENT_SECRET_HEROKU: string;
-      CLIENT_SECRET_VERCEL: string;
-      CLIENT_SECRET_NETLIFY: string;
+      OAUTH_CLIENT_SECRET_HEROKU: string;
+      OAUTH_TOKEN_URL_HEROKU: string;
 			POSTHOG_HOST: string;
 			POSTHOG_PROJECT_API_KEY: string;
+      PRIVATE_KEY: string;
+      PUBLIC_KEY: string;
      SENTRY_DSN: string;
      SITE_URL: string;
      SMTP_HOST: string;
--- a/backend/healthcheck.js
+++ b/backend/healthcheck.js
@ -1,24 +0,0 @@
-const http = require('http');
-const PORT = process.env.PORT || 4000;
-const options = {
-  host: 'localhost',
-  port: PORT,
-  timeout: 2000,
-  path: '/healthcheck'
-};
-
-const healthCheck = http.request(options, (res) => {
-  console.log(`HEALTHCHECK STATUS: ${res.statusCode}`);
-  if (res.statusCode == 200) {
-    process.exit(0);
-  } else {
-    process.exit(1);
-  }
-});
-
-healthCheck.on('error', function (err) {
-  console.error(`HEALTH CHECK ERROR: ${err}`);
-  process.exit(1);
-});
-
-healthCheck.end();
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
--- a/backend/package.json
+++ b/backend/package.json
@ -1,19 +1,41 @@
 {
+  "dependencies": {
+    "@sentry/node": "^7.14.0",
+    "@sentry/tracing": "^7.14.0",
+    "@types/crypto-js": "^4.1.1",
+    "axios": "^1.1.3",
+    "bigint-conversion": "^2.2.2",
+    "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
+    "crypto-js": "^4.1.1",
+    "dotenv": "^16.0.1",
+    "express": "^4.18.1",
+    "express-rate-limit": "^6.5.1",
+    "express-validator": "^6.14.2",
+    "handlebars": "^4.7.7",
+    "helmet": "^5.1.1",
+    "jsonwebtoken": "^8.5.1",
+    "jsrp": "^0.2.4",
+    "mongoose": "^6.7.1",
+    "nodemailer": "^6.8.0",
+    "posthog-node": "^2.1.0",
+    "query-string": "^7.1.1",
+    "rimraf": "^3.0.2",
+    "stripe": "^10.7.0",
+    "tweetnacl": "^1.0.3",
+    "tweetnacl-util": "^0.15.1",
+    "typescript": "^4.8.4"
+  },
  "name": "infisical-api",
  "version": "1.0.0",
  "main": "src/index.js",
  "scripts": {
    "start": "npm run build && node build/index.js",
    "dev": "nodemon",
-    "swagger-autogen": "node ./swagger.ts",
-    "build": "rimraf ./build && tsc && cp -R ./src/templates ./build",
+    "build": "rimraf ./build && tsc && cp -R ./src/templates ./src/json ./build",
    "lint": "eslint . --ext .ts",
    "lint-and-fix": "eslint . --ext .ts --fix",
-    "lint-staged": "lint-staged",
-    "pretest": "docker compose -f test-resources/docker-compose.test.yml up -d",
-    "test": "cross-env NODE_ENV=test jest --testTimeout=10000 --detectOpenHandles",
-    "test:ci": "npm test -- --watchAll=false --ci --reporters=default --reporters=jest-junit --reporters=github-actions --coverage --testLocationInResults --json --outputFile=coverage/report.json",
-    "posttest": "docker compose -f test-resources/docker-compose.test.yml down"
+    "prettier-format": "prettier --config .prettierrc 'src/**/*.ts' --write"
  },
  "repository": {
    "type": "git",
@ -27,89 +49,26 @@
  "homepage": "https://github.com/Infisical/infisical-api#readme",
  "description": "",
  "devDependencies": {
-    "@jest/globals": "^29.3.1",
    "@posthog/plugin-scaffold": "^1.3.4",
-    "@types/bcrypt": "^5.0.0",
-    "@types/bcryptjs": "^2.4.2",
    "@types/cookie-parser": "^1.4.3",
    "@types/cors": "^2.8.12",
    "@types/express": "^4.17.14",
-    "@types/jest": "^29.2.4",
    "@types/jsonwebtoken": "^8.5.9",
    "@types/node": "^18.11.3",
    "@types/nodemailer": "^6.4.6",
-    "@types/supertest": "^2.0.12",
    "@types/swagger-jsdoc": "^6.0.1",
    "@types/swagger-ui-express": "^4.1.3",
    "@typescript-eslint/eslint-plugin": "^5.40.1",
    "@typescript-eslint/parser": "^5.40.1",
-    "cross-env": "^7.0.3",
    "eslint": "^8.26.0",
+    "eslint-config-prettier": "^8.5.0",
+    "eslint-plugin-prettier": "^4.2.1",
+    "husky": "^8.0.1",
    "install": "^0.13.0",
    "jest": "^29.3.1",
-    "jest-junit": "^15.0.0",
    "nodemon": "^2.0.19",
    "npm": "^8.19.3",
-    "supertest": "^6.3.3",
-    "ts-jest": "^29.0.3",
+    "prettier": "^2.7.1",
    "ts-node": "^10.9.1"
-  },
-  "jest": {
-    "preset": "ts-jest",
-    "testEnvironment": "node",
-    "collectCoverageFrom": [
-      "src/*.{js,ts}",
-      "!**/node_modules/**"
-    ],
-    "setupFiles": [
-      "<rootDir>/test-resources/env-vars.js"
-    ]
-  },
-  "jest-junit": {
-    "outputDirectory": "reports",
-    "outputName": "jest-junit.xml",
-    "ancestorSeparator": " › ",
-    "uniqueOutputName": "false",
-    "suiteNameTemplate": "{filepath}",
-    "classNameTemplate": "{classname}",
-    "titleTemplate": "{title}"
-  },
-  "dependencies": {
-    "@godaddy/terminus": "^4.11.2",
-    "@octokit/rest": "^19.0.5",
-    "@sentry/node": "^7.14.0",
-    "@sentry/tracing": "^7.19.0",
-    "@types/crypto-js": "^4.1.1",
-    "@types/libsodium-wrappers": "^0.7.10",
-    "await-to-js": "^3.0.0",
-    "axios": "^1.1.3",
-    "bcrypt": "^5.1.0",
-    "bigint-conversion": "^2.2.2",
-    "cookie-parser": "^1.4.6",
-    "cors": "^2.8.5",
-    "crypto-js": "^4.1.1",
-    "dotenv": "^16.0.1",
-    "express": "^4.18.1",
-    "express-rate-limit": "^6.7.0",
-    "express-validator": "^6.14.2",
-    "handlebars": "^4.7.7",
-    "helmet": "^5.1.1",
-    "jsonwebtoken": "^9.0.0",
-    "jsrp": "^0.2.4",
-    "libsodium-wrappers": "^0.7.10",
-    "mongoose": "^6.7.2",
-    "nodemailer": "^6.8.0",
-    "posthog-node": "^2.2.2",
-    "query-string": "^7.1.3",
-    "rimraf": "^3.0.2",
-    "stripe": "^10.7.0",
-    "swagger-autogen": "^2.22.0",
-    "swagger-ui-express": "^4.6.0",
-    "tweetnacl": "^1.0.3",
-    "tweetnacl-util": "^0.15.1",
-    "typescript": "^4.9.3",
-    "utility-types": "^3.10.0",
-    "winston": "^3.8.2",
-    "winston-loki": "^6.0.6"
  }
 }
--- a/backend/src/app.ts
+++ b/backend/src/app.ts
@ -1,130 +0,0 @@
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const { patchRouterParam } = require('./utils/patchAsyncRoutes');
-
-import express, { Request, Response } from 'express';
-import helmet from 'helmet';
-import cors from 'cors';
-import cookieParser from 'cookie-parser';
-import dotenv from 'dotenv';
-import swaggerUi = require('swagger-ui-express');
-// eslint-disable-next-line @typescript-eslint/no-var-requires
-const swaggerFile = require('../api-documentation.json')
-
-
-dotenv.config();
-import { PORT, NODE_ENV, SITE_URL } from './config';
-import { apiLimiter } from './helpers/rateLimiter';
-
-import {
-  workspace as eeWorkspaceRouter,
-  secret as eeSecretRouter,
-  secretSnapshot as eeSecretSnapshotRouter,
-  action as eeActionRouter
-} from './ee/routes/v1';
-import {
-  signup as v1SignupRouter,
-  auth as v1AuthRouter,
-  bot as v1BotRouter,
-  organization as v1OrganizationRouter,
-  workspace as v1WorkspaceRouter,
-  membershipOrg as v1MembershipOrgRouter,
-  membership as v1MembershipRouter,
-  key as v1KeyRouter,
-  inviteOrg as v1InviteOrgRouter,
-  user as v1UserRouter,
-  userAction as v1UserActionRouter,
-  secret as v1SecretRouter,
-  serviceToken as v1ServiceTokenRouter,
-  password as v1PasswordRouter,
-  stripe as v1StripeRouter,
-  integration as v1IntegrationRouter,
-  integrationAuth as v1IntegrationAuthRouter
-} from './routes/v1';
-import {
-  secret as v2SecretRouter,
-  secrets as v2SecretsRouter,
-  workspace as v2WorkspaceRouter,
-  serviceTokenData as v2ServiceTokenDataRouter,
-  apiKeyData as v2APIKeyDataRouter,
-} from './routes/v2';
-
-import { healthCheck } from './routes/status';
-
-import { getLogger } from './utils/logger';
-import { RouteNotFoundError } from './utils/errors';
-import { requestErrorHandler } from './middleware/requestErrorHandler';
-
-// patch async route params to handle Promise Rejections
-patchRouterParam();
-
-export const app = express();
-
-app.enable('trust proxy');
-app.use(express.json());
-app.use(cookieParser());
-app.use(
-  cors({
-    credentials: true,
-    origin: SITE_URL
-  })
-);
-
-if (NODE_ENV === 'production') {
-  // enable app-wide rate-limiting + helmet security
-  // in production
-  app.disable('x-powered-by');
-  app.use(apiLimiter);
-  app.use(helmet());
-}
-
-// (EE) routes
-app.use('/api/v1/secret', eeSecretRouter);
-app.use('/api/v1/secret-snapshot', eeSecretSnapshotRouter);
-app.use('/api/v1/workspace', eeWorkspaceRouter);
-app.use('/api/v1/action', eeActionRouter);
-
-// v1 routes
-app.use('/api/v1/signup', v1SignupRouter);
-app.use('/api/v1/auth', v1AuthRouter);
-app.use('/api/v1/bot', v1BotRouter);
-app.use('/api/v1/user', v1UserRouter);
-app.use('/api/v1/user-action', v1UserActionRouter);
-app.use('/api/v1/organization', v1OrganizationRouter);
-app.use('/api/v1/workspace', v1WorkspaceRouter);
-app.use('/api/v1/membership-org', v1MembershipOrgRouter);
-app.use('/api/v1/membership', v1MembershipRouter);
-app.use('/api/v1/key', v1KeyRouter);
-app.use('/api/v1/invite-org', v1InviteOrgRouter);
-app.use('/api/v1/secret', v1SecretRouter);
-app.use('/api/v1/service-token', v1ServiceTokenRouter); // stop supporting
-app.use('/api/v1/password', v1PasswordRouter);
-app.use('/api/v1/stripe', v1StripeRouter);
-app.use('/api/v1/integration', v1IntegrationRouter);
-app.use('/api/v1/integration-auth', v1IntegrationAuthRouter);
-
-// v2 routes
-app.use('/api/v2/workspace', v2WorkspaceRouter); // TODO: turn into plural route
-app.use('/api/v2/secret', v2SecretRouter); // stop supporting, TODO: revise
-app.use('/api/v2/secrets', v2SecretsRouter);
-app.use('/api/v2/service-token', v2ServiceTokenDataRouter); // TODO: turn into plural route
-app.use('/api/v2/api-key-data', v2APIKeyDataRouter);
-
-// api docs 
-app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerFile))
-
-// Server status
-app.use('/api', healthCheck)
-
-//* Handle unrouted requests and respond with proper error message as well as status code
-app.use((req, res, next) => {
-  if (res.headersSent) return next();
-  next(RouteNotFoundError({ message: `The requested source '(${req.method})${req.url}' was not found` }))
-})
-
-//* Error Handling Middleware (must be after all routing logic)
-app.use(requestErrorHandler)
-
-
-export const server = app.listen(PORT, () => {
-  getLogger("backend-main").info(`Server started listening at port ${PORT}`)
-});
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@ -1,7 +1,6 @@
 const PORT = process.env.PORT || 4000;
 const EMAIL_TOKEN_LIFETIME = process.env.EMAIL_TOKEN_LIFETIME! || '86400';
 const ENCRYPTION_KEY = process.env.ENCRYPTION_KEY!;
-const SALT_ROUNDS = parseInt(process.env.SALT_ROUNDS!) || 10;
 const JWT_AUTH_LIFETIME = process.env.JWT_AUTH_LIFETIME! || '10d';
 const JWT_AUTH_SECRET = process.env.JWT_AUTH_SECRET!;
 const JWT_REFRESH_LIFETIME = process.env.JWT_REFRESH_LIFETIME! || '90d';
@ -11,81 +10,56 @@ const JWT_SIGNUP_LIFETIME = process.env.JWT_SIGNUP_LIFETIME! || '15m';
 const JWT_SIGNUP_SECRET = process.env.JWT_SIGNUP_SECRET!;
 const MONGO_URL = process.env.MONGO_URL!;
 const NODE_ENV = process.env.NODE_ENV! || 'production';
-const VERBOSE_ERROR_OUTPUT = process.env.VERBOSE_ERROR_OUTPUT! === 'true' && true;
-const LOKI_HOST = process.env.LOKI_HOST || undefined;
-const CLIENT_SECRET_HEROKU = process.env.CLIENT_SECRET_HEROKU!;
-const CLIENT_ID_HEROKU = process.env.CLIENT_ID_HEROKU!;
-const CLIENT_ID_VERCEL = process.env.CLIENT_ID_VERCEL!;
-const CLIENT_ID_NETLIFY = process.env.CLIENT_ID_NETLIFY!;
-const CLIENT_ID_GITHUB = process.env.CLIENT_ID_GITHUB!;
-const CLIENT_SECRET_VERCEL = process.env.CLIENT_SECRET_VERCEL!;
-const CLIENT_SECRET_NETLIFY = process.env.CLIENT_SECRET_NETLIFY!;
-const CLIENT_SECRET_GITHUB = process.env.CLIENT_SECRET_GITHUB!;
-const CLIENT_SLUG_VERCEL= process.env.CLIENT_SLUG_VERCEL!;
+const OAUTH_CLIENT_SECRET_HEROKU = process.env.OAUTH_CLIENT_SECRET_HEROKU!;
+const OAUTH_TOKEN_URL_HEROKU = process.env.OAUTH_TOKEN_URL_HEROKU!;
 const POSTHOG_HOST = process.env.POSTHOG_HOST! || 'https://app.posthog.com';
-const POSTHOG_PROJECT_API_KEY =
-  process.env.POSTHOG_PROJECT_API_KEY! ||
-  'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
+const POSTHOG_PROJECT_API_KEY = process.env.POSTHOG_PROJECT_API_KEY! || 'phc_nSin8j5q2zdhpFDI1ETmFNUIuTG4DwKVyIigrY10XiE';
+const PRIVATE_KEY = process.env.PRIVATE_KEY!;
+const PUBLIC_KEY = process.env.PUBLIC_KEY!;
 const SENTRY_DSN = process.env.SENTRY_DSN!;
 const SITE_URL = process.env.SITE_URL!;
-const SMTP_HOST = process.env.SMTP_HOST!;
-const SMTP_SECURE = process.env.SMTP_SECURE! === 'true' || false;
-const SMTP_PORT = parseInt(process.env.SMTP_PORT!) || 587;
+const SMTP_HOST = process.env.SMTP_HOST! || 'smtp.gmail.com';
+const SMTP_NAME = process.env.SMTP_NAME!;
 const SMTP_USERNAME = process.env.SMTP_USERNAME!;
 const SMTP_PASSWORD = process.env.SMTP_PASSWORD!;
-const SMTP_FROM_ADDRESS = process.env.SMTP_FROM_ADDRESS!;
-const SMTP_FROM_NAME = process.env.SMTP_FROM_NAME! || 'Infisical';
 const STRIPE_PRODUCT_CARD_AUTH = process.env.STRIPE_PRODUCT_CARD_AUTH!;
 const STRIPE_PRODUCT_PRO = process.env.STRIPE_PRODUCT_PRO!;
 const STRIPE_PRODUCT_STARTER = process.env.STRIPE_PRODUCT_STARTER!;
 const STRIPE_PUBLISHABLE_KEY = process.env.STRIPE_PUBLISHABLE_KEY!;
 const STRIPE_SECRET_KEY = process.env.STRIPE_SECRET_KEY!;
 const STRIPE_WEBHOOK_SECRET = process.env.STRIPE_WEBHOOK_SECRET!;
-const TELEMETRY_ENABLED = process.env.TELEMETRY_ENABLED! !== 'false' && true;
-const LICENSE_KEY = process.env.LICENSE_KEY!;
+const TELEMETRY_ENABLED = (process.env.TELEMETRY_ENABLED! !== 'false') && true;

 export {
-  PORT,
-  EMAIL_TOKEN_LIFETIME,
-  ENCRYPTION_KEY,
-  SALT_ROUNDS,
-  JWT_AUTH_LIFETIME,
-  JWT_AUTH_SECRET,
-  JWT_REFRESH_LIFETIME,
-  JWT_REFRESH_SECRET,
-  JWT_SERVICE_SECRET,
-  JWT_SIGNUP_LIFETIME,
-  JWT_SIGNUP_SECRET,
-  MONGO_URL,
-  NODE_ENV,
-  VERBOSE_ERROR_OUTPUT,
-  LOKI_HOST,
-  CLIENT_ID_HEROKU,
-  CLIENT_ID_VERCEL,
-  CLIENT_ID_NETLIFY,
-  CLIENT_ID_GITHUB,
-  CLIENT_SECRET_HEROKU,
-  CLIENT_SECRET_VERCEL,
-  CLIENT_SECRET_NETLIFY,
-  CLIENT_SECRET_GITHUB,
-  CLIENT_SLUG_VERCEL,
-  POSTHOG_HOST,
-  POSTHOG_PROJECT_API_KEY,
-  SENTRY_DSN,
-  SITE_URL,
-  SMTP_HOST,
-  SMTP_PORT,
-  SMTP_SECURE,
-  SMTP_USERNAME,
-  SMTP_PASSWORD,
-  SMTP_FROM_ADDRESS,
-  SMTP_FROM_NAME,
-  STRIPE_PRODUCT_CARD_AUTH,
-  STRIPE_PRODUCT_PRO,
-  STRIPE_PRODUCT_STARTER,
-  STRIPE_PUBLISHABLE_KEY,
-  STRIPE_SECRET_KEY,
-  STRIPE_WEBHOOK_SECRET,
-  TELEMETRY_ENABLED,
-  LICENSE_KEY
+	PORT,
+	EMAIL_TOKEN_LIFETIME,
+	ENCRYPTION_KEY,
+	JWT_AUTH_LIFETIME,
+	JWT_AUTH_SECRET,
+	JWT_REFRESH_LIFETIME,
+	JWT_REFRESH_SECRET,
+	JWT_SERVICE_SECRET,
+	JWT_SIGNUP_LIFETIME,
+	JWT_SIGNUP_SECRET,
+	MONGO_URL,
+	NODE_ENV,
+	OAUTH_CLIENT_SECRET_HEROKU,
+	OAUTH_TOKEN_URL_HEROKU,
+	POSTHOG_HOST,
+	POSTHOG_PROJECT_API_KEY,
+	PRIVATE_KEY,
+	PUBLIC_KEY,
+	SENTRY_DSN,
+	SITE_URL,
+	SMTP_HOST,
+	SMTP_NAME,
+	SMTP_USERNAME,
+	SMTP_PASSWORD,
+	STRIPE_PRODUCT_CARD_AUTH,
+	STRIPE_PRODUCT_PRO,
+	STRIPE_PRODUCT_STARTER,
+	STRIPE_PUBLISHABLE_KEY,
+	STRIPE_SECRET_KEY,
+	STRIPE_WEBHOOK_SECRET,
+	TELEMETRY_ENABLED
 };
--- a/backend/src/controllers/authController.ts
+++ b/backend/src/controllers/authController.ts
@ -0,0 +1,224 @@
+import { Request, Response } from 'express';
+import jwt from 'jsonwebtoken';
+import * as Sentry from '@sentry/node';
+import * as bigintConversion from 'bigint-conversion';
+const jsrp = require('jsrp');
+import { User } from '../models';
+import { createToken, issueTokens, clearTokens } from '../helpers/auth';
+import { 
+	NODE_ENV,
+	JWT_AUTH_LIFETIME, 
+	JWT_AUTH_SECRET,
+	JWT_REFRESH_SECRET
+} from '../config';
+
+declare module 'jsonwebtoken' {
+	export interface UserIDJwtPayload extends jwt.JwtPayload {
+		userId: string;
+	}
+}
+
+const clientPublicKeys: any = {};
+
+/**
+ * Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
+ * @param req
+ * @param res
+ * @returns
+ */
+export const login1 = async (req: Request, res: Response) => {
+	try {
+		const {
+			email,
+			clientPublicKey
+		}: { email: string; clientPublicKey: string } = req.body;
+		
+		const user = await User.findOne({
+			email
+		}).select('+salt +verifier');
+		
+
+		if (!user) throw new Error('Failed to find user');
+
+		const server = new jsrp.server();
+		server.init(
+			{
+				salt: user.salt,
+				verifier: user.verifier
+			},
+			() => {
+				// generate server-side public key
+				const serverPublicKey = server.getPublicKey();
+				clientPublicKeys[email] = {
+					clientPublicKey,
+					serverBInt: bigintConversion.bigintToBuf(server.bInt)
+				};
+				
+
+				return res.status(200).send({
+					serverPublicKey,
+					salt: user.salt
+				});
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to start authentication process'
+		});
+	}
+};
+
+/**
+ * Log in user step 2: complete step 2 of SRP protocol and return token and their (encrypted)
+ * private key
+ * @param req
+ * @param res
+ * @returns
+ */
+export const login2 = async (req: Request, res: Response) => {
+	try {
+		const { email, clientProof } = req.body;
+		const user = await User.findOne({
+			email
+		}).select('+salt +verifier +publicKey +encryptedPrivateKey +iv +tag');
+
+		if (!user) throw new Error('Failed to find user');
+
+		const server = new jsrp.server();
+		server.init(
+			{
+				salt: user.salt,
+				verifier: user.verifier,
+				b: clientPublicKeys[email].serverBInt
+			},
+			async () => {
+				server.setClientPublicKey(clientPublicKeys[email].clientPublicKey);
+
+				// compare server and client shared keys
+				if (server.checkClientProof(clientProof)) {
+					// issue tokens
+					const tokens = await issueTokens({ userId: user._id.toString() });
+					
+					// store (refresh) token in httpOnly cookie
+					res.cookie('jid', tokens.refreshToken, {
+						httpOnly: true,
+						path: '/token',
+						sameSite: "strict",
+						secure: NODE_ENV === 'production' ? true : false
+					});
+
+					// return (access) token in response
+					return res.status(200).send({
+						token: tokens.token,
+						publicKey: user.publicKey,
+						encryptedPrivateKey: user.encryptedPrivateKey,
+						iv: user.iv,
+						tag: user.tag
+					});
+				}
+
+				return res.status(400).send({
+					message: 'Failed to authenticate. Try again?'
+				});
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to authenticate. Try again?'
+		});
+	}
+};
+
+/**
+ * Log out user
+ * @param req
+ * @param res
+ * @returns
+ */
+export const logout = async (req: Request, res: Response) => {
+	try {
+		await clearTokens({
+			userId: req.user._id.toString()
+		});
+		
+		// clear httpOnly cookie
+		res.cookie('jid', '', {
+			httpOnly: true,
+			path: '/token',
+			sameSite: "strict",
+			secure: NODE_ENV === 'production' ? true : false
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to logout'
+		});
+	}
+
+	return res.status(200).send({
+		message: 'Successfully logged out.'
+	});
+};
+
+/**
+ * Return user is authenticated
+ * @param req
+ * @param res
+ * @returns
+ */
+export const checkAuth = async (req: Request, res: Response) =>
+	res.status(200).send({
+		message: 'Authenticated'
+	});
+
+/**
+ * Return new token by redeeming refresh token
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getNewToken = async (req: Request, res: Response) => {
+	try {
+		const refreshToken = req.cookies.jid;
+		
+		if (!refreshToken) {
+			throw new Error('Failed to find token in request cookies');
+		}
+		
+		const decodedToken = <jwt.UserIDJwtPayload>(
+			jwt.verify(refreshToken, JWT_REFRESH_SECRET)
+		);
+		
+		const user = await User.findOne({
+			_id: decodedToken.userId
+		}).select('+publicKey');
+
+		if (!user) throw new Error('Failed to authenticate unfound user');
+		if (!user?.publicKey)
+			throw new Error('Failed to authenticate not fully set up account');
+		
+		const token = createToken({
+			payload: {
+				userId: decodedToken.userId
+			},
+			expiresIn: JWT_AUTH_LIFETIME,
+			secret: JWT_AUTH_SECRET
+		});
+		
+		return res.status(200).send({
+			token
+		});
+		
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Invalid request'
+		});
+	}
+};
--- a/backend/src/controllers/v1/index.ts
+++ b/backend/src/controllers/v1/index.ts
@ -1,5 +1,4 @@
 import * as authController from './authController';
-import * as botController from './botController';
 import * as integrationAuthController from './integrationAuthController';
 import * as integrationController from './integrationController';
 import * as keyController from './keyController';
@ -17,7 +16,6 @@ import * as workspaceController from './workspaceController';

 export {
 	authController,
-	botController,
 	integrationAuthController,
 	integrationController,
 	keyController,
--- a/backend/src/controllers/integrationAuthController.ts
+++ b/backend/src/controllers/integrationAuthController.ts
@ -0,0 +1,153 @@
+import { Request, Response } from 'express';
+import * as Sentry from '@sentry/node';
+import axios from 'axios';
+import { readFileSync } from 'fs';
+import { IntegrationAuth, Integration } from '../models';
+import { processOAuthTokenRes } from '../helpers/integrationAuth';
+import { INTEGRATION_SET, ENV_DEV } from '../variables';
+import { OAUTH_CLIENT_SECRET_HEROKU, OAUTH_TOKEN_URL_HEROKU } from '../config';
+
+/**
+ * Perform OAuth2 code-token exchange as part of integration [integration] for workspace with id [workspaceId]
+ * Note: integration [integration] must be set up compatible/designed for OAuth2
+ * @param req
+ * @param res
+ * @returns
+ */
+export const integrationAuthOauthExchange = async (
+	req: Request,
+	res: Response
+) => {
+	try {
+		let clientSecret;
+
+		const { workspaceId, code, integration } = req.body;
+
+		if (!INTEGRATION_SET.has(integration))
+			throw new Error('Failed to validate integration');
+
+		// use correct client secret
+		switch (integration) {
+			case 'heroku':
+				clientSecret = OAUTH_CLIENT_SECRET_HEROKU;
+		}
+
+		// TODO: unfinished - make compatible with other integration types
+		const res = await axios.post(
+			OAUTH_TOKEN_URL_HEROKU!,
+			new URLSearchParams({
+				grant_type: 'authorization_code',
+				code: code,
+				client_secret: clientSecret
+			} as any)
+		);
+
+		const integrationAuth = await processOAuthTokenRes({
+			workspaceId,
+			integration,
+			res
+		});
+
+		// create or replace integration
+		const integrationObj = await Integration.findOneAndUpdate(
+			{ workspace: workspaceId, integration },
+			{
+				workspace: workspaceId,
+				environment: ENV_DEV,
+				isActive: false,
+				app: null,
+				integration,
+				integrationAuth: integrationAuth._id
+			},
+			{ upsert: true, new: true }
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get OAuth2 token'
+		});
+	}
+
+	return res.status(200).send({
+		message: 'Successfully enabled integration authorization'
+	});
+};
+
+/**
+ * Return list of applications allowed for integration with id [integrationAuthId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getIntegrationAuthApps = async (req: Request, res: Response) => {
+	// TODO: unfinished - make compatible with other integration types
+	let apps;
+	try {
+		const res = await axios.get('https://api.heroku.com/apps', {
+			headers: {
+				Accept: 'application/vnd.heroku+json; version=3',
+				Authorization: 'Bearer ' + req.accessToken
+			}
+		});
+
+		apps = res.data.map((a: any) => ({
+			name: a.name
+		}));
+	} catch (err) {}
+
+	return res.status(200).send({
+		apps
+	});
+};
+
+/**
+ * Delete integration authorization with id [integrationAuthId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const deleteIntegrationAuth = async (req: Request, res: Response) => {
+	// TODO: unfinished - disable application via Heroku API and make compatible with other integration types
+	try {
+		const { integrationAuthId } = req.params;
+
+		// TODO: disable application via Heroku API; figure out what authorization id is
+
+		const integrations = JSON.parse(
+			readFileSync('./src/json/integrations.json').toString()
+		);
+
+		let authorizationId;
+		switch (req.integrationAuth.integration) {
+			case 'heroku':
+				authorizationId = integrations.heroku.clientId;
+		}
+
+		// not sure what authorizationId is?
+		// // revoke authorization
+		// const res2 = await axios.delete(
+		//   `https://api.heroku.com/oauth/authorizations/${authorizationId}`,
+		//   {
+		//     headers: {
+		//         'Accept': 'application/vnd.heroku+json; version=3',
+		//         'Authorization': 'Bearer ' + req.accessToken
+		//     }
+		//   }
+		// );
+
+		const deletedIntegrationAuth = await IntegrationAuth.findOneAndDelete({
+			_id: integrationAuthId
+		});
+
+		if (deletedIntegrationAuth) {
+			await Integration.deleteMany({
+				integrationAuth: deletedIntegrationAuth._id
+			});
+		}
+	} catch (err) {
+		return res.status(400).send({
+			message: 'Failed to delete integration authorization'
+		});
+	}
+};
--- a/backend/src/controllers/integrationController.ts
+++ b/backend/src/controllers/integrationController.ts
@ -0,0 +1,158 @@
+import { Request, Response } from 'express';
+import { readFileSync } from 'fs';
+import * as Sentry from '@sentry/node';
+import axios from 'axios';
+import { Integration } from '../models';
+import { decryptAsymmetric } from '../utils/crypto';
+import { decryptSecrets } from '../helpers/secret';
+import { PRIVATE_KEY } from '../config';
+
+interface Key {
+	encryptedKey: string;
+	nonce: string;
+}
+
+interface PushSecret {
+	ciphertextKey: string;
+	ivKey: string;
+	tagKey: string;
+	hashKey: string;
+	ciphertextValue: string;
+	ivValue: string;
+	tagValue: string;
+	hashValue: string;
+	type: 'shared' | 'personal';
+}
+
+/**
+ * Return list of all available integrations on Infisical
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getIntegrations = async (req: Request, res: Response) => {
+	let integrations;
+	try {
+		integrations = JSON.parse(
+			readFileSync('./src/json/integrations.json').toString()
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to get integrations'
+		});
+	}
+
+	return res.status(200).send({
+		integrations
+	});
+};
+
+/**
+ * Sync secrets [secrets] to integration with id [integrationId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const syncIntegration = async (req: Request, res: Response) => {
+	// TODO: unfinished - make more versatile to accomodate for other integrations
+	try {
+		const { key, secrets }: { key: Key; secrets: PushSecret[] } = req.body;
+		const symmetricKey = decryptAsymmetric({
+			ciphertext: key.encryptedKey,
+			nonce: key.nonce,
+			publicKey: req.user.publicKey,
+			privateKey: PRIVATE_KEY
+		});
+
+		// decrypt secrets with symmetric key
+		const content = decryptSecrets({
+			secrets,
+			key: symmetricKey,
+			format: 'object'
+		});
+
+		// TODO: make integration work for other integrations as well
+		const res = await axios.patch(
+			`https://api.heroku.com/apps/${req.integration.app}/config-vars`,
+			content,
+			{
+				headers: {
+					Accept: 'application/vnd.heroku+json; version=3',
+					Authorization: 'Bearer ' + req.accessToken
+				}
+			}
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to sync secrets with integration'
+		});
+	}
+
+	return res.status(200).send({
+		message: 'Successfully synced secrets with integration'
+	});
+};
+
+/**
+ * Change environment or name of integration with id [integrationId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const modifyIntegration = async (req: Request, res: Response) => {
+	let integration;
+	try {
+		const { update } = req.body;
+
+		integration = await Integration.findOneAndUpdate(
+			{
+				_id: req.integration._id
+			},
+			update,
+			{
+				new: true
+			}
+		);
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to modify integration'
+		});
+	}
+
+	return res.status(200).send({
+		integration
+	});
+};
+
+/**
+ * Delete integration with id [integrationId]
+ * @param req
+ * @param res
+ * @returns
+ */
+export const deleteIntegration = async (req: Request, res: Response) => {
+	let deletedIntegration;
+	try {
+		const { integrationId } = req.params;
+
+		deletedIntegration = await Integration.findOneAndDelete({
+			_id: integrationId
+		});
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to delete integration'
+		});
+	}
+
+	return res.status(200).send({
+		deletedIntegration
+	});
+};
--- a/backend/src/controllers/v1/keyController.ts
+++ b/backend/src/controllers/v1/keyController.ts
@ -1,7 +1,9 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { Key } from '../../models';
-import { findMembership } from '../../helpers/membership';
+import { Key } from '../models';
+import { findMembership } from '../helpers/membership';
+import { PUBLIC_KEY } from '../config';
+import { GRANTED } from '../variables';

 /**
 * Add (encrypted) copy of workspace key for workspace with id [workspaceId] for user with
@ -15,6 +17,16 @@ export const uploadKey = async (req: Request, res: Response) => {
 		const { workspaceId } = req.params;
 		const { key } = req.body;

+		// validate membership of sender
+		const senderMembership = await findMembership({
+			user: req.user._id,
+			workspace: workspaceId
+		});
+
+		if (!senderMembership) {
+			throw new Error('Failed sender membership validation for workspace');
+		}
+
 		// validate membership of receiver
 		const receiverMembership = await findMembership({
 			user: key.userId,
@ -25,6 +37,9 @@ export const uploadKey = async (req: Request, res: Response) => {
 			throw new Error('Failed receiver membership validation for workspace');
 		}

+		receiverMembership.status = GRANTED;
+		await receiverMembership.save();
+
 		await new Key({
 			encryptedKey: key.encryptedKey,
 			nonce: key.nonce,
@ -79,4 +94,16 @@ export const getLatestKey = async (req: Request, res: Response) => {
 	}

 	return res.status(200).send(resObj);
-};
+};
+
+/**
+ * Return public key of Infisical
+ * @param req
+ * @param res
+ * @returns
+ */
+export const getPublicKeyInfisical = async (req: Request, res: Response) => {
+	return res.status(200).send({
+		publicKey: PUBLIC_KEY
+	});
+};
--- a/backend/src/controllers/v1/membershipController.ts
+++ b/backend/src/controllers/v1/membershipController.ts
@ -1,13 +1,13 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { Membership, MembershipOrg, User, Key } from '../../models';
+import { Membership, MembershipOrg, User, Key } from '../models';
 import {
 	findMembership,
 	deleteMembership as deleteMember
-} from '../../helpers/membership';
-import { sendMail } from '../../helpers/nodemailer';
-import { SITE_URL } from '../../config';
-import { ADMIN, MEMBER, ACCEPTED } from '../../variables';
+} from '../helpers/membership';
+import { sendMail } from '../helpers/nodemailer';
+import { SITE_URL } from '../config';
+import { ADMIN, MEMBER, GRANTED, ACCEPTED } from '../variables';

 /**
 * Check that user is a member of workspace with id [workspaceId]
@ -175,7 +175,8 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 		// already a member of the workspace
 		const inviteeMembership = await Membership.findOne({
 			user: invitee._id,
-			workspace: workspaceId
+			workspace: workspaceId,
+			status: GRANTED
 		});

 		if (inviteeMembership)
@ -204,7 +205,8 @@ export const inviteUserToWorkspace = async (req: Request, res: Response) => {
 		const m = await new Membership({
 			user: invitee._id,
 			workspace: workspaceId,
-			role: MEMBER
+			role: MEMBER,
+			status: GRANTED
 		}).save();

 		await sendMail({
--- a/backend/src/controllers/v1/membershipOrgController.ts
+++ b/backend/src/controllers/v1/membershipOrgController.ts
@ -1,14 +1,14 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import crypto from 'crypto';
-import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../../config';
-import { MembershipOrg, Organization, User, Token } from '../../models';
-import { deleteMembershipOrg as deleteMemberFromOrg } from '../../helpers/membershipOrg';
-import { checkEmailVerification } from '../../helpers/signup';
-import { createToken } from '../../helpers/auth';
-import { updateSubscriptionOrgQuantity } from '../../helpers/organization';
-import { sendMail } from '../../helpers/nodemailer';
-import { OWNER, ADMIN, MEMBER, ACCEPTED, INVITED } from '../../variables';
+import { SITE_URL, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
+import { MembershipOrg, Organization, User, Token } from '../models';
+import { deleteMembershipOrg as deleteMemberFromOrg } from '../helpers/membershipOrg';
+import { checkEmailVerification } from '../helpers/signup';
+import { createToken } from '../helpers/auth';
+import { updateSubscriptionOrgQuantity } from '../helpers/organization';
+import { sendMail } from '../helpers/nodemailer';
+import { OWNER, ADMIN, MEMBER, ACCEPTED, INVITED } from '../variables';

 /**
 * Delete organization membership with id [membershipOrgId] from organization
@ -80,14 +80,14 @@ export const changeMembershipOrgRole = async (req: Request, res: Response) => {
 	// TODO

 	let membershipToChangeRole;
-	// try {
-	// } catch (err) {
-	// 	Sentry.setUser({ email: req.user.email });
-	// 	Sentry.captureException(err);
-	// 	return res.status(400).send({
-	// 		message: 'Failed to change organization membership role'
-	// 	});
-	// }
+	try {
+	} catch (err) {
+		Sentry.setUser({ email: req.user.email });
+		Sentry.captureException(err);
+		return res.status(400).send({
+			message: 'Failed to change organization membership role'
+		});
+	}

 	return res.status(200).send({
 		membershipOrg: membershipToChangeRole
@ -115,14 +115,13 @@ export const inviteUserToOrganization = async (req: Request, res: Response) => {
 		if (!membershipOrg) {
 			throw new Error('Failed to validate organization membership');
 		}
-		
+
 		invitee = await User.findOne({
 			email: inviteeEmail
-		}).select('+publicKey');
+		});

 		if (invitee) {
 			// case: invitee is an existing user
-			
 			inviteeMembershipOrg = await MembershipOrg.findOne({
 				user: invitee._id,
 				organization: organizationId
@ -218,7 +217,13 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 	try {
 		const { email, code } = req.body;

-		user = await User.findOne({ email }).select('+publicKey');
+		user = await User.findOne({ email });
+		if (user && user?.publicKey) {
+			// case: user has already completed account
+			return res.status(403).send({
+				error: 'Failed email magic link verification for complete account'
+			});
+		}

 		const membershipOrg = await MembershipOrg.findOne({
 			inviteEmail: email,
@ -233,18 +238,6 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 			code
 		});

-		if (user && user?.publicKey) {
-			// case: user has already completed account
-			// membership can be approved and redirected to login/dashboard
-			membershipOrg.status = ACCEPTED;
-			await membershipOrg.save();
-
-			return res.status(200).send({
-				message: 'Successfully verified email',
-				user,
-			});
-        }
-
 		if (!user) {
 			// initialize user account
 			user = await new User({
@ -264,7 +257,7 @@ export const verifyUserToOrganization = async (req: Request, res: Response) => {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
-			error: 'Failed email magic link verification for organization invitation'
+			error: 'Failed email magic link confirmation'
 		});
 	}

--- a/backend/src/controllers/v1/organizationController.ts
+++ b/backend/src/controllers/v1/organizationController.ts
@ -6,7 +6,7 @@ import {
 	STRIPE_PRODUCT_STARTER,
 	STRIPE_PRODUCT_PRO,
 	STRIPE_PRODUCT_CARD_AUTH
-} from '../../config';
+} from '../config';
 import Stripe from 'stripe';

 const stripe = new Stripe(STRIPE_SECRET_KEY, {
@ -18,10 +18,10 @@ import {
 	Organization,
 	Workspace,
 	IncidentContactOrg
-} from '../../models';
-import { createOrganization as create } from '../../helpers/organization';
-import { addMembershipsOrg } from '../../helpers/membershipOrg';
-import { OWNER, ACCEPTED } from '../../variables';
+} from '../models';
+import { createOrganization as create } from '../helpers/organization';
+import { addMembershipsOrg } from '../helpers/membershipOrg';
+import { OWNER, ACCEPTED } from '../variables';

 const productToPriceMap = {
 	starter: STRIPE_PRODUCT_STARTER,
--- a/backend/src/controllers/v1/passwordController.ts
+++ b/backend/src/controllers/v1/passwordController.ts
@ -1,122 +1,11 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import crypto from 'crypto';
-// eslint-disable-next-line @typescript-eslint/no-var-requires
 const jsrp = require('jsrp');
 import * as bigintConversion from 'bigint-conversion';
-import { User, Token, BackupPrivateKey } from '../../models';
-import { checkEmailVerification } from '../../helpers/signup';
-import { createToken } from '../../helpers/auth';
-import { sendMail } from '../../helpers/nodemailer';
-import { JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET, SITE_URL } from '../../config';
+import { User, BackupPrivateKey } from '../models';

 const clientPublicKeys: any = {};

-/**
- * Password reset step 1: Send email verification link to email [email] 
- * for account recovery.
- * @param req
- * @param res
- * @returns
- */
-export const emailPasswordReset = async (req: Request, res: Response) => {
-	let email: string;
-	try {
-		email = req.body.email;
-
-		const user = await User.findOne({ email }).select('+publicKey');
-		if (!user || !user?.publicKey) {
-			// case: user has already completed account
-
-			return res.status(403).send({
-				error: 'Failed to send email verification for password reset'
-			});
-		}
-		
-		const token = crypto.randomBytes(16).toString('hex');
-
-		await Token.findOneAndUpdate(
-			{ email },
-			{
-				email,
-				token,
-				createdAt: new Date()
-			},
-			{ upsert: true, new: true }
-		);
-		
-		await sendMail({
-			template: 'passwordReset.handlebars',
-			subjectLine: 'Infisical password reset',
-			recipients: [email],
-			substitutions: {
-				email,
-				token,
-				callback_url: SITE_URL + '/password-reset'
-			}
-		});
-		
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to send email for account recovery'
-		});	
-	}
-	
-	return res.status(200).send({
-		message: `Sent an email for account recovery to ${email}`
-	});
-}
-
-/**
- * Password reset step 2: Verify email verification link sent to email [email]
- * @param req 
- * @param res 
- * @returns 
- */
-export const emailPasswordResetVerify = async (req: Request, res: Response) => {
-	let user, token;
-	try {
-		const { email, code } = req.body;
-		
-		user = await User.findOne({ email }).select('+publicKey');
-		if (!user || !user?.publicKey) {
-			// case: user doesn't exist with email [email] or 
-			// hasn't even completed their account
-			return res.status(403).send({
-				error: 'Failed email verification for password reset'
-			});
-		}
-
-		await checkEmailVerification({
-			email,
-			code
-		});
-		
-		// generate temporary password-reset token
-		token = createToken({
-			payload: {
-				userId: user._id.toString()
-			},
-			expiresIn: JWT_SIGNUP_LIFETIME,
-			secret: JWT_SIGNUP_SECRET
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed email verification for password reset'
-		});	
-	}
-
-	return res.status(200).send({
-		message: 'Successfully verified email',
-		user,
-		token
-	});
-}
-
 /**
 * Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
 * @param req
@ -154,7 +43,7 @@ export const srp1 = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			error: 'Failed to start change password process'
@ -221,7 +110,7 @@ export const changePassword = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			error: 'Failed to change password. Try again?'
@ -291,73 +180,10 @@ export const createBackupPrivateKey = async (req: Request, res: Response) => {
 			}
 		);
 	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
+		Sentry.setUser(null);
 		Sentry.captureException(err);
 		return res.status(400).send({
 			message: 'Failed to update backup private key'
 		});
 	}
 };
-
-/**
- * Return backup private key for user
- * @param req 
- * @param res 
- * @returns 
- */
-export const getBackupPrivateKey = async (req: Request, res: Response) => {
-	let backupPrivateKey;
-	try {
-		backupPrivateKey = await BackupPrivateKey.findOne({
-			user: req.user._id
-		}).select('+encryptedPrivateKey +iv +tag');
-		
-		if (!backupPrivateKey) throw new Error('Failed to find backup private key');
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email});
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get backup private key'
-		});
-	}
-	
-	return res.status(200).send({
-		backupPrivateKey
-	});
-}
-
-export const resetPassword = async (req: Request, res: Response) => {
-	try {
-		const {
-			encryptedPrivateKey,
-			iv,
-			tag,
-			salt,
-			verifier,
-		} = req.body;
-
-		await User.findByIdAndUpdate(
-			req.user._id.toString(),
-			{
-				encryptedPrivateKey,
-				iv,
-				tag,
-				salt,
-				verifier
-			},
-			{
-				new: true
-			}
-		);	
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email});
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get backup private key'
-		});	
-	}
-	
-	return res.status(200).send({
-		message: 'Successfully reset password'
-	});
-}
--- a/backend/src/controllers/v1/secretController.ts
+++ b/backend/src/controllers/v1/secretController.ts
@ -1,16 +1,15 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { Key, Secret } from '../../models';
+import { Key } from '../models';
 import {
-	v1PushSecrets as push,
+	pushSecrets as push,
 	pullSecrets as pull,
 	reformatPullSecrets
-} from '../../helpers/secret';
-import { pushKeys } from '../../helpers/key';
-import { eventPushSecrets } from '../../events';
-import { EventService } from '../../services';
-import { ENV_SET } from '../../variables';
-import { postHogClient } from '../../services';
+} from '../helpers/secret';
+import { pushKeys } from '../helpers/key';
+import { ENV_SET } from '../variables';
+
+import { postHogClient } from '../services';

 interface PushSecret {
 	ciphertextKey: string;
@ -21,10 +20,6 @@ interface PushSecret {
 	ivValue: string;
 	tagValue: string;
 	hashValue: string;
-	ciphertextComment: string;
-	ivComment: string;
-	tagComment: string;
-	hashComment: string;
 	type: 'shared' | 'personal';
 }

@ -65,8 +60,7 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			workspaceId,
 			keys
 		});
-		
-		
+
 		if (postHogClient) {
 			postHogClient.capture({
 				event: 'secrets pushed',
@ -80,13 +74,6 @@ export const pushSecrets = async (req: Request, res: Response) => {
 			});
 		}

-		// trigger event - push secrets
-		EventService.handleEvent({
-			event: eventPushSecrets({
-				workspaceId
-			})
-		});
-
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@ -123,9 +110,7 @@ export const pullSecrets = async (req: Request, res: Response) => {
 		secrets = await pull({
 			userId: req.user._id.toString(),
 			workspaceId,
-			environment,
-			channel: channel ? channel : 'cli',
-			ipAddress: req.ip
+			environment
 		});

 		key = await Key.findOne({
@ -175,6 +160,9 @@ export const pullSecrets = async (req: Request, res: Response) => {
 * @returns
 */
 export const pullSecretsServiceToken = async (req: Request, res: Response) => {
+	// get (encrypted) secrets from workspace with id [workspaceId]
+	// service token route
+
 	let secrets;
 	let key;
 	try {
@ -190,9 +178,7 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 		secrets = await pull({
 			userId: req.serviceToken.user._id.toString(),
 			workspaceId,
-			environment,
-			channel: 'cli',
-			ipAddress: req.ip
+			environment
 		});

 		key = {
@ -206,7 +192,7 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 		};

 		if (postHogClient) {
-			// capture secrets pulled event in production
+			// capture secrets pushed event in production
 			postHogClient.capture({
 				distinctId: req.serviceToken.user.email,
 				event: 'secrets pulled',
@ -230,4 +216,4 @@ export const pullSecretsServiceToken = async (req: Request, res: Response) => {
 		secrets: reformatPullSecrets({ secrets }),
 		key
 	});
-};
+};
--- a/backend/src/controllers/v1/serviceTokenController.ts
+++ b/backend/src/controllers/v1/serviceTokenController.ts
@ -1,8 +1,8 @@
 import { Request, Response } from 'express';
-import { ServiceToken } from '../../models';
-import { createToken } from '../../helpers/auth';
-import { ENV_SET } from '../../variables';
-import { JWT_SERVICE_SECRET } from '../../config';
+import { ServiceToken } from '../models';
+import { createToken } from '../helpers/auth';
+import { ENV_SET } from '../variables';
+import { JWT_SERVICE_SECRET } from '../config';

 /**
 * Return service token on request
@ -11,6 +11,7 @@ import { JWT_SERVICE_SECRET } from '../../config';
 * @returns
 */
 export const getServiceToken = async (req: Request, res: Response) => {
+	// get service token
 	return res.status(200).send({
 		serviceToken: req.serviceToken
 	});
@ -57,8 +58,7 @@ export const createServiceToken = async (req: Request, res: Response) => {

 		token = createToken({
 			payload: {
-				serviceTokenId: serviceToken._id.toString(),
-				workspaceId
+				serviceTokenId: serviceToken._id.toString()
 			},
 			expiresIn: expiresIn,
 			secret: JWT_SERVICE_SECRET
@ -72,4 +72,4 @@ export const createServiceToken = async (req: Request, res: Response) => {
 	return res.status(200).send({
 		token
 	});
-};
+};
--- a/backend/src/controllers/v1/signupController.ts
+++ b/backend/src/controllers/v1/signupController.ts
@ -1,16 +1,15 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { NODE_ENV, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../../config';
-import { User, MembershipOrg } from '../../models';
-import { completeAccount } from '../../helpers/user';
+import { NODE_ENV, JWT_SIGNUP_LIFETIME, JWT_SIGNUP_SECRET } from '../config';
+import { User, MembershipOrg } from '../models';
+import { completeAccount } from '../helpers/user';
 import {
 	sendEmailVerification,
 	checkEmailVerification,
 	initializeDefaultOrg
-} from '../../helpers/signup';
-import { issueTokens, createToken } from '../../helpers/auth';
-import { INVITED, ACCEPTED } from '../../variables';
-import axios from 'axios';
+} from '../helpers/signup';
+import { issueTokens, createToken } from '../helpers/auth';
+import { INVITED, ACCEPTED } from '../variables';

 /**
 * Signup step 1: Initialize account for user under email [email] and send a verification code
@ -180,21 +179,6 @@ export const completeAccountSignup = async (req: Request, res: Response) => {

 		token = tokens.token;
 		refreshToken = tokens.refreshToken;
-
-		// sending a welcome email to new users
-		if (process.env.LOOPS_API_KEY) {
-			await axios.post("https://app.loops.so/api/v1/events/send", {
-				"email": email,
-				"eventName": "Sign Up",
-				"firstName": firstName,
-				"lastName": lastName
-			}, {
-				headers: {
-					"Accept": "application/json",
-					"Authorization": "Bearer " + process.env.LOOPS_API_KEY
-				},
-			});
-		}
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
--- a/backend/src/ee/controllers/v1/stripeController.ts
+++ b/backend/src/ee/controllers/v1/stripeController.ts
@ -1,7 +1,7 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
 import Stripe from 'stripe';
-import { STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET } from '../../../config';
+import { STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET } from '../config';
 const stripe = new Stripe(STRIPE_SECRET_KEY, {
 	apiVersion: '2022-08-01'
 });
--- a/backend/src/controllers/v1/userActionController.ts
+++ b/backend/src/controllers/v1/userActionController.ts
@ -1,6 +1,6 @@
 import { Request, Response } from 'express';
 import * as Sentry from '@sentry/node';
-import { UserAction } from '../../models';
+import { UserAction } from '../models';

 /**
 * Add user action [action]
--- a/backend/src/controllers/v1/userController.ts
+++ b/backend/src/controllers/v1/userController.ts
--- a/backend/src/controllers/v1/authController.ts
+++ b/backend/src/controllers/v1/authController.ts
@ -1,222 +0,0 @@
-/* eslint-disable @typescript-eslint/no-var-requires */
-import { Request, Response } from 'express';
-import jwt from 'jsonwebtoken';
-import * as Sentry from '@sentry/node';
-import * as bigintConversion from 'bigint-conversion';
-const jsrp = require('jsrp');
-import { User } from '../../models';
-import { createToken, issueTokens, clearTokens } from '../../helpers/auth';
-import {
-  NODE_ENV,
-  JWT_AUTH_LIFETIME,
-  JWT_AUTH_SECRET,
-  JWT_REFRESH_SECRET
-} from '../../config';
-
-declare module 'jsonwebtoken' {
-  export interface UserIDJwtPayload extends jwt.JwtPayload {
-    userId: string;
-  }
-}
-
-const clientPublicKeys: any = {};
-
-/**
- * Log in user step 1: Return [salt] and [serverPublicKey] as part of step 1 of SRP protocol
- * @param req
- * @param res
- * @returns
- */
-export const login1 = async (req: Request, res: Response) => {
-  try {
-    const {
-      email,
-      clientPublicKey
-    }: { email: string; clientPublicKey: string } = req.body;
-
-    const user = await User.findOne({
-      email
-    }).select('+salt +verifier');
-
-    if (!user) throw new Error('Failed to find user');
-
-    const server = new jsrp.server();
-    server.init(
-      {
-        salt: user.salt,
-        verifier: user.verifier
-      },
-      () => {
-        // generate server-side public key
-        const serverPublicKey = server.getPublicKey();
-        clientPublicKeys[email] = {
-          clientPublicKey,
-          serverBInt: bigintConversion.bigintToBuf(server.bInt)
-        };
-
-        return res.status(200).send({
-          serverPublicKey,
-          salt: user.salt
-        });
-      }
-    );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to start authentication process'
-    });
-  }
-};
-
-/**
- * Log in user step 2: complete step 2 of SRP protocol and return token and their (encrypted)
- * private key
- * @param req
- * @param res
- * @returns
- */
-export const login2 = async (req: Request, res: Response) => {
-  try {
-    const { email, clientProof } = req.body;
-    const user = await User.findOne({
-      email
-    }).select('+salt +verifier +publicKey +encryptedPrivateKey +iv +tag');
-
-    if (!user) throw new Error('Failed to find user');
-
-    const server = new jsrp.server();
-    server.init(
-      {
-        salt: user.salt,
-        verifier: user.verifier,
-        b: clientPublicKeys[email].serverBInt
-      },
-      async () => {
-        server.setClientPublicKey(clientPublicKeys[email].clientPublicKey);
-
-        // compare server and client shared keys
-        if (server.checkClientProof(clientProof)) {
-          // issue tokens
-          const tokens = await issueTokens({ userId: user._id.toString() });
-
-          // store (refresh) token in httpOnly cookie
-          res.cookie('jid', tokens.refreshToken, {
-            httpOnly: true,
-            path: '/',
-            sameSite: 'strict',
-            secure: NODE_ENV === 'production' ? true : false
-          });
-
-          // return (access) token in response
-          return res.status(200).send({
-            token: tokens.token,
-            publicKey: user.publicKey,
-            encryptedPrivateKey: user.encryptedPrivateKey,
-            iv: user.iv,
-            tag: user.tag
-          });
-        }
-
-        return res.status(400).send({
-          message: 'Failed to authenticate. Try again?'
-        });
-      }
-    );
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to authenticate. Try again?'
-    });
-  }
-};
-
-/**
- * Log out user
- * @param req
- * @param res
- * @returns
- */
-export const logout = async (req: Request, res: Response) => {
-  try {
-    await clearTokens({
-      userId: req.user._id.toString()
-    });
-
-    // clear httpOnly cookie
-    res.cookie('jid', '', {
-      httpOnly: true,
-      path: '/',
-      sameSite: 'strict',
-      secure: NODE_ENV === 'production' ? true : false
-    });
-  } catch (err) {
-    Sentry.setUser({ email: req.user.email });
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Failed to logout'
-    });
-  }
-
-  return res.status(200).send({
-    message: 'Successfully logged out.'
-  });
-};
-
-/**
- * Return user is authenticated
- * @param req
- * @param res
- * @returns
- */
-export const checkAuth = async (req: Request, res: Response) =>
-  res.status(200).send({
-    message: 'Authenticated'
-  });
-
-/**
- * Return new token by redeeming refresh token
- * @param req
- * @param res
- * @returns
- */
-export const getNewToken = async (req: Request, res: Response) => {
-  try {
-    const refreshToken = req.cookies.jid;
-
-    if (!refreshToken) {
-      throw new Error('Failed to find token in request cookies');
-    }
-
-    const decodedToken = <jwt.UserIDJwtPayload>(
-      jwt.verify(refreshToken, JWT_REFRESH_SECRET)
-    );
-
-    const user = await User.findOne({
-      _id: decodedToken.userId
-    }).select('+publicKey');
-
-    if (!user) throw new Error('Failed to authenticate unfound user');
-    if (!user?.publicKey)
-      throw new Error('Failed to authenticate not fully set up account');
-
-    const token = createToken({
-      payload: {
-        userId: decodedToken.userId
-      },
-      expiresIn: JWT_AUTH_LIFETIME,
-      secret: JWT_AUTH_SECRET
-    });
-
-    return res.status(200).send({
-      token
-    });
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-    return res.status(400).send({
-      message: 'Invalid request'
-    });
-  }
-};
--- a/backend/src/controllers/v1/botController.ts
+++ b/backend/src/controllers/v1/botController.ts
@ -1,107 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { Bot, BotKey } from '../../models';
-import { createBot } from '../../helpers/bot';
-
-interface BotKey {
-    encryptedKey: string;
-    nonce: string;
-}
-
-/**
- * Return bot for workspace with id [workspaceId]. If a workspace bot doesn't exist,
- * then create and return a new bot.
- * @param req
- * @param res
- * @returns
- */
-export const getBotByWorkspaceId = async (req: Request, res: Response) => {
-    let bot;
-	try {
-        const { workspaceId } = req.params;
-
-        bot = await Bot.findOne({
-            workspace: workspaceId
-        });
-        
-        if (!bot) {
-            // case: bot doesn't exist for workspace with id [workspaceId]
-            // -> create a new bot and return it
-            bot = await createBot({
-                name: 'Infisical Bot',
-                workspaceId
-            });
-        }
-	} catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-        return res.status(400).send({
-			message: 'Failed to get bot for workspace'
-		});
-	}
-    
-    return res.status(200).send({
-        bot
-    });
-};
-
-/**
- * Return bot with id [req.bot._id] with active state set to [isActive].
- * @param req
- * @param res
- * @returns
- */
-export const setBotActiveState = async (req: Request, res: Response) => {
-    let bot;
-	try {
-        const { isActive, botKey }: { isActive: boolean, botKey: BotKey } = req.body;
-        
-        if (isActive) {
-            // bot state set to active -> share workspace key with bot
-            if (!botKey?.encryptedKey || !botKey?.nonce) {
-                return res.status(400).send({
-                    message: 'Failed to set bot state to active - missing bot key'
-                });
-            }
-            
-            await BotKey.findOneAndUpdate({
-                workspace: req.bot.workspace
-            }, {
-                encryptedKey: botKey.encryptedKey,
-                nonce: botKey.nonce,
-                sender: req.user._id,
-                bot: req.bot._id,
-                workspace: req.bot.workspace
-            }, {
-                upsert: true,
-                new: true
-            });
-        } else {
-            // case: bot state set to inactive -> delete bot's workspace key
-            await BotKey.deleteOne({
-                bot: req.bot._id
-            });
-        }
-
-        bot = await Bot.findOneAndUpdate({
-            _id: req.bot._id
-        }, {
-            isActive
-        }, {
-            new: true
-        });
-        
-        if (!bot) throw new Error('Failed to update bot active state');
-        
-	} catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-        return res.status(400).send({
-			message: 'Failed to update bot active state'
-		});
-	}
-    
-    return res.status(200).send({
-        bot
-    });
-};
--- a/backend/src/controllers/v1/integrationAuthController.ts
+++ b/backend/src/controllers/v1/integrationAuthController.ts
@ -1,104 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import axios from 'axios';
-import { readFileSync } from 'fs';
-import { IntegrationAuth, Integration } from '../../models';
-import { INTEGRATION_SET, INTEGRATION_OPTIONS, ENV_DEV } from '../../variables';
-import { IntegrationService } from '../../services';
-import { getApps, revokeAccess } from '../../integrations';
-
-export const getIntegrationOptions = async (
-	req: Request,
-	res: Response
-) => {
-	return res.status(200).send({
-		integrationOptions: INTEGRATION_OPTIONS
-	});
-}
-
-/**
- * Perform OAuth2 code-token exchange as part of integration [integration] for workspace with id [workspaceId]
- * @param req
- * @param res
- * @returns
- */
-export const oAuthExchange = async (
-	req: Request,
-	res: Response
-) => {
-	try {
-		const { workspaceId, code, integration } = req.body;
-
-		if (!INTEGRATION_SET.has(integration))
-			throw new Error('Failed to validate integration');
-	
-		await IntegrationService.handleOAuthExchange({
-			workspaceId,
-			integration,
-			code
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get OAuth2 code-token exchange'
-		});
-	}
-
-	return res.status(200).send({
-		message: 'Successfully enabled integration authorization'
-	});
-};
-
-/**
- * Return list of applications allowed for integration with integration authorization id [integrationAuthId]
- * @param req
- * @param res
- * @returns
- */
-export const getIntegrationAuthApps = async (req: Request, res: Response) => {
-	let apps;
-	try {
-		apps = await getApps({
-			integrationAuth: req.integrationAuth,
-			accessToken: req.accessToken
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-        Sentry.captureException(err);	
-		return res.status(400).send({
-			message: 'Failed to get integration authorization applications'
-		});
-	}
-
-	return res.status(200).send({
-		apps
-	});
-};
-
-/**
- * Delete integration authorization with id [integrationAuthId]
- * @param req
- * @param res
- * @returns
- */
-export const deleteIntegrationAuth = async (req: Request, res: Response) => {
-	try {
-		const { integrationAuthId } = req.params;
-
-		await revokeAccess({
-			integrationAuth: req.integrationAuth,
-			accessToken: req.accessToken
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-        Sentry.captureException(err);	
-		return res.status(400).send({
-			message: 'Failed to delete integration authorization'
-		});
-	}
-	
-	return res.status(200).send({
-		message: 'Successfully deleted integration authorization'
-	});
-}
--- a/backend/src/controllers/v1/integrationController.ts
+++ b/backend/src/controllers/v1/integrationController.ts
@ -1,134 +0,0 @@
-import { Request, Response } from 'express';
-import { readFileSync } from 'fs';
-import * as Sentry from '@sentry/node';
-import { Integration, Bot, BotKey } from '../../models';
-import { EventService } from '../../services';
-import { eventPushSecrets } from '../../events';
-
-interface Key {
-	encryptedKey: string;
-	nonce: string;
-}
-
-interface PushSecret {
-	ciphertextKey: string;
-	ivKey: string;
-	tagKey: string;
-	hashKey: string;
-	ciphertextValue: string;
-	ivValue: string;
-	tagValue: string;
-	hashValue: string;
-	type: 'shared' | 'personal';
-}
-
-/**
- * Change environment or name of integration with id [integrationId]
- * @param req
- * @param res
- * @returns
- */
-export const updateIntegration = async (req: Request, res: Response) => {
-	let integration;
-	
-	// TODO: add integration-specific validation to ensure that each
-	// integration has the correct fields populated in [Integration]
-	
-	try {
-		const { 
-			app, 
-			environment, 
-			isActive, 
-			target, // vercel-specific integration param
-			context, // netlify-specific integration param
-			siteId // netlify-specific integration param
-		} = req.body;
-		
-		integration = await Integration.findOneAndUpdate(
-			{
-				_id: req.integration._id
-			},
-			{
-				environment,
-				isActive,
-				app,
-				target,
-				context,
-				siteId
-			},
-			{
-				new: true
-			}
-		);
-		
-		if (integration) {
-			// trigger event - push secrets
-			EventService.handleEvent({
-				event: eventPushSecrets({
-					workspaceId: integration.workspace.toString()
-				})
-			});
-		}
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to update integration'
-		});
-	}
-
-	return res.status(200).send({
-		integration
-	});
-};
-
-/**
- * Delete integration with id [integrationId] and deactivate bot if there are
- * no integrations left
- * @param req
- * @param res
- * @returns
- */
-export const deleteIntegration = async (req: Request, res: Response) => {
-	let deletedIntegration;
-	try {
-		const { integrationId } = req.params;
-
-		deletedIntegration = await Integration.findOneAndDelete({
-			_id: integrationId
-		});
-		
-		if (!deletedIntegration) throw new Error('Failed to find integration');
-		
-		const integrations = await Integration.find({
-			workspace: deletedIntegration.workspace
-		});
-			
-		if (integrations.length === 0) {
-			// case: no integrations left, deactivate bot
-			const bot = await Bot.findOneAndUpdate({
-				workspace: deletedIntegration.workspace
-			}, {
-				isActive: false
-			}, {
-				new: true
-			});
-			
-			if (bot) {
-				await BotKey.deleteOne({
-					bot: bot._id
-				});
-			}
-		}
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to delete integration'
-		});
-	}
-
-	return res.status(200).send({
-		deletedIntegration
-	});
-};
--- a/backend/src/controllers/v2/apiKeyDataController.ts
+++ b/backend/src/controllers/v2/apiKeyDataController.ts
@ -1,105 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import crypto from 'crypto';
-import bcrypt from 'bcrypt';
-import {
-    APIKeyData
-} from '../../models';
-import {
-    SALT_ROUNDS
-} from '../../config';
-
-/**
- * Return API key data for user with id [req.user_id]
- * @param req
- * @param res 
- * @returns 
- */
-export const getAPIKeyData = async (req: Request, res: Response) => {
-    let apiKeyData;
-    try {
-        apiKeyData = await APIKeyData.find({
-            user: req.user._id
-        });
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-        Sentry.captureException(err);
-        return res.status(400).send({
-            message: 'Failed to get API key data'
-        });
-    }
-    
-    return res.status(200).send({
-        apiKeyData
-    });
-}
-
-/**
- * Create new API key data for user with id [req.user._id]
- * @param req 
- * @param res 
- */
-export const createAPIKeyData = async (req: Request, res: Response) => {
-    let apiKey, apiKeyData;
-    try {
-        const { name, expiresIn } = req.body;
-        
-        const secret = crypto.randomBytes(16).toString('hex');
-        const secretHash = await bcrypt.hash(secret, SALT_ROUNDS);
-        
-		const expiresAt = new Date();
-		expiresAt.setSeconds(expiresAt.getSeconds() + expiresIn);
-        
-        apiKeyData = await new APIKeyData({
-            name,
-            expiresAt,
-            user: req.user._id,
-            secretHash
-        }).save();
-        
-        // return api key data without sensitive data
-        apiKeyData = await APIKeyData.findById(apiKeyData._id);
-        
-        if (!apiKeyData) throw new Error('Failed to find API key data');
-        
-        apiKey = `ak.${apiKeyData._id.toString()}.${secret}`;
-            
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-        Sentry.captureException(err);
-        return res.status(400).send({
-            message: 'Failed to API key data'
-        });
-    }
-    
-    return res.status(200).send({
-        apiKey,
-        apiKeyData
-    });
-}
-
-/**
- * Delete API key data with id [apiKeyDataId].
- * @param req 
- * @param res 
- * @returns 
- */
-export const deleteAPIKeyData = async (req: Request, res: Response) => {
-    let apiKeyData;
-    try {
-        const { apiKeyDataId } = req.params;
-
-        apiKeyData = await APIKeyData.findByIdAndDelete(apiKeyDataId);
-        
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-        Sentry.captureException(err);
-        return res.status(400).send({
-            message: 'Failed to delete API key data'
-        });
-    }
-    
-    return res.status(200).send({
-        apiKeyData
-    });
-}
--- a/backend/src/controllers/v2/index.ts
+++ b/backend/src/controllers/v2/index.ts
@ -1,13 +0,0 @@
-import * as workspaceController from './workspaceController';
-import * as serviceTokenDataController from './serviceTokenDataController';
-import * as apiKeyDataController from './apiKeyDataController';
-import * as secretController from './secretController';
-import * as secretsController from './secretsController';
-
-export {
-    workspaceController,
-    serviceTokenDataController,
-    apiKeyDataController,
-    secretController,
-    secretsController
-}
--- a/backend/src/controllers/v2/secretController.ts
+++ b/backend/src/controllers/v2/secretController.ts
@ -1,401 +0,0 @@
-import to from "await-to-js";
-import { Request, Response } from "express";
-import mongoose, { Types } from "mongoose";
-import Secret, { ISecret } from "../../models/secret";
-import { CreateSecretRequestBody, ModifySecretRequestBody, SanitizedSecretForCreate, SanitizedSecretModify } from "../../types/secret";
-const { ValidationError } = mongoose.Error;
-import { BadRequestError, InternalServerError, UnauthorizedRequestError, ValidationError as RouteValidationError } from '../../utils/errors';
-import { AnyBulkWriteOperation } from 'mongodb';
-import { SECRET_PERSONAL, SECRET_SHARED } from "../../variables";
-import { postHogClient } from '../../services';
-
-/**
- * Create secret for workspace with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- */
-export const createSecret = async (req: Request, res: Response) => {
-  const secretToCreate: CreateSecretRequestBody = req.body.secret;
-  const { workspaceId, environment } = req.params
-  const sanitizedSecret: SanitizedSecretForCreate = {
-    secretKeyCiphertext: secretToCreate.secretKeyCiphertext,
-    secretKeyIV: secretToCreate.secretKeyIV,
-    secretKeyTag: secretToCreate.secretKeyTag,
-    secretKeyHash: secretToCreate.secretKeyHash,
-    secretValueCiphertext: secretToCreate.secretValueCiphertext,
-    secretValueIV: secretToCreate.secretValueIV,
-    secretValueTag: secretToCreate.secretValueTag,
-    secretValueHash: secretToCreate.secretValueHash,
-    secretCommentCiphertext: secretToCreate.secretCommentCiphertext,
-    secretCommentIV: secretToCreate.secretCommentIV,
-    secretCommentTag: secretToCreate.secretCommentTag,
-    secretCommentHash: secretToCreate.secretCommentHash,
-    workspace: new Types.ObjectId(workspaceId),
-    environment,
-    type: secretToCreate.type,
-    user: new Types.ObjectId(req.user._id)
-  }
-
-
-  const [error, secret] = await to(Secret.create(sanitizedSecret).then())
-  if (error instanceof ValidationError) {
-    throw RouteValidationError({ message: error.message, stack: error.stack })
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets added',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: 1,
-        workspaceId,
-        environment,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  res.status(200).send({
-    secret
-  })
-}
-
-/**
- * Create many secrets for workspace wiht id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- */
-export const createSecrets = async (req: Request, res: Response) => {
-  const secretsToCreate: CreateSecretRequestBody[] = req.body.secrets;
-  const { workspaceId, environment } = req.params
-  const sanitizedSecretesToCreate: SanitizedSecretForCreate[] = []
-
-  secretsToCreate.forEach(rawSecret => {
-    const safeUpdateFields: SanitizedSecretForCreate = {
-      secretKeyCiphertext: rawSecret.secretKeyCiphertext,
-      secretKeyIV: rawSecret.secretKeyIV,
-      secretKeyTag: rawSecret.secretKeyTag,
-      secretKeyHash: rawSecret.secretKeyHash,
-      secretValueCiphertext: rawSecret.secretValueCiphertext,
-      secretValueIV: rawSecret.secretValueIV,
-      secretValueTag: rawSecret.secretValueTag,
-      secretValueHash: rawSecret.secretValueHash,
-      secretCommentCiphertext: rawSecret.secretCommentCiphertext,
-      secretCommentIV: rawSecret.secretCommentIV,
-      secretCommentTag: rawSecret.secretCommentTag,
-      secretCommentHash: rawSecret.secretCommentHash,
-      workspace: new Types.ObjectId(workspaceId),
-      environment,
-      type: rawSecret.type,
-      user: new Types.ObjectId(req.user._id)
-    }
-
-    sanitizedSecretesToCreate.push(safeUpdateFields)
-  })
-
-  const [bulkCreateError, secrets] = await to(Secret.insertMany(sanitizedSecretesToCreate).then())
-  if (bulkCreateError) {
-    if (bulkCreateError instanceof ValidationError) {
-      throw RouteValidationError({ message: bulkCreateError.message, stack: bulkCreateError.stack })
-    }
-
-    throw InternalServerError({ message: "Unable to process your batch create request. Please try again", stack: bulkCreateError.stack })
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets added',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: (secretsToCreate ?? []).length,
-        workspaceId,
-        environment,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  res.status(200).send({
-    secrets
-  })
-}
-
-/**
- * Delete secrets in workspace with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- */
-export const deleteSecrets = async (req: Request, res: Response) => {
-  const { workspaceId, environmentName } = req.params
-  const secretIdsToDelete: string[] = req.body.secretIds
-
-  const [secretIdsUserCanDeleteError, secretIdsUserCanDelete] = await to(Secret.find({ workspace: workspaceId, environment: environmentName }, { _id: 1 }).then())
-  if (secretIdsUserCanDeleteError) {
-    throw InternalServerError({ message: `Unable to fetch secrets you own: [error=${secretIdsUserCanDeleteError.message}]` })
-  }
-
-  const secretsUserCanDeleteSet: Set<string> = new Set(secretIdsUserCanDelete.map(objectId => objectId._id.toString()));
-  const deleteOperationsToPerform: AnyBulkWriteOperation<ISecret>[] = []
-
-  let numSecretsDeleted = 0;
-  secretIdsToDelete.forEach(secretIdToDelete => {
-    if (secretsUserCanDeleteSet.has(secretIdToDelete)) {
-      const deleteOperation = { deleteOne: { filter: { _id: new Types.ObjectId(secretIdToDelete) } } }
-      deleteOperationsToPerform.push(deleteOperation)
-      numSecretsDeleted++;
-    } else {
-      throw RouteValidationError({ message: "You cannot delete secrets that you do not have access to" })
-    }
-  })
-
-  const [bulkDeleteError, bulkDelete] = await to(Secret.bulkWrite(deleteOperationsToPerform).then())
-  if (bulkDeleteError) {
-    if (bulkDeleteError instanceof ValidationError) {
-      throw RouteValidationError({ message: "Unable to apply modifications, please try again", stack: bulkDeleteError.stack })
-    }
-    throw InternalServerError()
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets deleted',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: numSecretsDeleted,
-        environment: environmentName,
-        workspaceId,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  res.status(200).send()
-}
-
-/**
- * Delete secret with id [secretId]
- * @param req 
- * @param res
- */
-export const deleteSecret = async (req: Request, res: Response) => {
-  await Secret.findByIdAndDelete(req._secret._id)
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets deleted',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: 1,
-        workspaceId: req._secret.workspace.toString(),
-        environment: req._secret.environment,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  res.status(200).send({
-    secret: req._secret
-  })
-}
-
-/**
- * Update secrets for workspace with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- * @returns 
- */
-export const updateSecrets = async (req: Request, res: Response) => {
-  const { workspaceId, environmentName } = req.params
-  const secretsModificationsRequested: ModifySecretRequestBody[] = req.body.secrets;
-  const [secretIdsUserCanModifyError, secretIdsUserCanModify] = await to(Secret.find({ workspace: workspaceId, environment: environmentName }, { _id: 1 }).then())
-  if (secretIdsUserCanModifyError) {
-    throw InternalServerError({ message: "Unable to fetch secrets you own" })
-  }
-
-  const secretsUserCanModifySet: Set<string> = new Set(secretIdsUserCanModify.map(objectId => objectId._id.toString()));
-  const updateOperationsToPerform: any = []
-
-  secretsModificationsRequested.forEach(userModifiedSecret => {
-    if (secretsUserCanModifySet.has(userModifiedSecret._id.toString())) {
-      const sanitizedSecret: SanitizedSecretModify = {
-        secretKeyCiphertext: userModifiedSecret.secretKeyCiphertext,
-        secretKeyIV: userModifiedSecret.secretKeyIV,
-        secretKeyTag: userModifiedSecret.secretKeyTag,
-        secretKeyHash: userModifiedSecret.secretKeyHash,
-        secretValueCiphertext: userModifiedSecret.secretValueCiphertext,
-        secretValueIV: userModifiedSecret.secretValueIV,
-        secretValueTag: userModifiedSecret.secretValueTag,
-        secretValueHash: userModifiedSecret.secretValueHash,
-        secretCommentCiphertext: userModifiedSecret.secretCommentCiphertext,
-        secretCommentIV: userModifiedSecret.secretCommentIV,
-        secretCommentTag: userModifiedSecret.secretCommentTag,
-        secretCommentHash: userModifiedSecret.secretCommentHash,
-      }
-
-      const updateOperation = { updateOne: { filter: { _id: userModifiedSecret._id, workspace: workspaceId }, update: { $inc: { version: 1 }, $set: sanitizedSecret } } }
-      updateOperationsToPerform.push(updateOperation)
-    } else {
-      throw UnauthorizedRequestError({ message: "You do not have permission to modify one or more of the requested secrets" })
-    }
-  })
-
-  const [bulkModificationInfoError, bulkModificationInfo] = await to(Secret.bulkWrite(updateOperationsToPerform).then())
-  if (bulkModificationInfoError) {
-    if (bulkModificationInfoError instanceof ValidationError) {
-      throw RouteValidationError({ message: "Unable to apply modifications, please try again", stack: bulkModificationInfoError.stack })
-    }
-
-    throw InternalServerError()
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets modified',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: (secretsModificationsRequested ?? []).length,
-        environment: environmentName,
-        workspaceId,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  return res.status(200).send()
-}
-
-/**
- * Update a secret within workspace with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- * @returns 
- */
-export const updateSecret = async (req: Request, res: Response) => {
-  const { workspaceId, environmentName } = req.params
-  const secretModificationsRequested: ModifySecretRequestBody = req.body.secret;
-
-  const [secretIdUserCanModifyError, secretIdUserCanModify] = await to(Secret.findOne({ workspace: workspaceId, environment: environmentName }, { _id: 1 }).then())
-  if (secretIdUserCanModifyError && !secretIdUserCanModify) {
-    throw BadRequestError()
-  }
-
-  const sanitizedSecret: SanitizedSecretModify = {
-    secretKeyCiphertext: secretModificationsRequested.secretKeyCiphertext,
-    secretKeyIV: secretModificationsRequested.secretKeyIV,
-    secretKeyTag: secretModificationsRequested.secretKeyTag,
-    secretKeyHash: secretModificationsRequested.secretKeyHash,
-    secretValueCiphertext: secretModificationsRequested.secretValueCiphertext,
-    secretValueIV: secretModificationsRequested.secretValueIV,
-    secretValueTag: secretModificationsRequested.secretValueTag,
-    secretValueHash: secretModificationsRequested.secretValueHash,
-    secretCommentCiphertext: secretModificationsRequested.secretCommentCiphertext,
-    secretCommentIV: secretModificationsRequested.secretCommentIV,
-    secretCommentTag: secretModificationsRequested.secretCommentTag,
-    secretCommentHash: secretModificationsRequested.secretCommentHash,
-  }
-
-  const [error, singleModificationUpdate] = await to(Secret.updateOne({ _id: secretModificationsRequested._id, workspace: workspaceId }, { $inc: { version: 1 }, $set: sanitizedSecret }).then())
-  if (error instanceof ValidationError) {
-    throw RouteValidationError({ message: "Unable to apply modifications, please try again", stack: error.stack })
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets modified',
-      distinctId: req.user.email,
-      properties: {
-        numberOfSecrets: 1,
-        environment: environmentName,
-        workspaceId,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  return res.status(200).send(singleModificationUpdate)
-}
-
-/**
- * Return secrets for workspace with id [workspaceId], environment [environment] and user
- * with id [req.user._id]
- * @param req 
- * @param res 
- * @returns 
- */
-export const getSecrets = async (req: Request, res: Response) => {
-  const { environment } = req.query;
-  const { workspaceId } = req.params;
-
-  let userId: Types.ObjectId | undefined = undefined // used for getting personal secrets for user
-  let userEmail: Types.ObjectId | undefined = undefined // used for posthog 
-  if (req.user) {
-    userId = req.user._id;
-    userEmail = req.user.email;
-  }
-
-  if (req.serviceTokenData) {
-    userId = req.serviceTokenData.user._id
-    userEmail = req.serviceTokenData.user.email;
-  }
-
-  const [err, secrets] = await to(Secret.find(
-    {
-      workspace: workspaceId,
-      environment,
-      $or: [{ user: userId }, { user: { $exists: false } }],
-      type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
-    }
-  ).then())
-
-  if (err) {
-    throw RouteValidationError({ message: "Failed to get secrets, please try again", stack: err.stack })
-  }
-
-  if (postHogClient) {
-    postHogClient.capture({
-      event: 'secrets pulled',
-      distinctId: userEmail,
-      properties: {
-        numberOfSecrets: (secrets ?? []).length,
-        environment,
-        workspaceId,
-        channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-        userAgent: req.headers?.['user-agent']
-      }
-    });
-  }
-
-  return res.json(secrets)
-}
-
-/**
- * Return secret with id [secretId]
- * @param req 
- * @param res 
- * @returns 
- */
-export const getSecret = async (req: Request, res: Response) => {
-  // if (postHogClient) {
-  //   postHogClient.capture({
-  //     event: 'secrets pulled',
-  //     distinctId: req.user.email,
-  //     properties: {
-  //       numberOfSecrets: 1,
-  //       workspaceId: req._secret.workspace.toString(),
-  //       environment: req._secret.environment,
-  //       channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-  //       userAgent: req.headers?.['user-agent']
-  //     }
-  //   });
-  // }
-
-  return res.status(200).send({
-    secret: req._secret
-  });
-}
--- a/backend/src/controllers/v2/secretsController.ts
+++ b/backend/src/controllers/v2/secretsController.ts
@ -1,472 +0,0 @@
-import to from 'await-to-js';
-import { Types } from 'mongoose';
-import { Request, Response } from 'express';
-import { ISecret, Secret } from '../../models';
-import {
-    SECRET_PERSONAL,
-    SECRET_SHARED,
-    ACTION_ADD_SECRETS,
-    ACTION_READ_SECRETS,
-    ACTION_UPDATE_SECRETS,
-    ACTION_DELETE_SECRETS
-} from '../../variables';
-import { ValidationError } from '../../utils/errors';
-import { EventService } from '../../services';
-import { eventPushSecrets } from '../../events';
-import { EESecretService, EELogService } from '../../ee/services';
-import { postHogClient } from '../../services';
-import { BadRequestError } from '../../utils/errors';
-
-/**
- * Create secret(s) for workspace with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- */
-export const createSecrets = async (req: Request, res: Response) => {
-    const channel = req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli';
-    const { workspaceId, environment } = req.body;
-
-    let toAdd;
-    if (Array.isArray(req.body.secrets)) {
-        // case: create multiple secrets
-        toAdd = req.body.secrets;
-    } else if (typeof req.body.secrets === 'object') {
-        // case: create 1 secret
-        toAdd = [req.body.secrets];
-    }
-
-    const newSecrets = await Secret.insertMany(
-        toAdd.map(({
-            type,
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-        }: {
-            type: string;
-            secretKeyCiphertext: string;
-            secretKeyIV: string;
-            secretKeyTag: string;
-            secretValueCiphertext: string;
-            secretValueIV: string;
-            secretValueTag: string;
-        }) => ({
-            version: 1,
-            workspace: new Types.ObjectId(workspaceId),
-            type,
-            user: type === SECRET_PERSONAL ? req.user : undefined,
-            environment,
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag
-        }))
-    );
-
-    // (EE) add secret versions for new secrets
-    EESecretService.addSecretVersions({
-        secretVersions: newSecrets.map(({
-            _id,
-            version,
-            workspace,
-            type,
-            user,
-            environment,
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretKeyHash,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-            secretValueHash
-        }) => ({
-            _id: new Types.ObjectId(),
-            secret: _id,
-            version,
-            workspace,
-            type,
-            user,
-            environment,
-            isDeleted: false,
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretKeyHash,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-            secretValueHash
-        }))
-    });
-
-    // trigger event - push secrets
-    await EventService.handleEvent({
-        event: eventPushSecrets({
-            workspaceId
-        })
-    });
-
-    const addAction = await EELogService.createActionSecret({
-        name: ACTION_ADD_SECRETS,
-        userId: req.user._id.toString(),
-        workspaceId,
-        secretIds: newSecrets.map((n) => n._id)
-    });
-
-    // (EE) create (audit) log
-    addAction && await EELogService.createLog({
-        userId: req.user._id.toString(),
-        workspaceId,
-        actions: [addAction],
-        channel,
-        ipAddress: req.ip
-    });
-
-    // (EE) take a secret snapshot
-    await EESecretService.takeSecretSnapshot({
-        workspaceId
-    });
-
-    if (postHogClient) {
-        postHogClient.capture({
-            event: 'secrets added',
-            distinctId: req.user.email,
-            properties: {
-                numberOfSecrets: toAdd.length,
-                environment,
-                workspaceId,
-                channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-                userAgent: req.headers?.['user-agent']
-            }
-        });
-    }
-
-    return res.status(200).send({
-        secrets: newSecrets
-    });
-}
-
-/**
- * Return secret(s) for workspace with id [workspaceId], environment [environment] and user
- * with id [req.user._id]
- * @param req 
- * @param res 
- * @returns 
- */
-export const getSecrets = async (req: Request, res: Response) => {
-    const { workspaceId, environment } = req.query;
-
-    let userId: Types.ObjectId | undefined = undefined // used for getting personal secrets for user
-    let userEmail: Types.ObjectId | undefined = undefined // used for posthog 
-    if (req.user) {
-        userId = req.user._id;
-        userEmail = req.user.email;
-    }
-
-    if (req.serviceTokenData) {
-        userId = req.serviceTokenData.user._id
-        userEmail = req.serviceTokenData.user.email;
-    }
-
-    const [err, secrets] = await to(Secret.find(
-        {
-            workspace: workspaceId,
-            environment,
-            $or: [
-                { user: userId },
-                { user: { $exists: false } }
-            ],
-            type: { $in: [SECRET_SHARED, SECRET_PERSONAL] }
-        }
-    ).then())
-
-    if (err) throw ValidationError({ message: 'Failed to get secrets', stack: err.stack });
-
-    const channel = req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli';
-
-    const readAction = await EELogService.createActionSecret({
-        name: ACTION_READ_SECRETS,
-        userId: req.user._id.toString(),
-        workspaceId: workspaceId as string,
-        secretIds: secrets.map((n: any) => n._id)
-    });
-
-    readAction && await EELogService.createLog({
-        userId: req.user._id.toString(),
-        workspaceId: workspaceId as string,
-        actions: [readAction],
-        channel,
-        ipAddress: req.ip
-    });
-
-    if (postHogClient) {
-        postHogClient.capture({
-            event: 'secrets added',
-            distinctId: userEmail,
-            properties: {
-                numberOfSecrets: secrets.length,
-                environment,
-                workspaceId,
-                channel,
-                userAgent: req.headers?.['user-agent']
-            }
-        });
-    }
-
-    return res.status(200).send({
-        secrets
-    });
-}
-
-/**
- * Update secret(s)
- * @param req 
- * @param res 
- */
-export const updateSecrets = async (req: Request, res: Response) => {
-    const channel = req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli';
-
-    // TODO: move type
-    interface PatchSecret {
-        id: string;
-        secretKeyCiphertext: string;
-        secretKeyIV: string;
-        secretKeyTag: string;
-        secretValueCiphertext: string;
-        secretValueIV: string;
-        secretValueTag: string;
-        secretCommentCiphertext: string;
-        secretCommentIV: string;
-        secretCommentTag: string;
-    }
-
-    const updateOperationsToPerform = req.body.secrets.map((secret: PatchSecret) => {
-        const {
-            secretKeyCiphertext,
-            secretKeyIV,
-            secretKeyTag,
-            secretValueCiphertext,
-            secretValueIV,
-            secretValueTag,
-            secretCommentCiphertext,
-            secretCommentIV,
-            secretCommentTag
-        } = secret;
-
-        return ({
-            updateOne: {
-                filter: { _id: new Types.ObjectId(secret.id) },
-                update: {
-                    $inc: {
-                        version: 1
-                    },
-                    secretKeyCiphertext,
-                    secretKeyIV,
-                    secretKeyTag,
-                    secretValueCiphertext,
-                    secretValueIV,
-                    secretValueTag,
-                    ...((
-                        secretCommentCiphertext &&
-                        secretCommentIV &&
-                        secretCommentTag
-                    ) ? {
-                        secretCommentCiphertext,
-                        secretCommentIV,
-                        secretCommentTag
-                    } : {}),
-                }
-            }
-        });
-    });
-
-    await Secret.bulkWrite(updateOperationsToPerform);
-
-    const secretModificationsBySecretId: { [key: string]: PatchSecret } = {};
-    req.body.secrets.forEach((secret: PatchSecret) => {
-        secretModificationsBySecretId[secret.id] = secret;
-    });
-
-    const ListOfSecretsBeforeModifications = req.secrets
-    const secretVersions = {
-        secretVersions: ListOfSecretsBeforeModifications.map((secret: ISecret) => {
-            const {
-                secretKeyCiphertext,
-                secretKeyIV,
-                secretKeyTag,
-                secretValueCiphertext,
-                secretValueIV,
-                secretValueTag,
-                secretCommentCiphertext,
-                secretCommentIV,
-                secretCommentTag,
-            } = secretModificationsBySecretId[secret._id.toString()]
-
-            return ({
-                secret: secret._id,
-                version: secret.version + 1,
-                workspace: secret.workspace,
-                type: secret.type,
-                environment: secret.environment,
-                secretKeyCiphertext: secretKeyCiphertext ? secretKeyCiphertext : secret.secretKeyCiphertext,
-                secretKeyIV: secretKeyIV ? secretKeyIV : secret.secretKeyIV,
-                secretKeyTag: secretKeyTag ? secretKeyTag : secret.secretKeyTag,
-                secretValueCiphertext: secretValueCiphertext ? secretValueCiphertext : secret.secretValueCiphertext,
-                secretValueIV: secretValueIV ? secretValueIV : secret.secretValueIV,
-                secretValueTag: secretValueTag ? secretValueTag : secret.secretValueTag,
-                secretCommentCiphertext: secretCommentCiphertext ? secretCommentCiphertext : secret.secretCommentCiphertext,
-                secretCommentIV: secretCommentIV ? secretCommentIV : secret.secretCommentIV,
-                secretCommentTag: secretCommentTag ? secretCommentTag : secret.secretCommentTag,
-            });
-        })
-    }
-
-    await EESecretService.addSecretVersions(secretVersions);
-
-
-    // group secrets into workspaces so updated secrets can
-    // be logged and snapshotted separately for each workspace
-    const workspaceSecretObj: any = {};
-    req.secrets.forEach((s: any) => {
-        if (s.workspace.toString() in workspaceSecretObj) {
-            workspaceSecretObj[s.workspace.toString()].push(s);
-        } else {
-            workspaceSecretObj[s.workspace.toString()] = [s]
-        }
-    });
-
-    Object.keys(workspaceSecretObj).forEach(async (key) => {
-        // trigger event - push secrets
-        await EventService.handleEvent({
-            event: eventPushSecrets({
-                workspaceId: key
-            })
-        });
-
-        const updateAction = await EELogService.createActionSecret({
-            name: ACTION_UPDATE_SECRETS,
-            userId: req.user._id.toString(),
-            workspaceId: key,
-            secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id)
-        });
-
-        // (EE) create (audit) log
-        updateAction && await EELogService.createLog({
-            userId: req.user._id.toString(),
-            workspaceId: key,
-            actions: [updateAction],
-            channel,
-            ipAddress: req.ip
-        });
-
-        // (EE) take a secret snapshot
-        await EESecretService.takeSecretSnapshot({
-            workspaceId: key
-        })
-
-        if (postHogClient) {
-            postHogClient.capture({
-                event: 'secrets modified',
-                distinctId: req.user.email,
-                properties: {
-                    numberOfSecrets: workspaceSecretObj[key].length,
-                    environment: workspaceSecretObj[key][0].environment,
-                    workspaceId: key,
-                    channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-                    userAgent: req.headers?.['user-agent']
-                }
-            });
-        }
-    });
-
-    return res.status(200).send({
-        secrets: await Secret.find({
-            _id: {
-                $in: req.secrets.map((secret: ISecret) => secret._id)
-            }
-        })
-    });
-}
-
-/**
- * Delete secret(s) with id [workspaceId] and environment [environment]
- * @param req 
- * @param res 
- */
-export const deleteSecrets = async (req: Request, res: Response) => {
-    const channel = req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli';
-    const toDelete = req.secrets.map((s: any) => s._id);
-
-    await Secret.deleteMany({
-        _id: {
-            $in: toDelete
-        }
-    });
-
-    await EESecretService.markDeletedSecretVersions({
-        secretIds: toDelete
-    });
-
-    // group secrets into workspaces so deleted secrets can
-    // be logged and snapshotted separately for each workspace
-    const workspaceSecretObj: any = {};
-    req.secrets.forEach((s: any) => {
-        if (s.workspace.toString() in workspaceSecretObj) {
-            workspaceSecretObj[s.workspace.toString()].push(s);
-        } else {
-            workspaceSecretObj[s.workspace.toString()] = [s]
-        }
-    });
-
-    Object.keys(workspaceSecretObj).forEach(async (key) => {
-        // trigger event - push secrets
-        await EventService.handleEvent({
-            event: eventPushSecrets({
-                workspaceId: key
-            })
-        });
-        const deleteAction = await EELogService.createActionSecret({
-            name: ACTION_DELETE_SECRETS,
-            userId: req.user._id.toString(),
-            workspaceId: key,
-            secretIds: workspaceSecretObj[key].map((secret: ISecret) => secret._id)
-        });
-
-        // (EE) create (audit) log
-        deleteAction && await EELogService.createLog({
-            userId: req.user._id.toString(),
-            workspaceId: key,
-            actions: [deleteAction],
-            channel,
-            ipAddress: req.ip
-        });
-
-        // (EE) take a secret snapshot
-        await EESecretService.takeSecretSnapshot({
-            workspaceId: key
-        })
-
-        if (postHogClient) {
-            postHogClient.capture({
-                event: 'secrets deleted',
-                distinctId: req.user.email,
-                properties: {
-                    numberOfSecrets: workspaceSecretObj[key].length,
-                    environment: workspaceSecretObj[key][0].environment,
-                    workspaceId: key,
-                    channel: req.headers?.['user-agent']?.toLowerCase().includes('mozilla') ? 'web' : 'cli',
-                    userAgent: req.headers?.['user-agent']
-                }
-            });
-        }
-    });
-
-    return res.status(200).send({
-        secrets: req.secrets
-    });
-}
--- a/backend/src/controllers/v2/serviceTokenDataController.ts
+++ b/backend/src/controllers/v2/serviceTokenDataController.ts
@ -1,103 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import crypto from 'crypto';
-import bcrypt from 'bcrypt';
-import {
-    ServiceTokenData
-} from '../../models';
-import {
-    SALT_ROUNDS
-} from '../../config';
-
-/**
- * Return service token data associated with service token on request
- * @param req 
- * @param res 
- * @returns 
- */
-export const getServiceTokenData = async (req: Request, res: Response) => res.status(200).json(req.serviceTokenData);
-
-/**
- * Create new service token data for workspace with id [workspaceId] and
- * environment [environment].
- * @param req 
- * @param res 
- * @returns 
- */
-export const createServiceTokenData = async (req: Request, res: Response) => {
-    let serviceToken, serviceTokenData;
-    try {
-        const {
-            name,
-            workspaceId,
-            environment,
-            encryptedKey,
-            iv,
-            tag,
-            expiresIn
-        } = req.body;
-
-        const secret = crypto.randomBytes(16).toString('hex');
-        const secretHash = await bcrypt.hash(secret, SALT_ROUNDS);
-
-        const expiresAt = new Date();
-        expiresAt.setSeconds(expiresAt.getSeconds() + expiresIn);
-
-        serviceTokenData = await new ServiceTokenData({
-            name,
-            workspace: workspaceId,
-            environment,
-            user: req.user._id,
-            expiresAt,
-            secretHash,
-            encryptedKey,
-            iv,
-            tag
-        }).save();
-
-        // return service token data without sensitive data
-        serviceTokenData = await ServiceTokenData.findById(serviceTokenData._id);
-
-        if (!serviceTokenData) throw new Error('Failed to find service token data');
-
-        serviceToken = `st.${serviceTokenData._id.toString()}.${secret}`;
-
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-        Sentry.captureException(err);
-        return res.status(400).send({
-            message: 'Failed to create service token data'
-        });
-    }
-
-    return res.status(200).send({
-        serviceToken,
-        serviceTokenData
-    });
-}
-
-/**
- * Delete service token data with id [serviceTokenDataId].
- * @param req 
- * @param res 
- * @returns 
- */
-export const deleteServiceTokenData = async (req: Request, res: Response) => {
-    let serviceTokenData;
-    try {
-        const { serviceTokenDataId } = req.params;
-
-        serviceTokenData = await ServiceTokenData.findByIdAndDelete(serviceTokenDataId);
-
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-        Sentry.captureException(err);
-        return res.status(400).send({
-            message: 'Failed to delete service token data'
-        });
-    }
-
-    return res.status(200).send({
-        serviceTokenData
-    });
-}
--- a/backend/src/controllers/v2/workspaceController.ts
+++ b/backend/src/controllers/v2/workspaceController.ts
@ -1,217 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import {
-	Workspace,
-	Membership,
-	MembershipOrg,
-	Integration,
-	IntegrationAuth,
-	Key,
-	IUser,
-	ServiceToken,
-	ServiceTokenData
-} from '../../models';
-import {
-	v2PushSecrets as push,
-	pullSecrets as pull,
-	reformatPullSecrets
-} from '../../helpers/secret';
-import { pushKeys } from '../../helpers/key';
-import { postHogClient, EventService } from '../../services';
-import { eventPushSecrets } from '../../events';
-import { ENV_SET } from '../../variables';
-
-interface V2PushSecret {
-	type: string; // personal or shared
-	secretKeyCiphertext: string;
-	secretKeyIV: string;
-	secretKeyTag: string;
-	secretKeyHash: string;
-	secretValueCiphertext: string;
-	secretValueIV: string;
-	secretValueTag: string;
-	secretValueHash: string;
-	secretCommentCiphertext?: string;
-	secretCommentIV?: string;
-	secretCommentTag?: string;
-	secretCommentHash?: string;
-}
-
-/**
- * Upload (encrypted) secrets to workspace with id [workspaceId]
- * for environment [environment]
- * @param req
- * @param res
- * @returns
- */
-export const pushWorkspaceSecrets = async (req: Request, res: Response) => {
-	// upload (encrypted) secrets to workspace with id [workspaceId]
-	try {
-		let { secrets }: { secrets: V2PushSecret[] } = req.body;
-		const { keys, environment, channel } = req.body;
-		const { workspaceId } = req.params;
-
-		// validate environment
-		if (!ENV_SET.has(environment)) {
-			throw new Error('Failed to validate environment');
-		}
-
-		// sanitize secrets
-		secrets = secrets.filter(
-			(s: V2PushSecret) => s.secretKeyCiphertext !== '' && s.secretValueCiphertext !== ''
-		);
-
-		await push({
-			userId: req.user._id,
-			workspaceId,
-			environment,
-			secrets,
-			channel: channel ? channel : 'cli',
-			ipAddress: req.ip
-		});
-
-		await pushKeys({
-			userId: req.user._id,
-			workspaceId,
-			keys
-		});
-
-		if (postHogClient) {
-			postHogClient.capture({
-				event: 'secrets pushed',
-				distinctId: req.user.email,
-				properties: {
-					numberOfSecrets: secrets.length,
-					environment,
-					workspaceId,
-					channel: channel ? channel : 'cli'
-				}
-			});
-		}
-
-		// trigger event - push secrets
-		EventService.handleEvent({
-			event: eventPushSecrets({
-				workspaceId
-			})
-		});
-
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to upload workspace secrets'
-		});
-	}
-
-	return res.status(200).send({
-		message: 'Successfully uploaded workspace secrets'
-	});
-};
-
-/**
- * Return (encrypted) secrets for workspace with id [workspaceId]
- * for environment [environment]
- * @param req
- * @param res
- * @returns
- */
-export const pullSecrets = async (req: Request, res: Response) => {
-	let secrets;
-	try {
-		const environment: string = req.query.environment as string;
-		const channel: string = req.query.channel as string;
-		const { workspaceId } = req.params;
-
-		let userId;
-		if (req.user) {
-			userId = req.user._id.toString();
-		} else if (req.serviceTokenData) {
-			userId = req.serviceTokenData.user._id
-		}
-
-		secrets = await pull({
-			userId,
-			workspaceId,
-			environment,
-			channel: channel ? channel : 'cli',
-			ipAddress: req.ip
-		});
-
-		if (channel !== 'cli') {
-			secrets = reformatPullSecrets({ secrets });
-		}
-
-		if (postHogClient) {
-			// capture secrets pushed event in production
-			postHogClient.capture({
-				distinctId: req.user.email,
-				event: 'secrets pulled',
-				properties: {
-					numberOfSecrets: secrets.length,
-					environment,
-					workspaceId,
-					channel: channel ? channel : 'cli'
-				}
-			});
-		}
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to pull workspace secrets'
-		});
-	}
-
-	return res.status(200).send({
-		secrets
-	});
-};
-
-export const getWorkspaceKey = async (req: Request, res: Response) => {
-	let key;
-	try {
-		const { workspaceId } = req.params;
-
-		key = await Key.findOne({
-			workspace: workspaceId,
-			receiver: req.user._id
-		}).populate('sender', '+publicKey');
-
-		if (!key) throw new Error('Failed to find workspace key');
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get workspace key'
-		});
-	}
-
-	return res.status(200).json(key);
-}
-export const getWorkspaceServiceTokenData = async (
-	req: Request,
-	res: Response
-) => {
-	let serviceTokenData;
-	try {
-		const { workspaceId } = req.params;
-
-		serviceTokenData = await ServiceTokenData
-			.find({
-				workspace: workspaceId
-			})
-			.select('+encryptedKey +iv +tag');
-
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get workspace service token data'
-		});
-	}
-
-	return res.status(200).send({
-		serviceTokenData
-	});
-}
--- a/backend/src/controllers/v1/workspaceController.ts
+++ b/backend/src/controllers/v1/workspaceController.ts
@ -7,15 +7,14 @@ import {
 	Integration,
 	IntegrationAuth,
 	IUser,
-	ServiceToken,
-	ServiceTokenData
-} from '../../models';
+	ServiceToken
+} from '../models';
 import {
 	createWorkspace as create,
 	deleteWorkspace as deleteWork
-} from '../../helpers/workspace';
-import { addMemberships } from '../../helpers/membership';
-import { ADMIN } from '../../variables';
+} from '../helpers/workspace';
+import { addMemberships } from '../helpers/membership';
+import { ADMIN, COMPLETED, GRANTED } from '../variables';

 /**
 * Return public keys of members of workspace with id [workspaceId]
@ -33,12 +32,13 @@ export const getWorkspacePublicKeys = async (req: Request, res: Response) => {
 				workspace: workspaceId
 			}).populate<{ user: IUser }>('user', 'publicKey')
 		)
-		.map((member) => {
-			return {
-				publicKey: member.user.publicKey,
-				userId: member.user._id
-			};
-		});
+			.filter((m) => m.status === COMPLETED || m.status === GRANTED)
+			.map((member) => {
+				return {
+					publicKey: member.user.publicKey,
+					userId: member.user._id
+				};
+			});
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
 		Sentry.captureException(err);
@ -168,7 +168,8 @@ export const createWorkspace = async (req: Request, res: Response) => {
 		await addMemberships({
 			userIds: [req.user._id],
 			workspaceId: workspace._id.toString(),
-			roles: [ADMIN]
+			roles: [ADMIN],
+			statuses: [GRANTED]
 		});
 	} catch (err) {
 		Sentry.setUser({ email: req.user.email });
--- a/backend/src/ee/controllers/index.ts
+++ b/backend/src/ee/controllers/index.ts
@ -0,0 +1,5 @@
+import * as stripeController from './stripeController';
+
+export {
+    stripeController
+}
--- a/backend/src/ee/controllers/stripeController.ts
+++ b/backend/src/ee/controllers/stripeController.ts
--- a/backend/src/ee/controllers/v1/actionController.ts
+++ b/backend/src/ee/controllers/v1/actionController.ts
@ -1,31 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { Action, SecretVersion } from '../../models';
-import { ActionNotFoundError } from '../../../utils/errors';
-
-export const getAction = async (req: Request, res: Response) => {
-    let action;
-    try {
-        const { actionId } = req.params;
-        
-        action = await Action
-            .findById(actionId)
-            .populate([
-                'payload.secretVersions.oldSecretVersion',
-                'payload.secretVersions.newSecretVersion'
-            ]);
-        
-        if (!action) throw ActionNotFoundError({
-            message: 'Failed to find action'
-        });
-
-    } catch (err) {
-        throw ActionNotFoundError({
-            message: 'Failed to find action'
-        });
-    }
-    
-    return res.status(200).send({
-        action
-    });
-}
--- a/backend/src/ee/controllers/v1/index.ts
+++ b/backend/src/ee/controllers/v1/index.ts
@ -1,13 +0,0 @@
-import * as stripeController from './stripeController';
-import * as secretController from './secretController';
-import * as secretSnapshotController from './secretSnapshotController';
-import * as workspaceController from './workspaceController';
-import * as actionController from './actionController';
-
-export {
-    stripeController,
-    secretController,
-    secretSnapshotController,
-    workspaceController,
-    actionController
-}
--- a/backend/src/ee/controllers/v1/secretController.ts
+++ b/backend/src/ee/controllers/v1/secretController.ts
@ -1,137 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { Secret } from '../../../models';
-import { SecretVersion } from '../../models';
-import { EESecretService } from '../../services';
-
-/**
- * Return secret versions for secret with id [secretId]
- * @param req 
- * @param res 
- */
- export const getSecretVersions = async (req: Request, res: Response) => {
-	let secretVersions;
-	try {
-		const { secretId } = req.params;
-
-		const offset: number = parseInt(req.query.offset as string);
-		const limit: number = parseInt(req.query.limit as string);
-		
-		secretVersions = await SecretVersion.find({
-			secret: secretId
-		})
-		.sort({ createdAt: -1 })
-		.skip(offset)
-		.limit(limit);
-
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get secret versions'
-		});
-	}
-	
-	return res.status(200).send({
-		secretVersions
-	});
-}
-
-/**
- * Roll back secret with id [secretId] to version [version]
- * @param req 
- * @param res 
- * @returns 
- */
-export const rollbackSecretVersion = async (req: Request, res: Response) => {
-	let secret;
-	try {
-		const { secretId } = req.params;
-		const { version } = req.body;
-		
-		// validate secret version
-		const oldSecretVersion = await SecretVersion.findOne({
-			secret: secretId,
-			version
-		});
-		
-		if (!oldSecretVersion) throw new Error('Failed to find secret version');
-		
-		const {
-			workspace,
-			type,
-			user,
-			environment,
-			secretKeyCiphertext,
-			secretKeyIV,
-			secretKeyTag,
-			secretKeyHash,
-			secretValueCiphertext,
-			secretValueIV,
-			secretValueTag,
-			secretValueHash
-		} = oldSecretVersion;
-		
-		// update secret
-		secret = await Secret.findByIdAndUpdate(
-			secretId,
-			{
-				$inc: {
-					version: 1
-				},
-				workspace,
-				type,
-				user,
-				environment,
-				secretKeyCiphertext,
-				secretKeyIV,
-				secretKeyTag,
-				secretKeyHash,
-				secretValueCiphertext,
-				secretValueIV,
-				secretValueTag,
-				secretValueHash
-			},
-			{
-				new: true
-			}
-		);
-		
-		if (!secret) throw new Error('Failed to find and update secret');
-
-		// add new secret version
-		await new SecretVersion({
-			secret: secretId,
-			version: secret.version,
-			workspace,
-			type,
-			user,
-			environment,
-			isDeleted: false,
-			secretKeyCiphertext,
-			secretKeyIV,
-			secretKeyTag,
-			secretKeyHash,
-			secretValueCiphertext,
-			secretValueIV,
-			secretValueTag,
-			secretValueHash	
-		}).save();
-		
-		// take secret snapshot
-		await EESecretService.takeSecretSnapshot({
-			workspaceId: secret.workspace.toString()
-		});
-		
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to roll back secret version'
-		});
-	}
-	
-	return res.status(200).send({
-		secret
-	});
-}
--- a/backend/src/ee/controllers/v1/secretSnapshotController.ts
+++ b/backend/src/ee/controllers/v1/secretSnapshotController.ts
@ -1,33 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { SecretSnapshot } from '../../models';
-
-/**
- * Return secret snapshot with id [secretSnapshotId]
- * @param req 
- * @param res 
- * @returns 
- */
-export const getSecretSnapshot = async (req: Request, res: Response) => {
-    let secretSnapshot;
-    try {
-        const { secretSnapshotId } = req.params;
-
-        secretSnapshot = await SecretSnapshot
-            .findById(secretSnapshotId)
-            .populate('secretVersions');
-        
-        if (!secretSnapshot) throw new Error('Failed to find secret snapshot');
-        
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get secret snapshot'
-		});
-    }
-    
-    return res.status(200).send({
-        secretSnapshot
-    });
-}
--- a/backend/src/ee/controllers/v1/workspaceController.ts
+++ b/backend/src/ee/controllers/v1/workspaceController.ts
@ -1,273 +0,0 @@
-import { Request, Response } from 'express';
-import * as Sentry from '@sentry/node';
-import { Types } from 'mongoose';
-import {
-	Secret
-} from '../../../models';
-import { 
-	SecretSnapshot,
-	Log,
-	SecretVersion,
-	ISecretVersion
-} from '../../models';
-import { EESecretService } from '../../services';
-import { getLatestSecretVersionIds } from '../../helpers/secretVersion';
-
-/**
- * Return secret snapshots for workspace with id [workspaceId]
- * @param req 
- * @param res 
- */
- export const getWorkspaceSecretSnapshots = async (req: Request, res: Response) => {
-	let secretSnapshots;
-	try {
-		const { workspaceId } = req.params;
-
-		const offset: number = parseInt(req.query.offset as string);
-		const limit: number = parseInt(req.query.limit as string);
-		
-		secretSnapshots = await SecretSnapshot.find({
-			workspace: workspaceId
-		})
-		.sort({ createdAt: -1 })
-		.skip(offset)
-		.limit(limit);
-
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get secret snapshots'
-		});
-	}
-	
-	return res.status(200).send({
-		secretSnapshots
-	});
-}
-
-/**
- * Return count of secret snapshots for workspace with id [workspaceId]
- * @param req 
- * @param res 
- */
-export const getWorkspaceSecretSnapshotsCount = async (req: Request, res: Response) => {
-	let count;
-	try {
-		const { workspaceId } = req.params;
-		count = await SecretSnapshot.countDocuments({
-			workspace: workspaceId
-		});
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to count number of secret snapshots'
-		});
-	}
-	
-	return res.status(200).send({
-		count
-	});
-}
-
-/**
- * Rollback secret snapshot with id [secretSnapshotId] to version [version]
- * @param req 
- * @param res 
- * @returns 
- */
-export const rollbackWorkspaceSecretSnapshot = async (req: Request, res: Response) => {
-	let secrets;
-    try {	
-        const { workspaceId } = req.params;
-        const { version } = req.body;
-        
-		// validate secret snapshot
-        const secretSnapshot = await SecretSnapshot.findOne({
-        	workspace: workspaceId,
-            version
-        }).populate<{ secretVersions: ISecretVersion[]}>('secretVersions');
-        
-        if (!secretSnapshot) throw new Error('Failed to find secret snapshot');
-
-		// TODO: fix any
-		const oldSecretVersionsObj: any = secretSnapshot.secretVersions
-			.reduce((accumulator, s) => ({ 
-				...accumulator, 
-				[`${s.secret.toString()}`]: s 
-			}), {});	
-		
-		const latestSecretVersionIds = await getLatestSecretVersionIds({
-			secretIds: secretSnapshot.secretVersions.map((sv) => sv.secret)
-		});
-		
-		// TODO: fix any
-		const latestSecretVersions: any = (await SecretVersion.find({
-			_id: {
-				$in: latestSecretVersionIds.map((s) => s.versionId)
-			}
-		}, 'secret version'))
-		.reduce((accumulator, s) => ({ 
-			...accumulator, 
-			[`${s.secret.toString()}`]: s 
-		}), {});
-		
-		// delete existing secrets
-		await Secret.deleteMany({
-			workspace: workspaceId
-		});
-
-		// add secrets
-        secrets = await Secret.insertMany(
-			secretSnapshot.secretVersions.map((sv) => {
-				const secretId = sv.secret;
-				const {
-					workspace,
-					type,
-					user,
-					environment,
-					secretKeyCiphertext,
-					secretKeyIV,
-					secretKeyTag,
-					secretKeyHash,
-					secretValueCiphertext,
-					secretValueIV,
-					secretValueTag,
-					secretValueHash,
-					createdAt
-				} = oldSecretVersionsObj[secretId.toString()];
-				
-				return ({
-					_id: secretId,
-					version: latestSecretVersions[secretId.toString()].version + 1,
-					workspace,
-					type,
-					user,
-					environment,
-					secretKeyCiphertext,
-					secretKeyIV,
-					secretKeyTag,
-					secretKeyHash,
-					secretValueCiphertext,
-					secretValueIV,
-					secretValueTag,
-					secretValueHash,
-					secretCommentCiphertext: '',
-					secretCommentIV: '',
-					secretCommentTag: '',
-					createdAt
-				});
-			})
-		);
-		
-		// add secret versions
-		await SecretVersion.insertMany(
-			secrets.map(({
-				_id,
-				version,
-				workspace,
-				type,
-				user,
-				environment,
-				secretKeyCiphertext,
-				secretKeyIV,
-				secretKeyTag,
-				secretKeyHash,
-				secretValueCiphertext,
-				secretValueIV,
-				secretValueTag,
-				secretValueHash
-			}) => ({
-				_id: new Types.ObjectId(),
-				secret: _id,
-				version,
-				workspace,
-				type,
-				user,
-				environment,
-				isDeleted: false,
-				secretKeyCiphertext,
-				secretKeyIV,
-				secretKeyTag,
-				secretKeyHash,
-				secretValueCiphertext,
-				secretValueIV,
-				secretValueTag,
-				secretValueHash
-			}))
-		);
-		
-		// update secret versions of restored secrets as not deleted
-		await SecretVersion.updateMany({
-			secret: {
-				$in: secretSnapshot.secretVersions.map((sv) => sv.secret)
-			}
-		}, {
-			isDeleted: false
-		});
-		
-        // take secret snapshot
-		await EESecretService.takeSecretSnapshot({
-			workspaceId
-		});
-    } catch (err) {
-        Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to roll back secret snapshot'
-		}); 
-    }
-    
-	return res.status(200).send({
-		secrets
-	});
-}
-
-/**
- * Return (audit) logs for workspace with id [workspaceId]
- * @param req 
- * @param res 
- * @returns 
- */
-export const getWorkspaceLogs = async (req: Request, res: Response) => {
-	let logs
-	try {
-		const { workspaceId } = req.params;
-
-		const offset: number = parseInt(req.query.offset as string);
-		const limit: number = parseInt(req.query.limit as string);
-		const sortBy: string = req.query.sortBy as string;
-		const userId: string = req.query.userId as string;
-		const actionNames: string = req.query.actionNames as string;
-		
-		logs = await Log.find({
-			workspace: workspaceId,
-			...( userId ? { user: userId } : {}),
-			...( 
-				actionNames 
-				? { 
-					actionNames: {
-						$in: actionNames.split(',')
-					}
-				} : {}
-			)
-		})
-		.sort({ createdAt: sortBy === 'recent' ? -1 : 1 })
-		.skip(offset)
-		.limit(limit)
-		.populate('actions')
-		.populate('user');
-
-	} catch (err) {
-		Sentry.setUser({ email: req.user.email });
-		Sentry.captureException(err);
-		return res.status(400).send({
-			message: 'Failed to get workspace logs'
-		});
-	}
-	
-	return res.status(200).send({
-		logs
-	});
-}
--- a/backend/src/ee/helpers/action.ts
+++ b/backend/src/ee/helpers/action.ts
@ -1,73 +0,0 @@
-import * as Sentry from '@sentry/node';
-import { Types } from 'mongoose';
-import { SecretVersion, Action } from '../models';
-import { 
-    getLatestSecretVersionIds,
-    getLatestNSecretSecretVersionIds
-} from '../helpers/secretVersion';
-import { ACTION_UPDATE_SECRETS } from '../../variables';
-
-/**
- * Create an (audit) action for secrets including
- * add, delete, update, and read actions.
- * @param {Object} obj
- * @param {String} obj.name - name of action
- * @param {ObjectId[]} obj.secretIds - ids of relevant secrets
- * @returns {Action} action - new action
- */
-const createActionSecretHelper = async ({
-    name,
-    userId,
-    workspaceId,
-    secretIds
-}: {
-    name: string;
-    userId: string;
-    workspaceId: string;
-    secretIds: Types.ObjectId[];
-}) => {
-
-    let action;
-    let latestSecretVersions;
-    try {
-        if (name === ACTION_UPDATE_SECRETS) {
-            // case: action is updating secrets
-            // -> add old and new secret versions
-            latestSecretVersions = (await getLatestNSecretSecretVersionIds({
-                secretIds,
-                n: 2
-            }))
-            .map((s) => ({
-                oldSecretVersion: s.versions[0]._id,
-                newSecretVersion: s.versions[1]._id
-            }));
-        } else {
-            // case: action is adding, deleting, or reading secrets
-            // -> add new secret versions
-            latestSecretVersions = (await getLatestSecretVersionIds({
-                secretIds
-            }))
-            .map((s) => ({
-                newSecretVersion: s.versionId
-            }));
-        }
-
-        action = await new Action({
-            name,
-            user: userId,
-            workspace: workspaceId,
-            payload: {
-                secretVersions: latestSecretVersions
-            }
-        }).save();
-
-    } catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-        throw new Error('Failed to create action');
-    }
-    
-    return action;
-}
-
-export { createActionSecretHelper };
--- a/backend/src/ee/helpers/license.ts
+++ b/backend/src/ee/helpers/license.ts
@ -0,0 +1,21 @@
+
+/**
+ * @param {Object} obj
+ * @param {Object} obj.licenseKey - Infisical license key
+ */
+const checkLicenseKey = ({
+    licenseKey
+}: {
+    licenseKey: string
+}) => {
+    try {
+        // TODO
+
+    } catch (err) {
+
+    }
+}
+
+export {
+    checkLicenseKey
+}
--- a/backend/src/ee/helpers/log.ts
+++ b/backend/src/ee/helpers/log.ts
@ -1,41 +0,0 @@
-import * as Sentry from '@sentry/node';
-import { 
-    Log,
-    IAction
-} from '../models';
-
-const createLogHelper = async ({
-    userId,
-    workspaceId,
-    actions,
-    channel,
-    ipAddress
-}: {
-    userId: string;
-    workspaceId: string;
-    actions: IAction[];
-    channel: string;
-    ipAddress: string;
-}) => {
-    let log;
-    try {
-        log = await new Log({
-            user: userId,
-            workspace: workspaceId,
-            actionNames: actions.map((a) => a.name),
-            actions,
-            channel,
-            ipAddress
-        }).save();
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to create log');
-    }
-
-    return log;
-}
-
-export {
-    createLogHelper
-}
--- a/backend/src/ee/helpers/secret.ts
+++ b/backend/src/ee/helpers/secret.ts
@ -1,169 +0,0 @@
-import { Types } from 'mongoose';
-import * as Sentry from '@sentry/node';
-import {
-	Secret,
-	ISecret
-} from '../../models';
-import {
-	SecretSnapshot,
-	SecretVersion,
-	ISecretVersion
-} from '../models';
-
-/**
- * Save a secret snapshot that is a copy of the current state of secrets in workspace with id
- * [workspaceId] under a new snapshot with incremented version under the
- * secretsnapshots collection.
- * @param {Object} obj
- * @param {String} obj.workspaceId
- * @returns {SecretSnapshot} secretSnapshot - new secret snapshot
- */
-const takeSecretSnapshotHelper = async ({
-	workspaceId
-}: {
-	workspaceId: string;
-}) => {
-
-	let secretSnapshot;
-	try {
-		const secretIds = (await Secret.find({
-			workspace: workspaceId
-		}, '_id')).map((s) => s._id);
-
-		const latestSecretVersions = (await SecretVersion.aggregate([
-			{
-				$match: {
-					secret: {
-						$in: secretIds
-					}
-				}
-			},
-			{
-				$group: {
-					_id: '$secret',
-					version: { $max: '$version' },
-					versionId: { $max: '$_id' } // secret version id
-				}
-			},
-			{
-				$sort: { version: -1 }
-			}
-		])
-			.exec())
-			.map((s) => s.versionId);
-
-		const latestSecretSnapshot = await SecretSnapshot.findOne({
-			workspace: workspaceId
-		}).sort({ version: -1 });
-
-		secretSnapshot = await new SecretSnapshot({
-			workspace: workspaceId,
-			version: latestSecretSnapshot ? latestSecretSnapshot.version + 1 : 1,
-			secretVersions: latestSecretVersions
-		}).save();
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to take a secret snapshot');
-	}
-
-	return secretSnapshot;
-}
-
-/**
- * Add secret versions [secretVersions] to the SecretVersion collection.
- * @param {Object} obj
- * @param {Object[]} obj.secretVersions
- * @returns {SecretVersion[]} newSecretVersions - new secret versions
- */
-const addSecretVersionsHelper = async ({
-	secretVersions
-}: {
-	secretVersions: ISecretVersion[]
-}) => {
-	let newSecretVersions;
-	try {
-		newSecretVersions = await SecretVersion.insertMany(secretVersions);
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error(`Failed to add secret versions [err=${err}]`);
-	}
-
-	return newSecretVersions;
-}
-
-const markDeletedSecretVersionsHelper = async ({
-	secretIds
-}: {
-	secretIds: Types.ObjectId[];
-}) => {
-	try {
-		await SecretVersion.updateMany({
-			secret: { $in: secretIds }
-		}, {
-			isDeleted: true
-		}, {
-			new: true
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to mark secret versions as deleted');
-	}
-}
-
-/**
- * Initialize secret versioning by setting previously unversioned
- * secrets to version 1 and begin populating secret versions.
- */
-const initSecretVersioningHelper = async () => {
-	try {
-
-		await Secret.updateMany(
-			{ version: { $exists: false } },
-			{ $set: { version: 1 } }
-		);
-
-		const unversionedSecrets: ISecret[] = await Secret.aggregate([
-			{
-				$lookup: {
-					from: 'secretversions',
-					localField: '_id',
-					foreignField: 'secret',
-					as: 'versions',
-				},
-			},
-			{
-				$match: {
-					versions: { $size: 0 },
-				},
-			},
-		]);
-
-		if (unversionedSecrets.length > 0) {
-			await addSecretVersionsHelper({
-				secretVersions: unversionedSecrets.map((s, idx) => ({
-					...s,
-					secret: s._id,
-					version: s.version ? s.version : 1,
-					isDeleted: false,
-					workspace: s.workspace,
-					environment: s.environment
-				}))
-			});
-		}
-
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to ensure that secrets are versioned');
-	}
-}
-
-export {
-	takeSecretSnapshotHelper,
-	addSecretVersionsHelper,
-	markDeletedSecretVersionsHelper,
-	initSecretVersioningHelper
-}
--- a/backend/src/ee/helpers/secretVersion.ts
+++ b/backend/src/ee/helpers/secretVersion.ts
@ -1,110 +0,0 @@
-import * as Sentry from '@sentry/node';
-import { Types } from 'mongoose';
-import { SecretVersion } from '../models';
-
-/**
- * Return latest secret versions for secrets with ids [secretIds]
- * @param {Object} obj
- * @param {Object} obj.secretIds = ids of secrets to get latest versions for
- * @returns 
- */
-const getLatestSecretVersionIds = async ({
-    secretIds
-}: {
-    secretIds: Types.ObjectId[];
-}) => {
-    
-    interface LatestSecretVersionId {
-        _id: Types.ObjectId;
-        version: number;
-        versionId: Types.ObjectId;
-    }
-    
-    let latestSecretVersionIds: LatestSecretVersionId[];
-    try {
-        latestSecretVersionIds = (await SecretVersion.aggregate([
-            {
-                $match: { 
-                    secret: { 
-                        $in: secretIds 
-                    } 
-                }
-            },
-            {
-                $group: {
-                    _id: '$secret',
-                    version: { $max: '$version' },
-                    versionId: { $max: '$_id' } // id of latest secret version
-                }
-            },
-            {
-                $sort: { version: -1 }
-            }
-            ])
-            .exec());
-            
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        throw new Error('Failed to get latest secret versions');
-    }
-    
-    return latestSecretVersionIds;
-}
-
-/**
- * Return latest [n] secret versions for secrets with ids [secretIds]
- * @param {Object} obj
- * @param {Object} obj.secretIds = ids of secrets to get latest versions for
- * @param {Number} obj.n - number of latest secret versions to return for each secret
- * @returns 
- */
-const getLatestNSecretSecretVersionIds = async ({
-    secretIds,
-    n
-}: {
-    secretIds: Types.ObjectId[];
-    n: number;
-}) => {
-    
-    // TODO: optimize query
-    let latestNSecretVersions;
-    try {
-        latestNSecretVersions = (await SecretVersion.aggregate([
-            {
-                $match: {
-                secret: {
-                    $in: secretIds,
-                },
-                },
-            },
-            {
-                $sort: { version: -1 },
-            },
-            {
-                $group: {
-                _id: "$secret",
-                versions: { $push: "$$ROOT" },
-                },
-            },
-            {
-                $project: {
-                _id: 0,
-                secret: "$_id",
-                versions: { $slice: ["$versions", n] },
-                },
-            }
-        ]));
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        throw new Error('Failed to get latest n secret versions');
-    }
-    
-    return latestNSecretVersions;
-}
-
-export {
-    getLatestSecretVersionIds,
-    getLatestNSecretSecretVersionIds
-}
--- a/backend/src/ee/middleware/index.ts
+++ b/backend/src/ee/middleware/index.ts
@ -1,7 +0,0 @@
-import requireLicenseAuth from './requireLicenseAuth';
-import requireSecretSnapshotAuth from './requireSecretSnapshotAuth';
-
-export {
-    requireLicenseAuth,
-    requireSecretSnapshotAuth
-}
--- a/backend/src/ee/middleware/requireSecretSnapshotAuth.ts
+++ b/backend/src/ee/middleware/requireSecretSnapshotAuth.ts
@ -1,47 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { UnauthorizedRequestError, SecretSnapshotNotFoundError } from '../../utils/errors';
-import { SecretSnapshot } from '../models';
-import {
-    validateMembership
-} from '../../helpers/membership';
-
-/**
- * Validate if user on request has proper membership for secret snapshot
- * @param {Object} obj
- * @param {String[]} obj.acceptedRoles - accepted workspace roles
- * @param {String[]} obj.acceptedStatuses - accepted workspace statuses
- * @param {String[]} obj.location - location of [workspaceId] on request (e.g. params, body) for parsing
- */
-const requireSecretSnapshotAuth = ({
-    acceptedRoles,
-}: {
-    acceptedRoles: string[];
-}) => {
-    return async (req: Request, res: Response, next: NextFunction) => {
-        try {
-            const { secretSnapshotId } = req.params;
-            
-            const secretSnapshot = await SecretSnapshot.findById(secretSnapshotId);
-            
-            if (!secretSnapshot) {
-                return next(SecretSnapshotNotFoundError({
-                    message: 'Failed to find secret snapshot'
-                }));
-            }
-            
-            await validateMembership({
-                userId: req.user._id.toString(),
-                workspaceId: secretSnapshot.workspace.toString(),
-                acceptedRoles
-            });
-            
-            req.secretSnapshot = secretSnapshot as any;
-
-            next();
-        } catch (err) {
-            return next(UnauthorizedRequestError({ message: 'Unable to authenticate secret snapshot' }));
-        }
-    }
-}
-
-export default requireSecretSnapshotAuth;
--- a/backend/src/ee/models/action.ts
+++ b/backend/src/ee/models/action.ts
@ -1,46 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-
-export interface IAction {
-    name: string;
-    user?: Types.ObjectId,
-    workspace?: Types.ObjectId,
-    payload: {
-        secretVersions?: Types.ObjectId[]
-    }
-}
-
-const actionSchema = new Schema<IAction>(
-    {
-        name: {
-            type: String,
-            required: true
-        },
-        user: {
-            type: Schema.Types.ObjectId,
-            ref: 'User',
-            required: true
-        },
-        workspace: {
-            type: Schema.Types.ObjectId,
-            ref: 'Workspace'
-        },
-        payload: {
-            secretVersions: [{
-                oldSecretVersion: {
-                    type: Schema.Types.ObjectId,
-                    ref: 'SecretVersion'
-                },
-                newSecretVersion: {
-                    type: Schema.Types.ObjectId,
-                    ref: 'SecretVersion'
-                }
-            }]
-        }
-    }, {
-        timestamps: true
-    }
-);
-
-const Action = model<IAction>('Action', actionSchema);
-
-export default Action;
--- a/backend/src/ee/models/index.ts
+++ b/backend/src/ee/models/index.ts
@ -1,15 +0,0 @@
-import SecretSnapshot, { ISecretSnapshot } from './secretSnapshot';
-import SecretVersion, { ISecretVersion } from './secretVersion';
-import Log, { ILog } from './log';
-import Action, { IAction } from './action';
-
-export {
-    SecretSnapshot,
-    ISecretSnapshot,
-    SecretVersion,
-    ISecretVersion,
-    Log,
-    ILog,
-    Action,
-    IAction
-}
--- a/backend/src/ee/models/log.ts
+++ b/backend/src/ee/models/log.ts
@ -1,59 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-import {
-    ACTION_ADD_SECRETS,
-    ACTION_UPDATE_SECRETS,
-    ACTION_READ_SECRETS,
-    ACTION_DELETE_SECRETS
-} from '../../variables';
-
-export interface ILog {
-    _id: Types.ObjectId;
-    user?: Types.ObjectId;
-    workspace?: Types.ObjectId;
-    actionNames: string[];
-    actions: Types.ObjectId[];
-    channel: string;
-    ipAddress?: string;
-}
-
-const logSchema = new Schema<ILog>(
-    {
-        user: {
-            type: Schema.Types.ObjectId,
-            ref: 'User'
-        },
-        workspace: {
-            type: Schema.Types.ObjectId,
-            ref: 'Workspace'
-        },
-        actionNames: {
-            type: [String],
-            enum: [
-                ACTION_ADD_SECRETS,
-                ACTION_UPDATE_SECRETS,
-                ACTION_READ_SECRETS,
-                ACTION_DELETE_SECRETS
-            ],
-            required: true
-        },
-        actions: [{
-            type: Schema.Types.ObjectId,
-            ref: 'Action',
-            required: true
-        }],
-        channel: { 
-            type: String,
-            enum: ['web', 'cli', 'auto'],
-            required: true
-        },
-        ipAddress: {
-            type: String
-        }
-    }, {
-        timestamps: true
-    }
-);
-
-const Log = model<ILog>('Log', logSchema);
-
-export default Log;
--- a/backend/src/ee/models/secretSnapshot.ts
+++ b/backend/src/ee/models/secretSnapshot.ts
@ -1,33 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-
-export interface ISecretSnapshot {
-    workspace: Types.ObjectId;
-    version: number;
-    secretVersions: Types.ObjectId[];
-}
-
-const secretSnapshotSchema = new Schema<ISecretSnapshot>(
-    {
-        workspace: {
-            type: Schema.Types.ObjectId,
-            ref: 'Workspace',
-            required: true
-        },
-        version: {
-            type: Number,
-            required: true
-        },
-        secretVersions: [{
-            type: Schema.Types.ObjectId,
-            ref: 'SecretVersion',
-            required: true
-        }]
-    },
-    {
-        timestamps: true
-    }
-);
-
-const SecretSnapshot = model<ISecretSnapshot>('SecretSnapshot', secretSnapshotSchema);
-
-export default SecretSnapshot;
--- a/backend/src/ee/models/secretVersion.ts
+++ b/backend/src/ee/models/secretVersion.ts
@ -1,105 +0,0 @@
-import { Schema, model, Types } from 'mongoose';
-import {
-	SECRET_SHARED,
-	SECRET_PERSONAL,
-	ENV_DEV,
-	ENV_TESTING,
-	ENV_STAGING,
-	ENV_PROD
-} from '../../variables';
-
-export interface ISecretVersion {
-	_id: Types.ObjectId;
-	secret: Types.ObjectId;
-	version: number;
-	workspace: Types.ObjectId; // new
-	type: string; // new
-	user: Types.ObjectId; // new
-	environment: string; // new
-	isDeleted: boolean;
-	secretKeyCiphertext: string;
-	secretKeyIV: string;
-	secretKeyTag: string;
-	secretKeyHash: string;
-	secretValueCiphertext: string;
-	secretValueIV: string;
-	secretValueTag: string;
-	secretValueHash: string;
-}
-
-const secretVersionSchema = new Schema<ISecretVersion>(
-	{
-		secret: { // could be deleted
-			type: Schema.Types.ObjectId,
-			ref: 'Secret',
-			required: true
-		},
-		version: {
-			type: Number,
-			default: 1,
-			required: true
-		},
-		workspace: {
-			type: Schema.Types.ObjectId,
-			ref: 'Workspace',
-			required: true
-		},
-		type: {
-			type: String,
-			enum: [SECRET_SHARED, SECRET_PERSONAL],
-			required: true
-		},
-		user: {
-			// user associated with the personal secret
-			type: Schema.Types.ObjectId,
-			ref: 'User'
-		},
-		environment: {
-			type: String,
-			enum: [ENV_DEV, ENV_TESTING, ENV_STAGING, ENV_PROD],
-			required: true
-		},
-		isDeleted: { // consider removing field
-			type: Boolean,
-			default: false,
-			required: true
-		},
-		secretKeyCiphertext: {
-			type: String,
-			required: true
-		},
-		secretKeyIV: {
-			type: String, // symmetric
-			required: true
-		},
-		secretKeyTag: {
-			type: String, // symmetric
-			required: true
-		},
-		secretKeyHash: {
-			type: String
-		},
-		secretValueCiphertext: {
-			type: String,
-			required: true
-		},
-		secretValueIV: {
-			type: String, // symmetric
-			required: true
-		},
-		secretValueTag: {
-			type: String, // symmetric
-			required: true
-		},
-		secretValueHash: {
-			type: String
-		}
-	},
-	{
-		timestamps: true
-	}
-);
-
-const SecretVersion = model<ISecretVersion>('SecretVersion', secretVersionSchema);
-
-export default SecretVersion;
--- a/backend/src/ee/routes/v1/stripe.ts
+++ b/backend/src/ee/routes/v1/stripe.ts
@ -1,6 +1,6 @@
 import express from 'express';
 const router = express.Router();
-import { stripeController } from '../../controllers/v1';
+import { stripeController } from '../controllers';

 router.post('/webhook', stripeController.handleWebhook);

--- a/backend/src/ee/routes/v1/action.ts
+++ b/backend/src/ee/routes/v1/action.ts
@ -1,17 +0,0 @@
-import express from 'express';
-const router = express.Router();
-import {
-    validateRequest
-} from '../../../middleware';
-import { param } from 'express-validator';
-import { actionController } from '../../controllers/v1';
-
-// TODO: put into action controller
-router.get(
-    '/:actionId',
-    param('actionId').exists().trim(),
-    validateRequest,
-    actionController.getAction
-);
-
-export default router;
--- a/backend/src/ee/routes/v1/index.ts
+++ b/backend/src/ee/routes/v1/index.ts
@ -1,11 +0,0 @@
-import secret from './secret';
-import secretSnapshot from './secretSnapshot';
-import workspace from './workspace';
-import action from './action';
-
-export {
-    secret,
-    secretSnapshot,
-    workspace,
-    action
-}
--- a/backend/src/ee/routes/v1/secret.ts
+++ b/backend/src/ee/routes/v1/secret.ts
@ -1,40 +0,0 @@
-import express from 'express';
-const router = express.Router();
-import {
-    requireAuth,
-	requireSecretAuth,
-    validateRequest
-} from '../../../middleware';
-import { query, param, body } from 'express-validator';
-import { secretController } from '../../controllers/v1';
-import { ADMIN, MEMBER } from '../../../variables';
-
-router.get(
-	'/:secretId/secret-versions',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireSecretAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('secretId').exists().trim(),
-	query('offset').exists().isInt(),
-	query('limit').exists().isInt(),
-	validateRequest,
-	secretController.getSecretVersions
-);
-
-router.post(
-	'/:secretId/secret-versions/rollback',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireSecretAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('secretId').exists().trim(),
-	body('version').exists().isInt(),
-	secretController.rollbackSecretVersion
-);
-
-export default router;
--- a/backend/src/ee/routes/v1/secretSnapshot.ts
+++ b/backend/src/ee/routes/v1/secretSnapshot.ts
@ -1,27 +0,0 @@
-import express from 'express';
-const router = express.Router();
-import {
-    requireSecretSnapshotAuth
-} from '../../middleware';
-import {
-    requireAuth,
-    validateRequest
-} from '../../../middleware';
-import { param, body } from 'express-validator';
-import { ADMIN, MEMBER } from '../../../variables';
-import { secretSnapshotController } from '../../controllers/v1';
-
-router.get(
-    '/:secretSnapshotId',
-    requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-    requireSecretSnapshotAuth({
-        acceptedRoles: [ADMIN, MEMBER]
-    }),
-    param('secretSnapshotId').exists().trim(),
-    validateRequest,
-    secretSnapshotController.getSecretSnapshot
-);
-
-export default router;
--- a/backend/src/ee/routes/v1/workspace.ts
+++ b/backend/src/ee/routes/v1/workspace.ts
@ -1,72 +0,0 @@
-import express from 'express';
-const router = express.Router();
-import {
-	requireAuth,
-	requireWorkspaceAuth,
-	validateRequest
-} from '../../../middleware';
-import { param, query, body } from 'express-validator';
-import { ADMIN, MEMBER } from '../../../variables';
-import { workspaceController } from '../../controllers/v1';
-
-router.get(
-	'/:workspaceId/secret-snapshots',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('workspaceId').exists().trim(),
-	query('offset').exists().isInt(),
-	query('limit').exists().isInt(),
-	validateRequest,
-	workspaceController.getWorkspaceSecretSnapshots
-);
-
-router.get(
-	'/:workspaceId/secret-snapshots/count',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('workspaceId').exists().trim(),
-	validateRequest,
-	workspaceController.getWorkspaceSecretSnapshotsCount
-);
-
-router.post(
-	'/:workspaceId/secret-snapshots/rollback',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('workspaceId').exists().trim(),
-	body('version').exists().isInt(),
-	validateRequest,
-	workspaceController.rollbackWorkspaceSecretSnapshot
-);
-
-router.get(
-	'/:workspaceId/logs',
-	requireAuth({
-		acceptedAuthModes: ['jwt']
-	}),
-	requireWorkspaceAuth({
-		acceptedRoles: [ADMIN, MEMBER]
-	}),
-	param('workspaceId').exists().trim(),
-	query('offset').exists().isInt(),
-	query('limit').exists().isInt(),
-	query('sortBy'),
-	query('userId'),
-	query('actionNames'),
-	validateRequest,
-	workspaceController.getWorkspaceLogs
-);
-
-export default router;
--- a/backend/src/ee/services/EELicenseService.ts
+++ b/backend/src/ee/services/EELicenseService.ts
@ -1,19 +0,0 @@
-import { LICENSE_KEY } from '../../config';
-
-/**
- * Class to handle Enterprise Edition license actions
- */
-class EELicenseService {
-    
-    private readonly _isLicenseValid: boolean;
-    
-    constructor(licenseKey: string) {
-        this._isLicenseValid = true;
-    }
-
-    public get isLicenseValid(): boolean {
-        return this._isLicenseValid;
-    }
-}
-
-export default new EELicenseService(LICENSE_KEY);
--- a/backend/src/ee/services/EELogService.ts
+++ b/backend/src/ee/services/EELogService.ts
@ -1,81 +0,0 @@
-import { Types } from 'mongoose';
-import { 
-    Log,
-    Action,
-    IAction
-} from '../models';
-import {
-    createLogHelper
-} from '../helpers/log';
-import {
-    createActionSecretHelper
-} from '../helpers/action';
-import EELicenseService from './EELicenseService';
-
-/**
- * Class to handle Enterprise Edition log actions
- */
-class EELogService {
-    /**
-     * Create an (audit) log
-     * @param {Object} obj
-     * @param {String} obj.userId - id of user associated with the log
-     * @param {String} obj.workspaceId - id of workspace associated with the log
-     * @param {Action} obj.actions - actions to include in log
-     * @param {String} obj.channel - channel (web/cli/auto) associated with the log
-     * @param {String} obj.ipAddress - ip address associated with the log
-     * @returns {Log} log - new audit log
-     */
-    static async createLog({
-        userId,
-        workspaceId,
-        actions,
-        channel,
-        ipAddress
-    }: {
-        userId: string;
-        workspaceId: string;
-        actions: IAction[];
-        channel: string;
-        ipAddress: string;
-    }) {
-        if (!EELicenseService.isLicenseValid) return null;
-        return await createLogHelper({
-            userId,
-            workspaceId,
-            actions,
-            channel,
-            ipAddress
-        })
-    }
-    
-    /**
-     * Create an (audit) action for secrets including
-     * add, delete, update, and read actions.
-     * @param {Object} obj
-     * @param {String} obj.name - name of action
-     * @param {ObjectId[]} obj.secretIds - secret ids
-     * @returns {Action} action - new action
-     */
-    static async createActionSecret({
-        name,
-        userId,
-        workspaceId,
-        secretIds
-    }: {
-        name: string;
-        userId: string;
-        workspaceId: string;
-        secretIds: Types.ObjectId[];
-    }) {
-        if (!EELicenseService.isLicenseValid) return null; 
-        return await createActionSecretHelper({
-            name,
-            userId,
-            workspaceId,
-            secretIds
-        });
-    }
-}
-
-export default EELogService;
--- a/backend/src/ee/services/EESecretService.ts
+++ b/backend/src/ee/services/EESecretService.ts
@ -1,78 +0,0 @@
-import { Types } from 'mongoose';
-import { ISecretVersion } from '../models';
-import { 
-    takeSecretSnapshotHelper,
-    addSecretVersionsHelper,
-    markDeletedSecretVersionsHelper,
-    initSecretVersioningHelper
-} from '../helpers/secret';
-import EELicenseService from './EELicenseService';
-
-/**
- * Class to handle Enterprise Edition secret actions
- */
-class EESecretService {
-    
-    /**
-     * Save a secret snapshot that is a copy of the current state of secrets in workspace with id
-     * [workspaceId] under a new snapshot with incremented version under the
-     * SecretSnapshot collection.
-     * Requires a valid license key [licenseKey]
-     * @param {Object} obj
-     * @param {String} obj.workspaceId
-     * @returns {SecretSnapshot} secretSnapshot - new secret snpashot
-     */
-    static async takeSecretSnapshot({
-        workspaceId
-    }: {
-        workspaceId: string;
-    }) {
-        if (!EELicenseService.isLicenseValid) return;
-        return await takeSecretSnapshotHelper({ workspaceId });
-    }
-    
-    /**
-     * Add secret versions [secretVersions] to the SecretVersion collection.
-     * @param {Object} obj
-     * @param {Object[]} obj.secretVersions
-     * @returns {SecretVersion[]} newSecretVersions - new secret versions
-     */
-    static async addSecretVersions({
-        secretVersions
-    }: {
-        secretVersions: ISecretVersion[];
-    }) {
-        if (!EELicenseService.isLicenseValid) return;
-        return await addSecretVersionsHelper({
-            secretVersions
-        });
-    }
-
-    /**
-     * Mark secret versions associated with secrets with ids [secretIds]
-     * as deleted.
-     * @param {Object} obj
-     * @param {ObjectId[]} obj.secretIds - secret ids
-     */
-    static async markDeletedSecretVersions({
-        secretIds
-    }: {
-        secretIds: Types.ObjectId[];
-    }) {
-        if (!EELicenseService.isLicenseValid) return;
-        await markDeletedSecretVersionsHelper({
-            secretIds
-        });
-    }
-    
-    /**
-     * Initialize secret versioning by setting previously unversioned
-     * secrets to version 1 and begin populating secret versions.
-     */
-    static async initSecretVersioning() {
-        if (!EELicenseService.isLicenseValid) return; 
-        await initSecretVersioningHelper();
-    }
-}
-
-export default EESecretService;
--- a/backend/src/ee/services/index.ts
+++ b/backend/src/ee/services/index.ts
@ -1,9 +0,0 @@
-import EELicenseService from "./EELicenseService";
-import EESecretService from "./EESecretService";
-import EELogService from "./EELogService";
-
-export {
-    EELicenseService,
-    EESecretService,
-    EELogService
-}
--- a/backend/src/ee/variables.ts
+++ b/backend/src/ee/variables.ts
--- a/backend/src/events/index.ts
+++ b/backend/src/events/index.ts
@ -1,5 +0,0 @@
-import { eventPushSecrets } from "./secret"
-
-export {
-    eventPushSecrets
-}
--- a/backend/src/events/secret.ts
+++ b/backend/src/events/secret.ts
@ -1,60 +0,0 @@
-import { 
-    EVENT_PUSH_SECRETS, 
-    EVENT_PULL_SECRETS 
-} from '../variables';
-
-interface PushSecret {
-	ciphertextKey: string;
-	ivKey: string;
-	tagKey: string;
-	hashKey: string;
-	ciphertextValue: string;
-	ivValue: string;
-	tagValue: string;
-	hashValue: string;
-	type: 'shared' | 'personal';
-}
-
-/**
- * Return event for pushing secrets
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace to push secrets to
- * @returns 
- */
-const eventPushSecrets = ({
-    workspaceId
-}: {
-    workspaceId: string;
-}) => {
-    return ({
-        name: EVENT_PUSH_SECRETS,
-        workspaceId,
-        payload: {
-
-        }
-    });
-}
-
-/**
- * Return event for pulling secrets
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace to pull secrets from
- * @returns 
- */
-const eventPullSecrets = ({
-    workspaceId,
-}: {
-    workspaceId: string;
-}) => {
-    return ({
-        name: EVENT_PULL_SECRETS,
-        workspaceId,
-        payload: {
-
-        }
-    });
-}
-
-export {
-    eventPushSecrets
-}
--- a/backend/src/helpers/auth.ts
+++ b/backend/src/helpers/auth.ts
@ -1,10 +1,7 @@
 import jwt from 'jsonwebtoken';
 import * as Sentry from '@sentry/node';
-import bcrypt from 'bcrypt';
 import {
-	User,
-	ServiceTokenData,
-	APIKeyData
+	User
 } from '../models';
 import {
 	JWT_AUTH_LIFETIME,
@ -12,179 +9,6 @@ import {
 	JWT_REFRESH_LIFETIME,
 	JWT_REFRESH_SECRET
 } from '../config';
-import {
-	AccountNotFoundError,
-	ServiceTokenDataNotFoundError,
-	APIKeyDataNotFoundError,
-	UnauthorizedRequestError
-} from '../utils/errors';
-
-// TODO 1: check if API key works
-// TODO 2: optimize middleware
-
-/**
- * Validate that auth token value [authTokenValue] falls under one of
- * accepted auth modes [acceptedAuthModes].
- * @param {Object} obj
- * @param {String} obj.authTokenValue - auth token value (e.g. JWT or service token value)
- * @param {String[]} obj.acceptedAuthModes - accepted auth modes (e.g. jwt, serviceToken)
- * @returns {String} authMode - auth mode
- */
-const validateAuthMode = ({
-	authTokenValue,
-	acceptedAuthModes
-}: {
-	authTokenValue: string;
-	acceptedAuthModes: string[];
-}) => {
-	let authMode;
-	try {
-		switch (authTokenValue.split('.', 1)[0]) {
-			case 'st':
-				authMode = 'serviceToken';
-				break;
-			case 'ak':
-				authMode = 'apiKey';
-				break;
-			default:
-				authMode = 'jwt';
-				break;
-		}
-		
-		if (!acceptedAuthModes.includes(authMode)) 
-			throw UnauthorizedRequestError({ message: 'Failed to authenticated auth mode' });
-
-	} catch (err) {
-		throw UnauthorizedRequestError({ message: 'Failed to authenticated auth mode' });
-	}
-	
-	return authMode;
-}
-
-/**
- * Return user payload corresponding to JWT token [authTokenValue]
- * @param {Object} obj
- * @param {String} obj.authTokenValue - JWT token value
- * @returns {User} user - user corresponding to JWT token
- */
-const getAuthUserPayload = async ({
-	authTokenValue
-}: {
-	authTokenValue: string;
-}) => {
-	let user;
-	try {
-		const decodedToken = <jwt.UserIDJwtPayload>(
-			jwt.verify(authTokenValue, JWT_AUTH_SECRET)
-		);
-
-		user = await User.findOne({
-			_id: decodedToken.userId
-		}).select('+publicKey');
-
-		if (!user) throw AccountNotFoundError({ message: 'Failed to find User' });
-
-		if (!user?.publicKey) throw UnauthorizedRequestError({ message: 'Failed to authenticate User with partially set up account' });
-
-	} catch (err) {
-		throw UnauthorizedRequestError({
-			message: 'Failed to authenticate JWT token'
-		});
-	}
-	
-	return user;
-}
-
-/**
- * Return service token data payload corresponding to service token [authTokenValue]
- * @param {Object} obj
- * @param {String} obj.authTokenValue - service token value
- * @returns {ServiceTokenData} serviceTokenData - service token data
- */
-const getAuthSTDPayload = async ({
-	authTokenValue
-}: {
-	authTokenValue: string;
-}) => {
-	let serviceTokenData;
-	try {
-		const [_, TOKEN_IDENTIFIER, TOKEN_SECRET] = <[string, string, string]>authTokenValue.split('.', 3);
-
-		// TODO: optimize double query
-		serviceTokenData = await ServiceTokenData
-			.findById(TOKEN_IDENTIFIER, '+secretHash +expiresAt');
-		
-		if (!serviceTokenData) {
-			throw ServiceTokenDataNotFoundError({ message: 'Failed to find service token data' });
-		} else if (serviceTokenData?.expiresAt && new Date(serviceTokenData.expiresAt) < new Date()) {
-			// case: service token expired
-			await ServiceTokenData.findByIdAndDelete(serviceTokenData._id);
-			throw UnauthorizedRequestError({
-				message: 'Failed to authenticate expired service token'
-			});
-		}
-
-		const isMatch = await bcrypt.compare(TOKEN_SECRET, serviceTokenData.secretHash);
-		if (!isMatch) throw UnauthorizedRequestError({
-			message: 'Failed to authenticate service token'
-		});
-
-		serviceTokenData = await ServiceTokenData
-			.findById(TOKEN_IDENTIFIER)
-			.select('+encryptedKey +iv +tag');
-
-	} catch (err) {
-		throw UnauthorizedRequestError({
-			message: 'Failed to authenticate service token'
-		});
-	}
-	
-	return serviceTokenData;
-}
-
-/**
- * Return API key data payload corresponding to API key [authTokenValue]
- * @param {Object} obj
- * @param {String} obj.authTokenValue - API key value
- * @returns {APIKeyData} apiKeyData - API key data
- */
-const getAuthAPIKeyPayload = async ({
-	authTokenValue
-}: {
-	authTokenValue: string;
-}) => {
-	let user;
-	try {
-		const [_, TOKEN_IDENTIFIER, TOKEN_SECRET] = <[string, string, string]>authTokenValue.split('.', 3);
-		
-		const apiKeyData = await APIKeyData
-			.findById(TOKEN_IDENTIFIER, '+secretHash +expiresAt')
-			.populate('user', '+publicKey');
-		
-		if (!apiKeyData) {
-			throw APIKeyDataNotFoundError({ message: 'Failed to find API key data' });
-		} else if (apiKeyData?.expiresAt && new Date(apiKeyData.expiresAt) < new Date()) {
-			// case: API key expired
-			await APIKeyData.findByIdAndDelete(apiKeyData._id);
-			throw UnauthorizedRequestError({
-				message: 'Failed to authenticate expired API key'
-			});
-		}
-
-		const isMatch = await bcrypt.compare(TOKEN_SECRET, apiKeyData.secretHash);
-		if (!isMatch) throw UnauthorizedRequestError({
-			message: 'Failed to authenticate API key'
-		});
-		
-		user = apiKeyData.user;
-	} catch (err) {
-		throw UnauthorizedRequestError({
-			message: 'Failed to authenticate API key'
-		});
-	}
-	
-	return user;
-}

 /**
 * Return newly issued (JWT) auth and refresh tokens to user with id [userId]
@ -275,12 +99,4 @@ const createToken = ({
 	}
 };

-export { 
-	validateAuthMode,
-	getAuthUserPayload,
-	getAuthSTDPayload,
-	getAuthAPIKeyPayload,
-	createToken, 
-	issueTokens, 
-	clearTokens 
-};
+export { createToken, issueTokens, clearTokens };
--- a/backend/src/helpers/bot.ts
+++ b/backend/src/helpers/bot.ts
@ -1,229 +0,0 @@
-import * as Sentry from '@sentry/node';
-import {
-    Bot,
-    BotKey,
-    Secret,
-    ISecret,
-    IUser
-} from '../models';
-import { 
-    generateKeyPair, 
-    encryptSymmetric,
-    decryptSymmetric,
-    decryptAsymmetric
-} from '../utils/crypto';
-import { ENCRYPTION_KEY } from '../config';
-import { SECRET_SHARED } from '../variables';
-
-/**
- * Create an inactive bot with name [name] for workspace with id [workspaceId]
- * @param {Object} obj 
- * @param {String} obj.name - name of bot
- * @param {String} obj.workspaceId - id of workspace that bot belongs to
- */
-const createBot = async ({
-    name,
-    workspaceId,
-}: {
-    name: string;
-    workspaceId: string;
-}) => {
-    let bot;
-    try {
-        const { publicKey, privateKey } = generateKeyPair();
-        const { ciphertext, iv, tag } = encryptSymmetric({
-            plaintext: privateKey,
-            key: ENCRYPTION_KEY
-        });
-
-        bot = await new Bot({
-            name,
-            workspace: workspaceId,
-            isActive: false,
-            publicKey,
-            encryptedPrivateKey: ciphertext,
-            iv,
-            tag
-        }).save();
-    } catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to create bot');
-    }
-    
-    return bot;
-}
-
-/**
- * Return decrypted secrets for workspace with id [workspaceId]
- * and [environment] using bot
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.environment - environment
- */
-const getSecretsHelper = async ({
-    workspaceId,
-    environment
-}: {
-    workspaceId: string;
-    environment: string;
-}) => {
-    const content = {} as any;
-    try {
-        const key = await getKey({ workspaceId });
-        const secrets = await Secret.find({
-            workspace: workspaceId,
-            environment,
-            type: SECRET_SHARED
-        });
-        
-        secrets.forEach((secret: ISecret) => {
-            const secretKey = decryptSymmetric({
-                ciphertext: secret.secretKeyCiphertext,
-                iv: secret.secretKeyIV,
-                tag: secret.secretKeyTag,
-                key
-            });
-
-            const secretValue = decryptSymmetric({
-                ciphertext: secret.secretValueCiphertext,
-                iv: secret.secretValueIV,
-                tag: secret.secretValueTag,
-                key
-            });
-
-            content[secretKey] = secretValue;
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to get secrets');
-    }
-
-    return content;
-}
-
-/**
- * Return bot's copy of the workspace key for workspace 
- * with id [workspaceId]
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @returns {String} key - decrypted workspace key
- */
-const getKey = async ({ workspaceId }: { workspaceId: string }) => {
-    let key;
-    try {
-        const botKey = await BotKey.findOne({
-            workspace: workspaceId
-        }).populate<{ sender: IUser }>('sender', 'publicKey');
-        
-        if (!botKey) throw new Error('Failed to find bot key');
-        
-        const bot = await Bot.findOne({
-            workspace: workspaceId
-        }).select('+encryptedPrivateKey +iv +tag');
-        
-        if (!bot) throw new Error('Failed to find bot');
-        if (!bot.isActive) throw new Error('Bot is not active');
-        
-        const privateKeyBot = decryptSymmetric({
-            ciphertext: bot.encryptedPrivateKey,
-            iv: bot.iv,
-            tag: bot.tag,
-            key: ENCRYPTION_KEY
-        });
-        
-        key = decryptAsymmetric({
-            ciphertext: botKey.encryptedKey,
-            nonce: botKey.nonce,
-            publicKey: botKey.sender.publicKey as string,
-            privateKey: privateKeyBot
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to get workspace key');
-    }
-    
-    return key;
-}
-
-/**
- * Return symmetrically encrypted [plaintext] using the
- * key for workspace with id [workspaceId] 
- * @param {Object} obj1
- * @param {String} obj1.workspaceId - id of workspace
- * @param {String} obj1.plaintext - plaintext to encrypt
- */
-const encryptSymmetricHelper = async ({
-    workspaceId,
-    plaintext
-}: {
-    workspaceId: string;
-    plaintext: string;
-}) => {
-    
-    try {
-        const key = await getKey({ workspaceId });
-        const { ciphertext, iv, tag } = encryptSymmetric({
-            plaintext,
-            key
-        });
-        
-        return ({
-            ciphertext,
-            iv,
-            tag
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to perform symmetric encryption with bot');
-    }
-}
-/**
- * Return symmetrically decrypted [ciphertext] using the
- * key for workspace with id [workspaceId]
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.ciphertext - ciphertext to decrypt
- * @param {String} obj.iv - iv
- * @param {String} obj.tag - tag
- */
-const decryptSymmetricHelper = async ({
-    workspaceId,
-    ciphertext,
-    iv,
-    tag
-}: {
-    workspaceId: string;
-    ciphertext: string;
-    iv: string;
-    tag: string;
-}) => {
-    let plaintext;
-    try {
-        const key = await getKey({ workspaceId });
-        const plaintext = decryptSymmetric({
-            ciphertext,
-            iv,
-            tag,
-            key
-        });
-        
-        return plaintext;
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to perform symmetric decryption with bot');
-    }
-    
-    return plaintext;
-}
-
-export {
-    createBot,
-    getSecretsHelper,
-    encryptSymmetricHelper,
-    decryptSymmetricHelper
-}
--- a/backend/src/helpers/database.ts
+++ b/backend/src/helpers/database.ts
@ -1,31 +0,0 @@
-import mongoose from 'mongoose';
-import { ISecret, Secret } from '../models';
-import { EESecretService } from '../ee/services';
-import { getLogger } from '../utils/logger';
-
-/**
- * Initialize database connection
- * @param {Object} obj
- * @param {String} obj.mongoURL - mongo connection string
- * @returns 
- */
-const initDatabaseHelper = async ({
-    mongoURL
-}: {
-    mongoURL: string;
-}) => {
-    try {
-        await mongoose.connect(mongoURL);
-        getLogger("database").info("Database connection established");
-        
-        await EESecretService.initSecretVersioning();
-    } catch (err) {
-        getLogger("database").error(`Unable to establish Database connection due to the error.\n${err}`);
-    }
-
-    return mongoose.connection;
-}
-
-export {
-    initDatabaseHelper
-}
--- a/backend/src/helpers/event.ts
+++ b/backend/src/helpers/event.ts
@ -1,51 +0,0 @@
-import { Bot, IBot } from '../models';
-import * as Sentry from '@sentry/node';
-import { EVENT_PUSH_SECRETS } from '../variables';
-import { IntegrationService } from '../services';
-
-interface Event {
-    name: string;
-    workspaceId: string;
-    payload: any;
-}
-
-/**
- * Handle event [event]
- * @param {Object} obj
- * @param {Event} obj.event - an event
- * @param {String} obj.event.name - name of event
- * @param {String} obj.event.workspaceId - id of workspace that event is part of
- * @param {Object} obj.event.payload - payload of event (depends on event)
- */
-const handleEventHelper = async ({
-    event
-}: {
-    event: Event;
-}) => {
-    const { workspaceId } = event;
-    
-    // TODO: moduralize bot check into separate function
-    const bot = await Bot.findOne({
-        workspace: workspaceId,
-        isActive: true
-    });
-    
-    if (!bot) return;
-    
-    try {
-        switch (event.name) {
-            case EVENT_PUSH_SECRETS:
-                IntegrationService.syncIntegrations({
-                    workspaceId
-                });
-                break;
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-    }
-}
-
-export {
-    handleEventHelper
-}
--- a/backend/src/helpers/integration.ts
+++ b/backend/src/helpers/integration.ts
@ -1,358 +0,0 @@
-import * as Sentry from '@sentry/node';
-import {
-    Bot,
-    Integration,
-    IntegrationAuth,
-} from '../models';
-import { exchangeCode, exchangeRefresh, syncSecrets } from '../integrations';
-import { BotService } from '../services';
-import {
-    ENV_DEV,
-    EVENT_PUSH_SECRETS,
-    INTEGRATION_VERCEL,
-    INTEGRATION_NETLIFY
-} from '../variables';
-import { UnauthorizedRequestError } from '../utils/errors';
-import RequestError from '../utils/requestError';
-
-interface Update {
-    workspace: string;
-    integration: string;
-    teamId?: string;
-    accountId?: string;
-}
-
-/**
- * Perform OAuth2 code-token exchange for workspace with id [workspaceId] and integration
- * named [integration]
- * - Store integration access and refresh tokens returned from the OAuth2 code-token exchange
- * - Add placeholder inactive integration
- * - Create bot sequence for integration
- * @param {Object} obj
- * @param {String} obj.workspaceId - id of workspace
- * @param {String} obj.integration - name of integration 
- * @param {String} obj.code - code
-*/
-const handleOAuthExchangeHelper = async ({
-    workspaceId,
-    integration,
-    code
-}: {
-    workspaceId: string;
-    integration: string;
-    code: string;
-}) => {
-    let action;
-    let integrationAuth;
-    try {
-        const bot = await Bot.findOne({
-            workspace: workspaceId,
-            isActive: true
-        });
-        
-        if (!bot) throw new Error('Bot must be enabled for OAuth2 code-token exchange');
-        
-        // exchange code for access and refresh tokens
-        const res = await exchangeCode({
-            integration,
-            code
-        });
-        
-        const update: Update = {
-            workspace: workspaceId,
-            integration
-        }
-        
-        switch (integration) {
-            case INTEGRATION_VERCEL:
-                update.teamId = res.teamId;
-                break;
-            case INTEGRATION_NETLIFY:
-                update.accountId = res.accountId;
-                break;
-        }
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            workspace: workspaceId,
-            integration
-        }, update, {
-            new: true,
-            upsert: true
-        });
-        
-        if (res.refreshToken) {
-            // case: refresh token returned from exchange
-            // set integration auth refresh token
-            await setIntegrationAuthRefreshHelper({
-                integrationAuthId: integrationAuth._id.toString(),
-                refreshToken: res.refreshToken
-            });
-        }
-        
-        if (res.accessToken) {
-            // case: access token returned from exchange
-            // set integration auth access token
-            await setIntegrationAuthAccessHelper({
-                integrationAuthId: integrationAuth._id.toString(),
-                accessToken: res.accessToken,
-                accessExpiresAt: res.accessExpiresAt
-            });
-        }
-
-        // initialize new integration after exchange
-        await new Integration({
-            workspace: workspaceId,
-            environment: ENV_DEV,
-            isActive: false,
-            app: null,
-            integration,
-            integrationAuth: integrationAuth._id
-        }).save();
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to handle OAuth2 code-token exchange')
-    }
-}
-/**
- * Sync/push environment variables in workspace with id [workspaceId] to
- * all active integrations for that workspace
- * @param {Object} obj
- * @param {Object} obj.workspaceId - id of workspace
- */
-const syncIntegrationsHelper = async ({
-    workspaceId
-}: {
-    workspaceId: string;
-}) => {
-    let integrations;
-    try {
-
-        integrations = await Integration.find({
-            workspace: workspaceId,
-            isActive: true,
-            app: { $ne: null }
-        });
-
-        // for each workspace integration, sync/push secrets
-        // to that integration
-        for await (const integration of integrations) {
-            // get workspace, environment (shared) secrets
-            const secrets = await BotService.getSecrets({ // issue here?
-                workspaceId: integration.workspace.toString(),
-                environment: integration.environment
-            });
-            
-            const integrationAuth = await IntegrationAuth.findById(integration.integrationAuth);
-            if (!integrationAuth) throw new Error('Failed to find integration auth');
-            
-            // get integration auth access token
-            const accessToken = await getIntegrationAuthAccessHelper({
-                integrationAuthId: integration.integrationAuth.toString()
-            });
-
-            // sync secrets to integration
-            await syncSecrets({
-                integration,
-                integrationAuth,
-                secrets,
-                accessToken
-            });
-        }
-    } catch (err) {
-        Sentry.setUser(null);
-        Sentry.captureException(err);
-        throw new Error('Failed to sync secrets to integrations');
-    }
-}
-
-/**
- * Return decrypted refresh token using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} refreshToken - decrypted refresh token
- */
- const getIntegrationAuthRefreshHelper = async ({ integrationAuthId }: { integrationAuthId: string }) => {
-    let refreshToken;
-	
-    try {
-        const integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId)
-            .select('+refreshCiphertext +refreshIV +refreshTag');
-
-        if (!integrationAuth) throw UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'});
-
-        refreshToken = await BotService.decryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            ciphertext: integrationAuth.refreshCiphertext as string,
-            iv: integrationAuth.refreshIV as string,
-            tag: integrationAuth.refreshTag as string
-        });
-
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        if(err instanceof RequestError)
-            throw err
-        else
-            throw new Error('Failed to get integration refresh token');
-    }
-    
-    return refreshToken;
-}
-
-/**
- * Return decrypted access token using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @returns {String} accessToken - decrypted access token
- */
-const getIntegrationAuthAccessHelper = async ({ integrationAuthId }: { integrationAuthId: string }) => {
-    let accessToken;
-	
-    try {
-        const integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId)
-            .select('workspace integration +accessCiphertext +accessIV +accessTag +accessExpiresAt + refreshCiphertext');
-
-        if (!integrationAuth) throw UnauthorizedRequestError({message: 'Failed to locate Integration Authentication credentials'});
-
-        accessToken = await BotService.decryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            ciphertext: integrationAuth.accessCiphertext as string,
-            iv: integrationAuth.accessIV as string,
-            tag: integrationAuth.accessTag as string
-        });
-
-        if (integrationAuth?.accessExpiresAt && integrationAuth?.refreshCiphertext) {
-            // there is a access token expiration date
-            // and refresh token to exchange with the OAuth2 server
-            
-            if (integrationAuth.accessExpiresAt < new Date()) {
-                // access token is expired
-                const refreshToken = await getIntegrationAuthRefreshHelper({ integrationAuthId });
-                accessToken = await exchangeRefresh({
-                    integration: integrationAuth.integration,
-                    refreshToken
-                });
-            }
-        }
-
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-        if(err instanceof RequestError)
-            throw err
-        else
-            throw new Error('Failed to get integration access token');
-    }
-    
-    return accessToken;
-}
-
-/**
- * Encrypt refresh token [refreshToken] using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId] and store it
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} obj.refreshToken - refresh token
- */
-const setIntegrationAuthRefreshHelper = async ({
-    integrationAuthId,
-    refreshToken
-}: {
-    integrationAuthId: string;
-    refreshToken: string;
-}) => {
-    
-    let integrationAuth;
-    try {
-        integrationAuth = await IntegrationAuth
-            .findById(integrationAuthId);
-        
-        if (!integrationAuth) throw new Error('Failed to find integration auth');
-        
-        const obj = await BotService.encryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            plaintext: refreshToken
-        });
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            _id: integrationAuthId
-        }, {
-            refreshCiphertext: obj.ciphertext,
-            refreshIV: obj.iv,
-            refreshTag: obj.tag
-        }, {
-            new: true
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to set integration auth refresh token');
-    }
-    
-    return integrationAuth;
-}
-
-/**
- * Encrypt access token [accessToken] using the bot's copy
- * of the workspace key for workspace belonging to integration auth
- * with id [integrationAuthId] and store it along with [accessExpiresAt]
- * @param {Object} obj
- * @param {String} obj.integrationAuthId - id of integration auth
- * @param {String} obj.accessToken - access token
- * @param {Date} obj.accessExpiresAt - expiration date of access token
- */
-const setIntegrationAuthAccessHelper = async ({
-    integrationAuthId,
-    accessToken,
-    accessExpiresAt
-}: {
-    integrationAuthId: string;
-    accessToken: string;
-    accessExpiresAt: Date;
-}) => {
-    let integrationAuth;
-    try {
-        integrationAuth = await IntegrationAuth.findById(integrationAuthId);
-        
-        if (!integrationAuth) throw new Error('Failed to find integration auth');
-        
-        const obj = await BotService.encryptSymmetric({
-            workspaceId: integrationAuth.workspace.toString(),
-            plaintext: accessToken
-        });
-        
-        integrationAuth = await IntegrationAuth.findOneAndUpdate({
-            _id: integrationAuthId
-        }, {
-            accessCiphertext: obj.ciphertext,
-            accessIV: obj.iv,
-            accessTag: obj.tag,
-            accessExpiresAt
-        }, {
-            new: true
-        });
-    } catch (err) {
-        Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to save integration auth access token');
-    }
-    
-    return integrationAuth;
-}
-
-export {
-    handleOAuthExchangeHelper,
-    syncIntegrationsHelper,
-    getIntegrationAuthRefreshHelper,
-    getIntegrationAuthAccessHelper,
-    setIntegrationAuthRefreshHelper,
-    setIntegrationAuthAccessHelper
-}
--- a/backend/src/helpers/integrationAuth.ts
+++ b/backend/src/helpers/integrationAuth.ts
@ -0,0 +1,174 @@
+import * as Sentry from '@sentry/node';
+import axios from 'axios';
+import { IntegrationAuth } from '../models';
+import { encryptSymmetric, decryptSymmetric } from '../utils/crypto';
+import { IIntegrationAuth } from '../models';
+import {
+	ENCRYPTION_KEY,
+	OAUTH_CLIENT_SECRET_HEROKU,
+	OAUTH_TOKEN_URL_HEROKU
+} from '../config';
+
+/**
+ * Process token exchange and refresh responses from respective OAuth2 authorization servers by
+ * encrypting access and refresh tokens, computing new access token expiration times [accessExpiresAt],
+ * and upserting them into the DB for workspace with id [workspaceId] and integration [integration].
+ * @param {Object} obj
+ * @param {String} obj.workspaceId - id of workspace
+ * @param {String} obj.integration - name of integration (e.g. heroku)
+ * @param {Object} obj.res - response from OAuth2 authorization server
+ */
+const processOAuthTokenRes = async ({
+	workspaceId,
+	integration,
+	res
+}: {
+	workspaceId: string;
+	integration: string;
+	res: any;
+}): Promise<IIntegrationAuth> => {
+	let integrationAuth;
+	try {
+		// encrypt refresh + access tokens
+		const {
+			ciphertext: refreshCiphertext,
+			iv: refreshIV,
+			tag: refreshTag
+		} = encryptSymmetric({
+			plaintext: res.data.refresh_token,
+			key: ENCRYPTION_KEY
+		});
+
+		const {
+			ciphertext: accessCiphertext,
+			iv: accessIV,
+			tag: accessTag
+		} = encryptSymmetric({
+			plaintext: res.data.access_token,
+			key: ENCRYPTION_KEY
+		});
+
+		// compute access token expiration date
+		const accessExpiresAt = new Date();
+		accessExpiresAt.setSeconds(
+			accessExpiresAt.getSeconds() + res.data.expires_in
+		);
+
+		// create or replace integration authorization with encrypted tokens
+		// and access token expiration date
+		integrationAuth = await IntegrationAuth.findOneAndUpdate(
+			{ workspace: workspaceId, integration },
+			{
+				workspace: workspaceId,
+				integration,
+				refreshCiphertext,
+				refreshIV,
+				refreshTag,
+				accessCiphertext,
+				accessIV,
+				accessTag,
+				accessExpiresAt
+			},
+			{ upsert: true, new: true }
+		);
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		throw new Error(
+			'Failed to process OAuth2 authorization server token response'
+		);
+	}
+
+	return integrationAuth;
+};
+
+/**
+ * Return access token for integration either by decrypting a non-expired access token [accessCiphertext] on
+ * the integration authorization document or by requesting a new one by decrypting and exchanging the
+ * refresh token [refreshCiphertext] with the respective OAuth2 authorization server.
+ * @param {Object} obj
+ * @param {IIntegrationAuth} obj.integrationAuth - an integration authorization document
+ * @returns {String} access token - new access token
+ */
+const getOAuthAccessToken = async ({
+	integrationAuth
+}: {
+	integrationAuth: IIntegrationAuth;
+}) => {
+	let accessToken;
+	try {
+		const {
+			refreshCiphertext,
+			refreshIV,
+			refreshTag,
+			accessCiphertext,
+			accessIV,
+			accessTag,
+			accessExpiresAt
+		} = integrationAuth;
+
+		if (
+			refreshCiphertext &&
+			refreshIV &&
+			refreshTag &&
+			accessCiphertext &&
+			accessIV &&
+			accessTag &&
+			accessExpiresAt
+		) {
+			if (accessExpiresAt < new Date()) {
+				// case: access token expired
+				// TODO: fetch another access token
+
+				let clientSecret;
+				switch (integrationAuth.integration) {
+					case 'heroku':
+						clientSecret = OAUTH_CLIENT_SECRET_HEROKU;
+				}
+
+				// record new access token and refresh token
+				// encrypt refresh + access tokens
+				const refreshToken = decryptSymmetric({
+					ciphertext: refreshCiphertext,
+					iv: refreshIV,
+					tag: refreshTag,
+					key: ENCRYPTION_KEY
+				});
+
+				// TODO: make route compatible with other integration types
+				const res = await axios.post(
+					OAUTH_TOKEN_URL_HEROKU, // maybe shouldn't be a config variable?
+					new URLSearchParams({
+						grant_type: 'refresh_token',
+						refresh_token: refreshToken,
+						client_secret: clientSecret
+					} as any)
+				);
+
+				accessToken = res.data.access_token;
+
+				await processOAuthTokenRes({
+					workspaceId: integrationAuth.workspace.toString(),
+					integration: integrationAuth.integration,
+					res
+				});
+			} else {
+				// case: access token still works
+				accessToken = decryptSymmetric({
+					ciphertext: accessCiphertext,
+					iv: accessIV,
+					tag: accessTag,
+					key: ENCRYPTION_KEY
+				});
+			}
+		}
+	} catch (err) {
+		Sentry.setUser(null);
+		Sentry.captureException(err);
+		throw new Error('Failed to get OAuth2 access token');
+	}
+
+	return accessToken;
+};
+
+export { processOAuthTokenRes, getOAuthAccessToken };
--- a/backend/src/helpers/membership.ts
+++ b/backend/src/helpers/membership.ts
@ -1,45 +1,6 @@
 import * as Sentry from '@sentry/node';
 import { Membership, Key } from '../models';

-/**
- * Validate that user with id [userId] is a member of workspace with id [workspaceId]
- * and has at least one of the roles in [acceptedRoles]
- * @param {Object} obj
- * @param {String} obj.userId - id of user to validate
- * @param {String} obj.workspaceId - id of workspace
- */
-const validateMembership = async ({
-	userId,
-	workspaceId,
-	acceptedRoles,
-}: {
-	userId: string;
-	workspaceId: string;
-	acceptedRoles: string[];
-}) => {
-	
-	let membership;
-	//TODO: Refactor code to take advantage of using RequestError. It's possible to create new types of errors for more detailed errors
-	try {
-		membership = await Membership.findOne({
-			user: userId,
-			workspace: workspaceId
-		}).populate("workspace");
-		
-		if (!membership) throw new Error('Failed to find membership');
-		
-		if (!acceptedRoles.includes(membership.role)) {
-			throw new Error('Failed to validate membership role');
-		}
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to validate membership');
-	}
-	
-	return membership;
-}
-
 /**
 * Return membership matching criteria specified in query [queryObj]
 * @param {Object} queryObj - query object
@ -65,15 +26,18 @@ const findMembership = async (queryObj: any) => {
 * @param {String[]} obj.userIds - id of users.
 * @param {String} obj.workspaceId - id of workspace.
 * @param {String[]} obj.roles - roles of users.
+ * @param {String[]} obj.statuses - statuses of users.
 */
 const addMemberships = async ({
 	userIds,
 	workspaceId,
-	roles
+	roles,
+	statuses
 }: {
 	userIds: string[];
 	workspaceId: string;
 	roles: string[];
+	statuses: string[];
 }): Promise<void> => {
 	try {
 		const operations = userIds.map((userId, idx) => {
@ -82,12 +46,14 @@ const addMemberships = async ({
 					filter: {
 						user: userId,
 						workspace: workspaceId,
-						role: roles[idx]
+						role: roles[idx],
+						status: statuses[idx]
 					},
 					update: {
 						user: userId,
 						workspace: workspaceId,
-						role: roles[idx]
+						role: roles[idx],
+						status: statuses[idx]
 					},
 					upsert: true
 				}
@ -131,9 +97,4 @@ const deleteMembership = async ({ membershipId }: { membershipId: string }) => {
 	return deletedMembership;
 };

-export { 
-	validateMembership,
-	addMemberships, 
-	findMembership, 
-	deleteMembership 
-};
+export { addMemberships, findMembership, deleteMembership };
--- a/backend/src/helpers/nodemailer.ts
+++ b/backend/src/helpers/nodemailer.ts
@ -2,10 +2,21 @@ import fs from 'fs';
 import path from 'path';
 import handlebars from 'handlebars';
 import nodemailer from 'nodemailer';
-import { SMTP_FROM_NAME, SMTP_FROM_ADDRESS } from '../config';
-import * as Sentry from '@sentry/node';
+import { SMTP_HOST, SMTP_NAME, SMTP_USERNAME, SMTP_PASSWORD } from '../config';

-let smtpTransporter: nodemailer.Transporter;
+// create nodemailer transporter
+const transporter = nodemailer.createTransport({
+	host: SMTP_HOST,
+	port: 587,
+	auth: {
+		user: SMTP_USERNAME,
+		pass: SMTP_PASSWORD
+	}
+});
+transporter
+	.verify()
+	.then(() => console.log('SMTP - Successfully connected'))
+	.catch((err) => console.log('SMTP - Failed to connect'));

 /**
 * @param {Object} obj
@ -15,38 +26,33 @@ let smtpTransporter: nodemailer.Transporter;
 * @param {Object} obj.substitutions - object containing template substitutions
 */
 const sendMail = async ({
-  template,
-  subjectLine,
-  recipients,
-  substitutions
+	template,
+	subjectLine,
+	recipients,
+	substitutions
 }: {
-  template: string;
-  subjectLine: string;
-  recipients: string[];
-  substitutions: any;
+	template: string;
+	subjectLine: string;
+	recipients: string[];
+	substitutions: any;
 }) => {
-  try {
-    const html = fs.readFileSync(
-      path.resolve(__dirname, '../templates/' + template),
-      'utf8'
-    );
-    const temp = handlebars.compile(html);
-    const htmlToSend = temp(substitutions);
+	try {
+		const html = fs.readFileSync(
+			path.resolve(__dirname, '../templates/' + template),
+			'utf8'
+		);
+		const temp = handlebars.compile(html);
+		const htmlToSend = temp(substitutions);

-    await smtpTransporter.sendMail({
-      from: `"${SMTP_FROM_NAME}" <${SMTP_FROM_ADDRESS}>`,
-      to: recipients.join(', '),
-      subject: subjectLine,
-      html: htmlToSend
-    });
-  } catch (err) {
-    Sentry.setUser(null);
-    Sentry.captureException(err);
-  }
+		await transporter.sendMail({
+			from: `"${SMTP_NAME}" <${SMTP_USERNAME}>`,
+			to: recipients.join(', '),
+			subject: subjectLine,
+			html: htmlToSend
+		});
+	} catch (err) {
+		console.error(err);
+	}
 };

-const setTransporter = (transporter: nodemailer.Transporter) => {
-  smtpTransporter = transporter;
-};
-
-export { sendMail, setTransporter };
+export { sendMail };
--- a/backend/src/helpers/rateLimiter.ts
+++ b/backend/src/helpers/rateLimiter.ts
@ -2,37 +2,34 @@ import rateLimit from 'express-rate-limit';

 // 300 requests per 15 minutes
 const apiLimiter = rateLimit({
-  windowMs: 15 * 60 * 1000,
-  max: 450,
-  standardHeaders: true,
-  legacyHeaders: false,
-  skip: (request) => {
-    return request.path === '/healthcheck' || request.path === '/api/status'
-  }
+	windowMs: 15 * 60 * 1000,
+	max: 400,
+	standardHeaders: true,
+	legacyHeaders: false
 });

 // 5 requests per hour
 const signupLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 10,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 10,
+	standardHeaders: true,
+	legacyHeaders: false
 });

 // 10 requests per hour
 const loginLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 25,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 20,
+	standardHeaders: true,
+	legacyHeaders: false
 });

 // 5 requests per hour
 const passwordLimiter = rateLimit({
-  windowMs: 60 * 60 * 1000,
-  max: 10,
-  standardHeaders: true,
-  legacyHeaders: false
+	windowMs: 60 * 60 * 1000,
+	max: 10,
+	standardHeaders: true,
+	legacyHeaders: false
 });

 export { apiLimiter, signupLimiter, loginLimiter, passwordLimiter };
--- a/backend/src/helpers/secret.ts
+++ b/backend/src/helpers/secret.ts
@ -1,67 +1,12 @@
 import * as Sentry from '@sentry/node';
-import { Types } from 'mongoose';
 import {
 	Secret,
-	ISecret,
-	Membership
+	ISecret
 } from '../models';
-import {
-	EESecretService,
-	EELogService
-} from '../ee/services';
-import {
-	IAction
-} from '../ee/models';
-import { 
-	SECRET_SHARED, 
-	SECRET_PERSONAL,
-	ACTION_ADD_SECRETS,
-	ACTION_UPDATE_SECRETS,
-	ACTION_DELETE_SECRETS,
-	ACTION_READ_SECRETS
-} from '../variables';
+import { decryptSymmetric } from '../utils/crypto';
+import { SECRET_SHARED, SECRET_PERSONAL } from '../variables';

-/**
- * Validate that user with id [userId] can modify secrets with ids [secretIds]
- * @param {Object} obj
- * @param {Object} obj.userId - id of user to validate
- * @param {Object} obj.secretIds - secret ids
- * @returns {Secret[]} secrets
- */
-const validateSecrets = async ({
-	userId,
-	secretIds
-}: {
-	userId: string;
-	secretIds: string[];
-}) =>{
-	let secrets;
-	try {
-		secrets = await Secret.find({
-			_id: {
-				$in: secretIds
-			}
-		});
-		
-		const workspaceIdsSet = new Set((await Membership.find({
-			user: userId
-		}, 'workspace'))
-		.map((m) => m.workspace.toString()));
-		
-		secrets.forEach((secret: ISecret) => {
-			if (!workspaceIdsSet.has(secret.workspace.toString())) {
-				throw new Error('Failed to validate secret');
-			}
-		});
-		
-	} catch (err) {
-		throw new Error('Failed to validate secrets');
-	}
-
-	return secrets;
-}
-
-interface V1PushSecret {
+interface PushSecret {
 	ciphertextKey: string;
 	ivKey: string;
 	tagKey: string;
@ -70,32 +15,14 @@ interface V1PushSecret {
 	ivValue: string;
 	tagValue: string;
 	hashValue: string;
-	ciphertextComment: string;
-	ivComment: string;
-	tagComment: string;
-	hashComment: string;
 	type: 'shared' | 'personal';
 }

-interface V2PushSecret {
-	type: string; // personal or shared
-	secretKeyCiphertext: string;
-	secretKeyIV: string;
-	secretKeyTag: string;
-	secretKeyHash: string;
-	secretValueCiphertext: string;
-	secretValueIV: string;
-	secretValueTag: string;
-	secretValueHash: string;
-	secretCommentCiphertext?: string;
-	secretCommentIV?: string;
-	secretCommentTag?: string;
-	secretCommentHash?: string;
+interface Update {
+	[index: string]: string;
 }

-interface Update {
-	[index: string]: any;
-}
+type DecryptSecretType = 'text' | 'object' | 'expanded';

 /**
 * Push secrets for user with id [userId] to workspace
@ -108,155 +35,92 @@ interface Update {
 * @param {String} obj.environment - environment for secrets
 * @param {Object[]} obj.secrets - secrets to push
 */
-const v1PushSecrets = async ({
+const pushSecrets = async ({
 	userId,
 	workspaceId,
 	environment,
-	secrets,
+	secrets
 }: {
 	userId: string;
 	workspaceId: string;
 	environment: string;
-	secrets: V1PushSecret[];
+	secrets: PushSecret[];
 }): Promise<void> => {
-	// TODO: clean up function and fix up types
 	try {
 		// construct useful data structures
-		const oldSecrets = await getSecrets({
+		const oldSecrets = await pullSecrets({
 			userId,
 			workspaceId,
 			environment
 		});
-		
-		const oldSecretsObj: any = oldSecrets.reduce((accumulator, s: any) => 
-			({ ...accumulator, [`${s.type}-${s.secretKeyHash}`]: s })
-		, {});
-		const newSecretsObj: any = secrets.reduce((accumulator, s) => 
-			({ ...accumulator, [`${s.type}-${s.hashKey}`]: s })
-		, {});
+		const oldSecretsObj: any = oldSecrets.reduce((accumulator, s: any) => {
+			return { ...accumulator, [s.secretKeyHash]: s };
+		}, {});
+		const newSecretsObj = secrets.reduce((accumulator, s) => {
+			return { ...accumulator, [s.hashKey]: s };
+		}, {});

 		// handle deleting secrets
-		const toDelete = oldSecrets
-			.filter(
-				(s: ISecret) => !(`${s.type}-${s.secretKeyHash}` in newSecretsObj)
-			)
-			.map((s) => s._id);
+		const toDelete = oldSecrets.filter(
+			(s: ISecret) => !(s.secretKeyHash in newSecretsObj)
+		);
 		if (toDelete.length > 0) {
 			await Secret.deleteMany({
-				_id: { $in: toDelete }
-			});
-
-			await EESecretService.markDeletedSecretVersions({
-				secretIds: toDelete
+				_id: { $in: toDelete.map((s) => s._id) }
 			});
 		}
-		
-		const toUpdate = oldSecrets
+
+		// handle modifying secrets where type or value changed
+		const operations = secrets
 			.filter((s) => {
-				if (`${s.type}-${s.secretKeyHash}` in newSecretsObj) {
-					if (s.secretValueHash !== newSecretsObj[`${s.type}-${s.secretKeyHash}`].hashValue 
-					|| s.secretCommentHash !== newSecretsObj[`${s.type}-${s.secretKeyHash}`].hashComment) {
-						// case: filter secrets where value or comment changed
+				if (s.hashKey in oldSecretsObj) {
+					if (s.hashValue !== oldSecretsObj[s.hashKey].secretValueHash) {
+						// case: filter secrets where value changed
 						return true;
 					}

-					if (!s.version) {
-						// case: filter (legacy) secrets that were not versioned
+					if (s.type !== oldSecretsObj[s.hashKey].type) {
+						// case: filter secrets where type changed
 						return true;
 					}
 				}
-				
+
 				return false;
-			});
-
-		const operations = toUpdate
+			})
 			.map((s) => {
-				const {
-					ciphertextValue,
-					ivValue,
-					tagValue,
-					hashValue,
-					ciphertextComment,
-					ivComment,
-					tagComment,
-					hashComment
-				} = newSecretsObj[`${s.type}-${s.secretKeyHash}`];
-
 				const update: Update = {
-					secretValueCiphertext: ciphertextValue,
-					secretValueIV: ivValue,
-					secretValueTag: tagValue,
-					secretValueHash: hashValue,
-					secretCommentCiphertext: ciphertextComment,
-					secretCommentIV: ivComment,
-					secretCommentTag: tagComment,
-					secretCommentHash: hashComment,
-				}
-
-				if (!s.version) {
-					// case: (legacy) secret was not versioned
-					update.version = 1;
-				} else {
-					update['$inc'] = {
-						version: 1
-					}
-				}
+					type: s.type,
+					secretValueCiphertext: s.ciphertextValue,
+					secretValueIV: s.ivValue,
+					secretValueTag: s.tagValue,
+					secretValueHash: s.hashValue
+				};

 				if (s.type === SECRET_PERSONAL) {
-					// attach user associated with the personal secret
+					// attach user assocaited with the personal secret
 					update['user'] = userId;
 				}

 				return {
 					updateOne: {
 						filter: {
-							_id: oldSecretsObj[`${s.type}-${s.secretKeyHash}`]._id
+							workspace: workspaceId,
+							_id: oldSecretsObj[s.hashKey]._id
 						},
 						update
 					}
 				};
 			});
-		await Secret.bulkWrite(operations as any);
-		
-		// (EE) add secret versions for updated secrets
-		await EESecretService.addSecretVersions({
-			secretVersions: toUpdate.map(({
-				_id,
-				version,
-				type,
-				secretKeyHash,
-			}) => {
-				const newSecret = newSecretsObj[`${type}-${secretKeyHash}`];
-				return ({
-					_id: new Types.ObjectId(),
-					secret: _id,
-					version: version ? version + 1 : 1,
-					workspace: new Types.ObjectId(workspaceId),
-					type: newSecret.type,
-					user: new Types.ObjectId(userId),
-					environment,
-					isDeleted: false,
-					secretKeyCiphertext: newSecret.ciphertextKey,
-					secretKeyIV: newSecret.ivKey,
-					secretKeyTag: newSecret.tagKey,
-					secretKeyHash: newSecret.hashKey,
-					secretValueCiphertext: newSecret.ciphertextValue,
-					secretValueIV: newSecret.ivValue,
-					secretValueTag: newSecret.tagValue,
-					secretValueHash: newSecret.hashValue
-				})
-			}) 
-		});
+		const a = await Secret.bulkWrite(operations as any);

 		// handle adding new secrets
-		const toAdd = secrets.filter((s) => !(`${s.type}-${s.hashKey}` in oldSecretsObj));
+		const toAdd = secrets.filter((s) => !(s.hashKey in oldSecretsObj));

 		if (toAdd.length > 0) {
 			// add secrets
-			const newSecrets = await Secret.insertMany(
+			await Secret.insertMany(
 				toAdd.map((s, idx) => {
-					const obj: any = {
-						version: 1,
+					let obj: any = {
 						workspace: workspaceId,
 						type: toAdd[idx].type,
 						environment,
@ -267,11 +131,7 @@ const v1PushSecrets = async ({
 						secretValueCiphertext: s.ciphertextValue,
 						secretValueIV: s.ivValue,
 						secretValueTag: s.tagValue,
-						secretValueHash: s.hashValue,
-						secretCommentCiphertext: s.ciphertextComment,
-						secretCommentIV: s.ivComment,
-						secretCommentTag: s.tagComment,
-						secretCommentHash: s.hashComment
+						secretValueHash: s.hashValue
 					};

 					if (toAdd[idx].type === 'personal') {
@ -281,269 +141,6 @@ const v1PushSecrets = async ({
 					return obj;
 				})
 			);
-
-			// (EE) add secret versions for new secrets
-			EESecretService.addSecretVersions({
-				secretVersions: newSecrets.map(({
-					_id,
-					version,
-					workspace,
-					type,
-					user,
-					environment,
-					secretKeyCiphertext,
-					secretKeyIV,
-					secretKeyTag,
-					secretKeyHash,
-					secretValueCiphertext,
-					secretValueIV,
-					secretValueTag,
-					secretValueHash
-				}) => ({
-					_id: new Types.ObjectId(),
-					secret: _id,
-					version,
-					workspace,
-					type,
-					user,
-					environment,
-					isDeleted: false,
-					secretKeyCiphertext,
-					secretKeyIV,
-					secretKeyTag,
-					secretKeyHash,
-					secretValueCiphertext,
-					secretValueIV,
-					secretValueTag,
-					secretValueHash
-				}))
-			});
-		}
-		
-		// (EE) take a secret snapshot
-		await EESecretService.takeSecretSnapshot({
-			workspaceId
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to push shared and personal secrets');
-	}
-};
-
-/**
- * Push secrets for user with id [userId] to workspace
- * with id [workspaceId] with environment [environment]. Follow steps:
- * 1. Handle shared secrets (insert, delete)
- * 2. handle personal secrets (insert, delete)
- * @param {Object} obj
- * @param {String} obj.userId - id of user to push secrets for
- * @param {String} obj.workspaceId - id of workspace to push to
- * @param {String} obj.environment - environment for secrets
- * @param {Object[]} obj.secrets - secrets to push
- * @param {String} obj.channel - channel (web/cli/auto)
- * @param {String} obj.ipAddress - ip address of request to push secrets
- */
- const v2PushSecrets = async ({
-	userId,
-	workspaceId,
-	environment,
-	secrets,
-	channel,
-	ipAddress
-}: {
-	userId: string;
-	workspaceId: string;
-	environment: string;
-	secrets: V2PushSecret[];
-	channel: string;
-	ipAddress: string;
-}): Promise<void> => {
-	// TODO: clean up function and fix up types
-	try {
-		const actions: IAction[] = [];
-		
-		// construct useful data structures
-		const oldSecrets = await getSecrets({
-			userId,
-			workspaceId,
-			environment
-		});
-		
-		const oldSecretsObj: any = oldSecrets.reduce((accumulator, s: any) => 
-			({ ...accumulator, [`${s.type}-${s.secretKeyHash}`]: s })
-		, {});
-		const newSecretsObj: any = secrets.reduce((accumulator, s) => 
-			({ ...accumulator, [`${s.type}-${s.secretKeyHash}`]: s })
-		, {});
-
-		// handle deleting secrets
-		const toDelete = oldSecrets
-			.filter(
-				(s: ISecret) => !(`${s.type}-${s.secretKeyHash}` in newSecretsObj)
-			)
-			.map((s) => s._id);
-		if (toDelete.length > 0) {
-			await Secret.deleteMany({
-				_id: { $in: toDelete }
-			});
-
-			await EESecretService.markDeletedSecretVersions({
-				secretIds: toDelete
-			});
-			
-			const deleteAction = await EELogService.createActionSecret({
-				name: ACTION_DELETE_SECRETS,
-				userId,
-				workspaceId,
-				secretIds: toDelete
-			});
-
-			deleteAction && actions.push(deleteAction);
-		}
-		
-		const toUpdate = oldSecrets
-			.filter((s) => {
-				if (`${s.type}-${s.secretKeyHash}` in newSecretsObj) {
-					if (s.secretValueHash !== newSecretsObj[`${s.type}-${s.secretKeyHash}`].secretValueHash 
-					|| s.secretCommentHash !== newSecretsObj[`${s.type}-${s.secretKeyHash}`].secretCommentHash) {
-						// case: filter secrets where value or comment changed
-						return true;
-					}
-
-					if (!s.version) {
-						// case: filter (legacy) secrets that were not versioned
-						return true;
-					}
-				}
-				
-				return false;
-			});
-
-		if (toUpdate.length > 0) {
-			const operations = toUpdate
-				.map((s) => {
-					const {
-						secretValueCiphertext,
-						secretValueIV,
-						secretValueTag,
-						secretValueHash,
-						secretCommentCiphertext,
-						secretCommentIV,
-						secretCommentTag,
-						secretCommentHash,
-					} = newSecretsObj[`${s.type}-${s.secretKeyHash}`];
-
-					const update: Update = {
-						secretValueCiphertext,
-						secretValueIV,
-						secretValueTag,
-						secretValueHash,
-						secretCommentCiphertext,
-						secretCommentIV,
-						secretCommentTag,
-						secretCommentHash,
-					}
-
-					if (!s.version) {
-						// case: (legacy) secret was not versioned
-						update.version = 1;
-					} else {
-						update['$inc'] = {
-							version: 1
-						}
-					}
-
-					if (s.type === SECRET_PERSONAL) {
-						// attach user associated with the personal secret
-						update['user'] = userId;
-					}
-
-					return {
-						updateOne: {
-							filter: {
-								_id: oldSecretsObj[`${s.type}-${s.secretKeyHash}`]._id
-							},
-							update
-						}
-					};
-				});
-			await Secret.bulkWrite(operations as any);
-			
-			// (EE) add secret versions for updated secrets
-			await EESecretService.addSecretVersions({
-				secretVersions: toUpdate.map((s) => {
-					return ({
-						...newSecretsObj[`${s.type}-${s.secretKeyHash}`],
-						secret: s._id,
-						version: s.version ? s.version + 1 : 1,
-						workspace: new Types.ObjectId(workspaceId),
-						user: s.user,
-						environment: s.environment,
-						isDeleted: false
-					})
-				}) 
-			});
-
-			const updateAction = await EELogService.createActionSecret({
-				name: ACTION_UPDATE_SECRETS,
-				userId,
-				workspaceId,
-				secretIds: toUpdate.map((u) => u._id)
-			});
-
-			updateAction && actions.push(updateAction);
-		}
-
-		// handle adding new secrets
-		const toAdd = secrets.filter((s) => !(`${s.type}-${s.secretKeyHash}` in oldSecretsObj));
-
-		if (toAdd.length > 0) {
-			// add secrets
-			const newSecrets = await Secret.insertMany(
-				toAdd.map((s, idx) => ({
-					...s,
-					version: 1,
-					workspace: workspaceId,
-					type: toAdd[idx].type,
-					environment,
-					...( toAdd[idx].type === 'personal' ? { user: userId } : {})
-				}))
-			);
-
-			// (EE) add secret versions for new secrets
-			EESecretService.addSecretVersions({
-				secretVersions: newSecrets.map((secretDocument) => { 
-					return {
-						...secretDocument.toObject(),
-						secret: secretDocument._id,
-						isDeleted: false
-				}})
-			});
-
-			const addAction = await EELogService.createActionSecret({
-				name: ACTION_ADD_SECRETS,
-				userId,
-				workspaceId,
-				secretIds: newSecrets.map((n) => n._id)
-			});
-			addAction && actions.push(addAction);
-		}
-		
-		// (EE) take a secret snapshot
-		await EESecretService.takeSecretSnapshot({
-			workspaceId
-		})
-
-		// (EE) create (audit) log
-		if (actions.length > 0) {
-			await EELogService.createLog({
-				userId,
-				workspaceId,
-				actions,
-				channel,
-				ipAddress
-			});
 		}
 	} catch (err) {
 		Sentry.setUser(null);
@ -553,14 +150,15 @@ const v1PushSecrets = async ({
 };

 /**
- * Get secrets for user with id [userId] for workspace
+ * Pull secrets for user with id [userId] for workspace
 * with id [workspaceId] with environment [environment]
 * @param {Object} obj
 * @param {String} obj.userId -id of user to pull secrets for
 * @param {String} obj.workspaceId - id of workspace to pull from
 * @param {String} obj.environment - environment for secrets
+ *
 */
- const getSecrets = async ({
+const pullSecrets = async ({
 	userId,
 	workspaceId,
 	environment
@ -570,7 +168,6 @@ const v1PushSecrets = async ({
 	environment: string;
 }): Promise<ISecret[]> => {
 	let secrets: any; // TODO: FIX any
-	
 	try {
 		// get shared workspace secrets
 		const sharedSecrets = await Secret.find({
@ -598,64 +195,9 @@ const v1PushSecrets = async ({
 	return secrets;
 };

-/**
- * Pull secrets for user with id [userId] for workspace
- * with id [workspaceId] with environment [environment]
- * @param {Object} obj
- * @param {String} obj.userId -id of user to pull secrets for
- * @param {String} obj.workspaceId - id of workspace to pull from
- * @param {String} obj.environment - environment for secrets
- * @param {String} obj.channel - channel (web/cli/auto)
- * @param {String} obj.ipAddress - ip address of request to push secrets
- */
-const pullSecrets = async ({
-	userId,
-	workspaceId,
-	environment,
-	channel,
-	ipAddress
-}: {
-	userId: string;
-	workspaceId: string;
-	environment: string;
-	channel: string;
-	ipAddress: string;
-}): Promise<ISecret[]> => {
-	let secrets: any;
-	
-	try {
-		secrets = await getSecrets({
-			userId,
-			workspaceId,
-			environment
-		})
-
-		const readAction = await EELogService.createActionSecret({
-			name: ACTION_READ_SECRETS,
-			userId,
-			workspaceId,
-			secretIds: secrets.map((n: any) => n._id)
-		});
-
-		readAction && await EELogService.createLog({
-			userId,
-			workspaceId,
-			actions: [readAction],
-			channel,
-			ipAddress
-		});
-	} catch (err) {
-		Sentry.setUser(null);
-		Sentry.captureException(err);
-		throw new Error('Failed to pull shared and personal secrets');
-	}
-
-	return secrets;
-};
-
 /**
 * Reformat output of pullSecrets() to be compatible with how existing
- * web client handle secrets
+ * clients handle secrets
 * @param {Object} obj
 * @param {Object} obj.secrets
 */
@ -680,13 +222,6 @@ const reformatPullSecrets = ({ secrets }: { secrets: ISecret[] }) => {
 				iv: s.secretValueIV,
 				tag: s.secretValueTag,
 				hash: s.secretValueHash
-			},
-			secretComment: {
-				workspace: s.workspace,
-				ciphertext: s.secretCommentCiphertext,
-				iv: s.secretCommentIV,
-				tag: s.secretCommentTag,
-				hash: s.secretCommentHash
 			}
 		}));
 	} catch (err) {
@ -698,10 +233,71 @@ const reformatPullSecrets = ({ secrets }: { secrets: ISecret[] }) => {
 	return reformatedSecrets;
 };

-export {
-	validateSecrets,
-	v1PushSecrets,
-	v2PushSecrets,
-	pullSecrets,
-	reformatPullSecrets
+/**
+ * Return decrypted secrets in format [format]
+ * @param {Object} obj
+ * @param {Object[]} obj.secrets - array of (encrypted) secret key-value pair objects
+ * @param {String} obj.key - symmetric key to decrypt secret key-value pairs
+ * @param {String} obj.format - desired return format that is either "text," "object," or "expanded"
+ * @return {String|Object} (decrypted) secrets also called the content
+ */
+const decryptSecrets = ({
+	secrets,
+	key,
+	format
+}: {
+	secrets: PushSecret[];
+	key: string;
+	format: DecryptSecretType;
+}) => {
+	// init content
+	let content: any = format === 'text' ? '' : {};
+
+	// decrypt secrets
+	secrets.forEach((s, idx) => {
+		const secretKey = decryptSymmetric({
+			ciphertext: s.ciphertextKey,
+			iv: s.ivKey,
+			tag: s.tagKey,
+			key
+		});
+
+		const secretValue = decryptSymmetric({
+			ciphertext: s.ciphertextValue,
+			iv: s.ivValue,
+			tag: s.tagValue,
+			key
+		});
+
+		switch (format) {
+			case 'text':
+				content += secretKey;
+				content += '=';
+				content += secretValue;
+
+				if (idx < secrets.length) {
+					content += '\n';
+				}
+				break;
+			case 'object':
+				content[secretKey] = secretValue;
+				break;
+			case 'expanded':
+				content[secretKey] = {
+					...s,
+					plaintextKey: secretKey,
+					plaintextValue: secretValue
+				};
+				break;
+		}
+	});
+
+	return content;
+};
+
+export {
+	pushSecrets,
+	pullSecrets,
+	reformatPullSecrets,
+	decryptSecrets
 };
--- a/backend/src/helpers/signup.ts
+++ b/backend/src/helpers/signup.ts
@ -5,7 +5,7 @@ import { createOrganization } from './organization';
 import { addMembershipsOrg } from './membershipOrg';
 import { createWorkspace } from './workspace';
 import { addMemberships } from './membership';
-import { OWNER, ADMIN, ACCEPTED } from '../variables';
+import { OWNER, ADMIN, ACCEPTED, GRANTED } from '../variables';
 import { sendMail } from '../helpers/nodemailer';

 /**
@ -33,7 +33,7 @@ const sendEmailVerification = async ({ email }: { email: string }) => {
 		// send mail
 		await sendMail({
 			template: 'emailVerification.handlebars',
-			subjectLine: 'Infisical confirmation code',
+			subjectLine: 'Infisical workspace invitation',
 			recipients: [email],
 			substitutions: {
 				code: token
@ -66,7 +66,7 @@ const checkEmailVerification = async ({
 			email,
 			token: code
 		});
-	
+
 		if (!token) throw new Error('Failed to find email verification token');
 	} catch (err) {
 		Sentry.setUser(null);
@ -106,14 +106,15 @@ const initializeDefaultOrg = async ({

 		// initialize a default workspace inside the new organization
 		const workspace = await createWorkspace({
-			name: `Example Project`,
+			name: `${user.firstName}'s Project`,
 			organizationId: organization._id.toString()
 		});

 		await addMemberships({
 			userIds: [user._id.toString()],
 			workspaceId: workspace._id.toString(),
-			roles: [ADMIN]
+			roles: [ADMIN],
+			statuses: [GRANTED]
 		});
 	} catch (err) {
 		throw new Error('Failed to initialize default organization and workspace');
--- a/backend/src/helpers/workspace.ts
+++ b/backend/src/helpers/workspace.ts
@ -1,16 +1,13 @@
 import * as Sentry from '@sentry/node';
 import {
 	Workspace,
-	Bot,
 	Membership,
 	Key,
 	Secret
 } from '../models';
-import { createBot } from '../helpers/bot';

 /**
 * Create a workspace with name [name] in organization with id [organizationId]
- * and a bot for it.
 * @param {String} name - name of workspace to create.
 * @param {String} organizationId - id of organization to create workspace in
 * @param {Object} workspace - new workspace
@ -24,16 +21,10 @@ const createWorkspace = async ({
 }) => {
 	let workspace;
 	try {
-		// create workspace
 		workspace = await new Workspace({
 			name,
 			organization: organizationId
 		}).save();
-		
-		const bot = await createBot({
-			name: 'Infisical Bot',
-			workspaceId: workspace._id.toString()
-		});
 	} catch (err) {
 		Sentry.setUser(null);
 		Sentry.captureException(err);
@ -52,9 +43,6 @@ const createWorkspace = async ({
 const deleteWorkspace = async ({ id }: { id: string }) => {
 	try {
 		await Workspace.deleteOne({ _id: id });
-		await Bot.deleteOne({
-			workspace: id
-		});
 		await Membership.deleteMany({
 			workspace: id
 		});
--- a/backend/src/index.ts
+++ b/backend/src/index.ts
@ -1,25 +1,91 @@
+import express from 'express';
+import helmet from 'helmet';
+import cors from 'cors';
+import cookieParser from 'cookie-parser';
+import mongoose from 'mongoose';
 import dotenv from 'dotenv';
+
 dotenv.config();
-
 import * as Sentry from '@sentry/node';
-import { SENTRY_DSN, NODE_ENV, MONGO_URL } from './config';
-import { server } from './app';
-import { DatabaseService } from './services';
-import { setUpHealthEndpoint } from './services/health';
-import { initSmtp } from './services/smtp';
-import { setTransporter } from './helpers/nodemailer';
+import { PORT, SENTRY_DSN, NODE_ENV, MONGO_URL, SITE_URL, POSTHOG_PROJECT_API_KEY, POSTHOG_HOST, TELEMETRY_ENABLED } from './config';
+import { apiLimiter } from './helpers/rateLimiter';

-DatabaseService.initDatabase(MONGO_URL);
+const app = express();

-setUpHealthEndpoint(server);
+Sentry.init({
+	dsn: SENTRY_DSN,
+	tracesSampleRate: 1.0,
+	debug: NODE_ENV === 'production' ? false : true,
+	environment: NODE_ENV
+});

-setTransporter(initSmtp());
+import {
+	signup as signupRouter,
+	auth as authRouter,
+	organization as organizationRouter,
+	workspace as workspaceRouter,
+	membershipOrg as membershipOrgRouter,
+	membership as membershipRouter,
+	key as keyRouter,
+	inviteOrg as inviteOrgRouter,
+	user as userRouter,
+	userAction as userActionRouter,
+	secret as secretRouter,
+	serviceToken as serviceTokenRouter,
+	password as passwordRouter,
+	stripe as stripeRouter,
+	integration as integrationRouter,
+	integrationAuth as integrationAuthRouter
+} from './routes';

-if (NODE_ENV !== 'test') {
-  Sentry.init({
-    dsn: SENTRY_DSN,
-    tracesSampleRate: 1.0,
-    debug: NODE_ENV === 'production' ? false : true,
-    environment: NODE_ENV
-  });
+const connectWithRetry = () => {
+	mongoose.connect(MONGO_URL)
+	.then(() => console.log('Successfully connected to DB'))
+	.catch((e) => {
+		console.log('Failed to connect to DB ', e);
+		setTimeout(() => {
+			console.log(e);
+		}, 5000);
+	});
 }
+
+connectWithRetry();
+
+app.enable('trust proxy');
+app.use(cookieParser());
+app.use(cors({
+	credentials: true,
+	origin: SITE_URL
+}));
+
+if (NODE_ENV === 'production') {
+	// enable app-wide rate-limiting + helmet security
+	// in production
+	app.disable('x-powered-by');
+	app.use(apiLimiter);
+	app.use(helmet());
+}
+
+app.use(express.json());
+
+// routers
+app.use('/api/v1/signup', signupRouter);
+app.use('/api/v1/auth', authRouter);
+app.use('/api/v1/user', userRouter);
+app.use('/api/v1/user-action', userActionRouter);
+app.use('/api/v1/organization', organizationRouter);
+app.use('/api/v1/workspace', workspaceRouter);
+app.use('/api/v1/membership-org', membershipOrgRouter);
+app.use('/api/v1/membership', membershipRouter);
+app.use('/api/v1/key', keyRouter);
+app.use('/api/v1/invite-org', inviteOrgRouter);
+app.use('/api/v1/secret', secretRouter);
+app.use('/api/v1/service-token', serviceTokenRouter);
+app.use('/api/v1/password', passwordRouter);
+app.use('/api/v1/stripe', stripeRouter);
+app.use('/api/v1/integration', integrationRouter);
+app.use('/api/v1/integration-auth', integrationAuthRouter);
+
+app.listen(PORT, () => {
+	console.log('Listening on PORT ' + PORT);
+});
--- a/Show More
+++ b/Show More