Merge pull request #1714 from akhilmhdh/dynamic-secret/cassandra

Dynamic secret cassandra
2026-05-02 03:02:03 -04:00 · 2024-04-22 13:59:12 -04:00
parent 5bad4adbdf ad79ee56e4
commit 04491ee1b7
21 changed files with 3046 additions and 89 deletions
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -35,6 +35,7 @@
        "axios-retry": "^4.0.0",
        "bcrypt": "^5.1.1",
        "bullmq": "^5.3.3",
+        "cassandra-driver": "^4.7.2",
        "dotenv": "^16.4.1",
        "fastify": "^4.26.0",
        "fastify-plugin": "^4.5.1",
@@ -4565,6 +4566,15 @@
        "@types/lodash": "*"
      }
    },
+    "node_modules/@types/long": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/@types/long/-/long-5.0.0.tgz",
+      "integrity": "sha512-eQs9RsucA/LNjnMoJvWG/nXa7Pot/RbBzilF/QRIU/xRl+0ApxrSUFsV5lmf01SvSlqMzJ7Zwxe440wmz2SJGA==",
+      "deprecated": "This is a stub types definition. long provides its own type definitions, so you do not need this installed.",
+      "dependencies": {
+        "long": "*"
+      }
+    },
    "node_modules/@types/mime": {
      "version": "1.3.5",
      "resolved": "https://registry.npmjs.org/@types/mime/-/mime-1.3.5.tgz",
@@ -5313,6 +5323,14 @@
        "node": ">=0.4.0"
      }
    },
+    "node_modules/adm-zip": {
+      "version": "0.5.12",
+      "resolved": "https://registry.npmjs.org/adm-zip/-/adm-zip-0.5.12.tgz",
+      "integrity": "sha512-6TVU49mK6KZb4qG6xWaaM4C7sA/sgUMLy/JYMOzkcp3BvVLpW0fXDFQiIzAuxFCt/2+xD7fNIiPFAoLZPhVNLQ==",
+      "engines": {
+        "node": ">=6.0"
+      }
+    },
    "node_modules/agent-base": {
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-6.0.2.tgz",
@@ -6190,6 +6208,20 @@
        "node": ">=6"
      }
    },
+    "node_modules/cassandra-driver": {
+      "version": "4.7.2",
+      "resolved": "https://registry.npmjs.org/cassandra-driver/-/cassandra-driver-4.7.2.tgz",
+      "integrity": "sha512-gwl1DeYvL8Wy3i1GDMzFtpUg5G473fU7EnHFZj7BUtdLB7loAfgZgB3zBhROc9fbaDSUDs6YwOPPojS5E1kbSA==",
+      "dependencies": {
+        "@types/long": "~5.0.0",
+        "@types/node": ">=8",
+        "adm-zip": "~0.5.10",
+        "long": "~5.2.3"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
    "node_modules/chai": {
      "version": "4.4.1",
      "resolved": "https://registry.npmjs.org/chai/-/chai-4.4.1.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -96,6 +96,7 @@
    "axios-retry": "^4.0.0",
    "bcrypt": "^5.1.1",
    "bullmq": "^5.3.3",
+    "cassandra-driver": "^4.7.2",
    "dotenv": "^16.4.1",
    "fastify": "^4.26.0",
    "fastify-plugin": "^4.5.1",
--- a/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/cassandra.ts
@@ -0,0 +1,125 @@
+import cassandra from "cassandra-driver";
+import handlebars from "handlebars";
+import { customAlphabet } from "nanoid";
+import { z } from "zod";
+
+import { BadRequestError } from "@app/lib/errors";
+import { alphaNumericNanoId } from "@app/lib/nanoid";
+
+import { DynamicSecretCassandraSchema, TDynamicProviderFns } from "./models";
+
+const generatePassword = (size = 48) => {
+  const charset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~!*$#";
+  return customAlphabet(charset, 48)(size);
+};
+
+const generateUsername = () => {
+  return alphaNumericNanoId(32);
+};
+
+export const CassandraProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const providerInputs = await DynamicSecretCassandraSchema.parseAsync(inputs);
+    if (providerInputs.host === "localhost" || providerInputs.host === "127.0.0.1") {
+      throw new BadRequestError({ message: "Invalid db host" });
+    }
+
+    return providerInputs;
+  };
+
+  const getClient = async (providerInputs: z.infer<typeof DynamicSecretCassandraSchema>) => {
+    const sslOptions = providerInputs.ca ? { rejectUnauthorized: false, ca: providerInputs.ca } : undefined;
+    const client = new cassandra.Client({
+      sslOptions,
+      protocolOptions: {
+        port: providerInputs.port
+      },
+      credentials: {
+        username: providerInputs.username,
+        password: providerInputs.password
+      },
+      keyspace: providerInputs.keyspace,
+      localDataCenter: providerInputs?.localDataCenter,
+      contactPoints: providerInputs.host.split(",").filter(Boolean)
+    });
+    return client;
+  };
+
+  const validateConnection = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const isConnected = await client.execute("SELECT * FROM system_schema.keyspaces").then(() => true);
+    await client.shutdown();
+    return isConnected;
+  };
+
+  const create = async (inputs: unknown, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = generateUsername();
+    const password = generatePassword();
+    const { keyspace } = providerInputs;
+    const expiration = new Date(expireAt).toISOString();
+
+    const creationStatement = handlebars.compile(providerInputs.creationStatement, { noEscape: true })({
+      username,
+      password,
+      expiration,
+      keyspace
+    });
+
+    const queries = creationStatement.toString().split(";").filter(Boolean);
+    for (const query of queries) {
+      // eslint-disable-next-line
+      await client.execute(query);
+    }
+    await client.shutdown();
+
+    return { entityId: username, data: { DB_USERNAME: username, DB_PASSWORD: password } };
+  };
+
+  const revoke = async (inputs: unknown, entityId: string) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = entityId;
+    const { keyspace } = providerInputs;
+
+    const revokeStatement = handlebars.compile(providerInputs.revocationStatement)({ username, keyspace });
+    const queries = revokeStatement.toString().split(";").filter(Boolean);
+    for (const query of queries) {
+      // eslint-disable-next-line
+      await client.execute(query);
+    }
+    await client.shutdown();
+    return { entityId: username };
+  };
+
+  const renew = async (inputs: unknown, entityId: string, expireAt: number) => {
+    const providerInputs = await validateProviderInputs(inputs);
+    const client = await getClient(providerInputs);
+
+    const username = entityId;
+    const expiration = new Date(expireAt).toISOString();
+    const { keyspace } = providerInputs;
+
+    const renewStatement = handlebars.compile(providerInputs.revocationStatement)({ username, keyspace, expiration });
+    const queries = renewStatement.toString().split(";").filter(Boolean);
+    for (const query of queries) {
+      // eslint-disable-next-line
+      await client.execute(query);
+    }
+    await client.shutdown();
+    return { entityId: username };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};
--- a/backend/src/ee/services/dynamic-secret/providers/index.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/index.ts
@@ -1,6 +1,8 @@
+import { CassandraProvider } from "./cassandra";
 import { DynamicSecretProviders } from "./models";
 import { SqlDatabaseProvider } from "./sql-database";

 export const buildDynamicSecretProviders = () => ({
-  [DynamicSecretProviders.SqlDatabase]: SqlDatabaseProvider()
+  [DynamicSecretProviders.SqlDatabase]: SqlDatabaseProvider(),
+  [DynamicSecretProviders.Cassandra]: CassandraProvider()
 });
--- a/backend/src/ee/services/dynamic-secret/providers/models.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/models.ts
@@ -19,12 +19,27 @@ export const DynamicSecretSqlDBSchema = z.object({
  ca: z.string().optional()
 });

+export const DynamicSecretCassandraSchema = z.object({
+  host: z.string().toLowerCase(),
+  port: z.number(),
+  localDataCenter: z.string().min(1),
+  keyspace: z.string().optional(),
+  username: z.string(),
+  password: z.string(),
+  creationStatement: z.string(),
+  revocationStatement: z.string(),
+  renewStatement: z.string().optional(),
+  ca: z.string().optional()
+});
+
 export enum DynamicSecretProviders {
-  SqlDatabase = "sql-database"
+  SqlDatabase = "sql-database",
+  Cassandra = "cassandra"
 }

 export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
-  z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema })
+  z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema })
 ]);

 export type TDynamicProviderFns = {
--- a/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
+++ b/backend/src/ee/services/dynamic-secret/providers/sql-database.ts
@@ -30,19 +30,24 @@ const generateUsername = (provider: SqlProviders) => {
 export const SqlDatabaseProvider = (): TDynamicProviderFns => {
  const validateProviderInputs = async (inputs: unknown) => {
    const appCfg = getConfig();
+    const isCloud = Boolean(appCfg.LICENSE_SERVER_KEY); // quick and dirty way to check if its cloud or not
    const dbHost = appCfg.DB_HOST || getDbConnectionHost(appCfg.DB_CONNECTION_URI);

    const providerInputs = await DynamicSecretSqlDBSchema.parseAsync(inputs);
    if (
+      isCloud &&
      // localhost
+      // internal ips
+      (providerInputs.host === "host.docker.internal" ||
+        providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
+        providerInputs.host.match(/^192\.168\.\d+\.\d+/))
+    )
+      throw new BadRequestError({ message: "Invalid db host" });
+    if (
      providerInputs.host === "localhost" ||
      providerInputs.host === "127.0.0.1" ||
      // database infisical uses
-      dbHost === providerInputs.host ||
-      // internal ips
-      providerInputs.host === "host.docker.internal" ||
-      providerInputs.host.match(/^10\.\d+\.\d+\.\d+/) ||
-      providerInputs.host.match(/^192\.168\.\d+\.\d+/)
+      dbHost === providerInputs.host
    )
      throw new BadRequestError({ message: "Invalid db host" });
    return providerInputs;
@@ -93,15 +98,13 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {
      database
    });

-    await db.transaction(async (tx) =>
-      Promise.all(
-        creationStatement
-          .toString()
-          .split(";")
-          .filter(Boolean)
-          .map((query) => tx.raw(query))
-      )
-    );
+    const queries = creationStatement.toString().split(";").filter(Boolean);
+    await db.transaction(async (tx) => {
+      for (const query of queries) {
+        // eslint-disable-next-line
+        await tx.raw(query);
+      }
+    });
    await db.destroy();
    return { entityId: username, data: { DB_USERNAME: username, DB_PASSWORD: password } };
  };
@@ -114,15 +117,13 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {
    const { database } = providerInputs;

    const revokeStatement = handlebars.compile(providerInputs.revocationStatement)({ username, database });
-    await db.transaction(async (tx) =>
-      Promise.all(
-        revokeStatement
-          .toString()
-          .split(";")
-          .filter(Boolean)
-          .map((query) => tx.raw(query))
-      )
-    );
+    const queries = revokeStatement.toString().split(";").filter(Boolean);
+    await db.transaction(async (tx) => {
+      for (const query of queries) {
+        // eslint-disable-next-line
+        await tx.raw(query);
+      }
+    });

    await db.destroy();
    return { entityId: username };
@@ -137,16 +138,15 @@ export const SqlDatabaseProvider = (): TDynamicProviderFns => {
    const { database } = providerInputs;

    const renewStatement = handlebars.compile(providerInputs.renewStatement)({ username, expiration, database });
-    if (renewStatement)
-      await db.transaction(async (tx) =>
-        Promise.all(
-          renewStatement
-            .toString()
-            .split(";")
-            .filter(Boolean)
-            .map((query) => tx.raw(query))
-        )
-      );
+    if (renewStatement) {
+      const queries = renewStatement.toString().split(";").filter(Boolean);
+      await db.transaction(async (tx) => {
+        for (const query of queries) {
+          // eslint-disable-next-line
+          await tx.raw(query);
+        }
+      });
+    }

    await db.destroy();
    return { entityId: username };
--- a/docs/documentation/platform/dynamic-secrets/cassandra.mdx
+++ b/docs/documentation/platform/dynamic-secrets/cassandra.mdx
@@ -0,0 +1,129 @@
+---
+title: "Cassandra"
+description: "How to dynamically generate Cassandra database users"
+---
+
+The Infisical Cassandra dynamic secret allows you to generate Cassandra database credentials on demand based on configured role.
+
+## Prerequisite
+
+Infisical requires a Cassandra user in your instance with the necessary permissions. This user will facilitate the creation of new accounts as needed. 
+Ensure the user possesses privileges for creating, dropping, and granting permissions to roles for it to be able to create dynamic secrets.
+
+<Tip>
+In your Cassandra configuration file `cassandra.yaml`, make sure you have the following settings:
+
+```yaml
+authenticator: PasswordAuthenticator
+authorizer: CassandraAuthorizer
+```
+</Tip>
+
+The above configuration allows user creation and granting permissions. 
+
+## Set up Dynamic Secrets with Cassandra
+
+<Steps>
+  <Step title="Open Secret Overview Dashboard">
+	Open the Secret Overview dashboard and select the environment in which you would like to add a dynamic secret.
+  </Step>
+  <Step title="Click on the 'Add Dynamic Secret' button">
+	![Add Dynamic Secret Button](../../../images/platform/dynamic-secrets/add-dynamic-secret-button.png)
+  </Step>
+  <Step title="Select Cassandra">
+	![Dynamic Secret Modal](../../../images/platform/dynamic-secrets/dynamic-secret-modal-cassandra.png)
+  </Step>
+  <Step title="Provide the inputs for dynamic secret parameters">
+	<ParamField path="Secret Name" type="string" required>
+		Name by which you want the secret to be referenced
+	</ParamField>
+
+	<ParamField path="Default TTL" type="string" required>
+		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+	</ParamField>
+
+	<ParamField path="Max TTL" type="string" required>
+		Maximum time-to-live for a generated secret
+	</ParamField>
+
+	<ParamField path="Host" type="string" required>
+		Cassandra Host. You can specify multiple Cassandra hosts by separating them with commas.
+  </ParamField>
+
+	<ParamField path="Port" type="number" required>
+		Cassandra port
+	</ParamField>
+
+	<ParamField path="User" type="string" required>
+		Username that will be used to create dynamic secrets
+	</ParamField>
+
+	<ParamField path="Password" type="string" required>
+		Password that will be used to create dynamic secrets
+	</ParamField>
+
+	<ParamField path="Local Data Center" type="string" required>
+	  Specify the local data center in Cassandra that you want to use. This choice should align with your Cassandra cluster setup.
+	</ParamField>
+
+	<ParamField path="Keyspace" type="string">
+		 Keyspace name where you want to create dynamic secrets. This ensures that the user is limited to that keyspace.
+	</ParamField>
+ 
+	<ParamField path="CA(SSL)" type="string">
+		A CA may be required if your cassandra requires it for incoming connections. 	
+  </ParamField>
+
+	![Dynamic Secret Setup Modal](../../../images/platform/dynamic-secrets/dynamic-secret-setup-modal-cassandra.png)
+
+  </Step>
+  <Step title="(Optional) Modify CQL Statements">
+  	If you want to provide specific privileges for the generated dynamic credentials, you can modify the CQL statement to your needs. This is useful if you want to only give access to a specific key-space(s).
+
+	![Modify CQL Statements Modal](../../../images/platform/dynamic-secrets/modify-cql-statements.png)
+  </Step>
+  <Step title="Click 'Submit'">
+  	After submitting the form, you will see a dynamic secret created in the dashboard. 
+
+	<Note>
+		If this step fails, you may have to add the CA certficate. 
+	</Note>
+
+	![Dynamic Secret](../../../images/platform/dynamic-secrets/dynamic-secret.png)
+  </Step>
+  <Step title="Generate dynamic secrets">
+	Once you've successfully configured the dynamic secret, you're ready to generate on-demand credentials. 
+	To do this, simply click on the 'Generate' button which appears when hovering over the dynamic secret item. 
+	Alternatively, you can initiate the creation of a new lease by selecting 'New Lease' from the dynamic secret lease list section.
+
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-generate.png)
+	![Dynamic Secret](/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png)
+
+	When generating these secrets, it's important to specify a Time-to-Live (TTL) duration. This will dictate how long the credentials are valid for.
+
+	![Provision Lease](/images/platform/dynamic-secrets/provision-lease.png)
+
+	<Tip>
+		Ensure that the TTL for the lease fall within the maximum TTL defined when configuring the dynamic secret in step 4.
+	</Tip>
+
+
+	Once you click the `Submit` button, a new secret lease will be generated and the credentials for it will be shown to you. 
+
+	![Provision Lease](/images/platform/dynamic-secrets/lease-values.png)
+  </Step>
+</Steps>
+
+## Audit or Revoke Leases
+Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
+This will allow you see the lease details  and delete the lease ahead of its expiration time.
+
+![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
+
+## Renew Leases
+To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** as illustrated below.
+![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
+
+<Warning>
+	Lease renewals cannot exceed the maximum TTL set when configuring the dynamic secret
+</Warning>
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-modal-cassandra.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-modal-cassandra.png
--- a/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-cassandra.png
+++ b/docs/images/platform/dynamic-secrets/dynamic-secret-setup-modal-cassandra.png
--- a/docs/images/platform/dynamic-secrets/modify-cql-statements.png
+++ b/docs/images/platform/dynamic-secrets/modify-cql-statements.png
--- a/docs/mint.json
+++ b/docs/mint.json
@@ -32,7 +32,10 @@
    "thumbsRating": true
  },
  "api": {
-    "baseUrl": ["https://app.infisical.com", "http://localhost:8080"]
+    "baseUrl": [
+      "https://app.infisical.com",
+      "http://localhost:8080"
+    ]
  },
  "topbarLinks": [
    {
@@ -142,7 +145,8 @@
            "documentation/platform/dynamic-secrets/overview",
            "documentation/platform/dynamic-secrets/postgresql",
            "documentation/platform/dynamic-secrets/mysql",
-            "documentation/platform/dynamic-secrets/oracle"
+            "documentation/platform/dynamic-secrets/oracle",
+            "documentation/platform/dynamic-secrets/cassandra"
          ]
        },
        "documentation/platform/groups"
@@ -370,11 +374,15 @@
    },
    {
      "group": "Build Tool Integrations",
-      "pages": ["integrations/build-tools/gradle"]
+      "pages": [
+        "integrations/build-tools/gradle"
+      ]
    },
    {
      "group": "",
-      "pages": ["sdks/overview"]
+      "pages": [
+        "sdks/overview"
+      ]
    },
    {
      "group": "SDK's",
@@ -392,7 +400,9 @@
        "api-reference/overview/authentication",
        {
          "group": "Examples",
-          "pages": ["api-reference/overview/examples/integration"]
+          "pages": [
+            "api-reference/overview/examples/integration"
+          ]
        }
      ]
    },
@@ -521,11 +531,15 @@
        },
        {
          "group": "Service Tokens",
-          "pages": ["api-reference/endpoints/service-tokens/get"]
+          "pages": [
+            "api-reference/endpoints/service-tokens/get"
+          ]
        },
        {
          "group": "Audit Logs",
-          "pages": ["api-reference/endpoints/audit-logs/export-audit-log"]
+          "pages": [
+            "api-reference/endpoints/audit-logs/export-audit-log"
+          ]
        }
      ]
    },
@@ -541,7 +555,9 @@
    },
    {
      "group": "",
-      "pages": ["changelog/overview"]
+      "pages": [
+        "changelog/overview"
+      ]
    },
    {
      "group": "Contributing",
@@ -565,7 +581,9 @@
        },
        {
          "group": "Contributing to SDK",
-          "pages": ["contributing/sdk/developing"]
+          "pages": [
+            "contributing/sdk/developing"
+          ]
        }
      ]
    }
--- a/frontend/src/hooks/api/dynamicSecret/types.ts
+++ b/frontend/src/hooks/api/dynamicSecret/types.ts
@@ -16,7 +16,8 @@ export type TDynamicSecret = {
 };

 export enum DynamicSecretProviders {
-  SqlDatabase = "sql-database"
+  SqlDatabase = "sql-database",
+  Cassandra = "cassandra"
 }

 export enum SqlProviders {
@@ -25,21 +26,37 @@ export enum SqlProviders {
  Oracle = "oracledb"
 }

-export type TDynamicSecretProvider = {
-  type: DynamicSecretProviders;
-  inputs: {
-    client: SqlProviders;
-    host: string;
-    port: number;
-    database: string;
-    username: string;
-    password: string;
-    creationStatement: string;
-    revocationStatement: string;
-    renewStatement?: string;
-    ca?: string | undefined;
+export type TDynamicSecretProvider =
+  | {
+    type: DynamicSecretProviders.SqlDatabase;
+    inputs: {
+      client: SqlProviders;
+      host: string;
+      port: number;
+      database: string;
+      username: string;
+      password: string;
+      creationStatement: string;
+      revocationStatement: string;
+      renewStatement?: string;
+      ca?: string | undefined;
+    };
+  }
+  | {
+    type: DynamicSecretProviders.Cassandra;
+    inputs: {
+      host: string;
+      port: number;
+      keyspace?: string;
+      localDataCenter: string;
+      username: string;
+      password: string;
+      creationStatement: string;
+      revocationStatement: string;
+      renewStatement?: string;
+      ca?: string | undefined;
+    };
  };
-};

 export type TCreateDynamicSecretDTO = {
  projectSlug: string;
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CassandraInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CassandraInputForm.tsx
@@ -0,0 +1,363 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useCreateDynamicSecret } from "@app/hooks/api";
+import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  provider: z.object({
+    host: z.string().toLowerCase().min(1),
+    port: z.coerce.number(),
+    keyspace: z.string().optional(),
+    localDataCenter: z.string().min(1),
+    username: z.string().min(1),
+    password: z.string().min(1),
+    creationStatement: z.string().min(1),
+    revocationStatement: z.string().min(1),
+    renewStatement: z.string().optional(),
+    ca: z.string().optional()
+  }),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    }),
+  name: z.string().refine((val) => val.toLowerCase() === val, "Must be lowercase")
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onCompleted: () => void;
+  onCancel: () => void;
+  secretPath: string;
+  projectSlug: string;
+  environment: string;
+};
+
+const getSqlStatements = () => {
+  return {
+    creationStatement:
+      "CREATE ROLE '{{username}}' WITH PASSWORD = '{{password}}' AND LOGIN=true;\nGRANT ALL PERMISSIONS ON ALL KEYSPACES TO '{{username}}';",
+    renewStatement: "",
+    revocationStatement: 'DROP ROLE "{{username}}";'
+  };
+};
+
+export const CassandraInputForm = ({
+  onCompleted,
+  onCancel,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    defaultValues: {
+      provider: getSqlStatements()
+    }
+  });
+
+  const createDynamicSecret = useCreateDynamicSecret();
+
+  const handleCreateDynamicSecret = async ({ name, maxTTL, provider, defaultTTL }: TForm) => {
+    // wait till previous request is finished
+    if (createDynamicSecret.isLoading) return;
+    try {
+      await createDynamicSecret.mutateAsync({
+        provider: { type: DynamicSecretProviders.Cassandra, inputs: provider },
+        maxTTL,
+        name,
+        path: secretPath,
+        defaultTTL,
+        projectSlug,
+        environmentSlug: environment
+      });
+      onCompleted();
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to create dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
+        <div>
+          <div className="flex items-center space-x-2">
+            <div className="flex-grow">
+              <Controller
+                control={control}
+                defaultValue=""
+                name="name"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Secret Name"
+                    isError={Boolean(error)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} placeholder="dynamic-postgres" />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="defaultTTL"
+                defaultValue="1h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Default TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div className="w-32">
+              <Controller
+                control={control}
+                name="maxTTL"
+                defaultValue="24h"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label={<TtlFormLabel label="Max TTL" />}
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+          </div>
+          <div>
+            <div className="mb-4 mt-4 border-b border-mineshaft-500 pb-2 pl-1 font-medium text-mineshaft-200">
+              Configuration
+            </div>
+            <div className="flex flex-col">
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.host"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Host"
+                      className="flex-grow"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} placeholder="host1,host2" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.port"
+                  defaultValue={9042}
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Port"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="number" />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <Controller
+                control={control}
+                name="provider.localDataCenter"
+                defaultValue="datacenter1"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Local Data Center"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+              <div className="flex items-center space-x-2">
+                <Controller
+                  control={control}
+                  name="provider.username"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="User"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} autoComplete="off" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.password"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Password"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <Input {...field} type="password" autoComplete="new-password" />
+                    </FormControl>
+                  )}
+                />
+                <Controller
+                  control={control}
+                  name="provider.keyspace"
+                  defaultValue=""
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      label="Keyspace"
+                      isError={Boolean(error?.message)}
+                      isOptional
+                      errorText={error?.message}
+                    >
+                      <Input {...field} />
+                    </FormControl>
+                  )}
+                />
+              </div>
+              <div>
+                <Controller
+                  control={control}
+                  name="provider.ca"
+                  render={({ field, fieldState: { error } }) => (
+                    <FormControl
+                      isOptional
+                      label="CA(SSL)"
+                      isError={Boolean(error?.message)}
+                      errorText={error?.message}
+                    >
+                      <SecretInput
+                        {...field}
+                        containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                      />
+                    </FormControl>
+                  )}
+                />
+                <Accordion type="single" collapsible className="mb-2 w-full bg-mineshaft-700">
+                  <AccordionItem value="advance-statements">
+                    <AccordionTrigger>Modify CQL Statements</AccordionTrigger>
+                    <AccordionContent>
+                      <Controller
+                        control={control}
+                        name="provider.creationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Creation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="variables: keyspace. username, password and expiration are dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.revocationStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Revocation Statement"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                            helperText="variables: keyspace, username is dynamically provisioned"
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                      <Controller
+                        control={control}
+                        name="provider.renewStatement"
+                        render={({ field, fieldState: { error } }) => (
+                          <FormControl
+                            label="Renew Statement"
+                            helperText="variables: keyspace, username and expiration are dynamically provisioned"
+                            isError={Boolean(error?.message)}
+                            errorText={error?.message}
+                          >
+                            <TextArea
+                              {...field}
+                              reSize="none"
+                              rows={3}
+                              className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                            />
+                          </FormControl>
+                        )}
+                      />
+                    </AccordionContent>
+                  </AccordionItem>
+                </Accordion>
+              </div>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Submit
+          </Button>
+          <Button variant="outline_bg" onClick={onCancel}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx
@@ -6,6 +6,7 @@ import { AnimatePresence, motion } from "framer-motion";
 import { Modal, ModalContent } from "@app/components/v2";
 import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";

+import { CassandraInputForm } from "./CassandraInputForm";
 import { SqlDatabaseInputForm } from "./SqlDatabaseInputForm";

 type Props = {
@@ -21,6 +22,19 @@ enum WizardSteps {
  ProviderInputs = "provider-inputs"
 }

+const DYNAMIC_SECRET_LIST = [
+  {
+    icon: faDatabase,
+    provider: DynamicSecretProviders.SqlDatabase,
+    title: "SQL\nDatabase"
+  },
+  {
+    icon: faDatabase,
+    provider: DynamicSecretProviders.Cassandra,
+    title: "Cassandra"
+  }
+];
+
 export const CreateDynamicSecretForm = ({
  isOpen,
  onToggle,
@@ -55,35 +69,34 @@ export const CreateDynamicSecretForm = ({
            >
              <div className="mb-4 text-mineshaft-300">Select a service to connect to:</div>
              <div className="flex items-center space-x-4">
-                <div
-                  className="flex h-32 w-32 cursor-pointer flex-col items-center space-y-4 rounded border border-mineshaft-500 bg-bunker-600 p-6 transition-all hover:border-primary/70 hover:bg-primary/10 hover:text-white"
-                  role="button"
-                  tabIndex={0}
-                  onClick={() => {
-                    setSelectedProvider(DynamicSecretProviders.SqlDatabase);
-                    setWizardStep(WizardSteps.ProviderInputs);
-                  }}
-                  onKeyDown={(evt) => {
-                    if (evt.key === "Enter") {
-                      setSelectedProvider(DynamicSecretProviders.SqlDatabase);
+                {DYNAMIC_SECRET_LIST.map(({ icon, provider, title }) => (
+                  <div
+                    key={`dynamic-secret-provider-${provider}`}
+                    className="flex h-32 w-32 cursor-pointer flex-col items-center space-y-4 rounded border border-mineshaft-500 bg-bunker-600 p-6 transition-all hover:border-primary/70 hover:bg-primary/10 hover:text-white"
+                    role="button"
+                    tabIndex={0}
+                    onClick={() => {
+                      setSelectedProvider(provider);
                      setWizardStep(WizardSteps.ProviderInputs);
-                    }
-                  }}
-                >
-                  <FontAwesomeIcon icon={faDatabase} size="lg" />
-                  <div className="text-center text-sm">
-                    SQL
-                    <br />
-                    Database
+                    }}
+                    onKeyDown={(evt) => {
+                      if (evt.key === "Enter") {
+                        setSelectedProvider(provider);
+                        setWizardStep(WizardSteps.ProviderInputs);
+                      }
+                    }}
+                  >
+                    <FontAwesomeIcon icon={icon} size="lg" />
+                    <div className="whitespace-pre-wrap text-center text-sm">{title}</div>
                  </div>
-                </div>
+                ))}
              </div>
            </motion.div>
          )}
          {wizardStep === WizardSteps.ProviderInputs &&
            selectedProvider === DynamicSecretProviders.SqlDatabase && (
              <motion.div
-                key="select-input-step"
+                key="dynamic-sql-step"
                transition={{ duration: 0.1 }}
                initial={{ opacity: 0, translateX: 30 }}
                animate={{ opacity: 1, translateX: 0 }}
@@ -98,6 +111,24 @@ export const CreateDynamicSecretForm = ({
                />
              </motion.div>
            )}
+          {wizardStep === WizardSteps.ProviderInputs &&
+            selectedProvider === DynamicSecretProviders.Cassandra && (
+              <motion.div
+                key="dynamic-cassandra-step"
+                transition={{ duration: 0.1 }}
+                initial={{ opacity: 0, translateX: 30 }}
+                animate={{ opacity: 1, translateX: 0 }}
+                exit={{ opacity: 0, translateX: -30 }}
+              >
+                <CassandraInputForm
+                  onCompleted={handleFormReset}
+                  onCancel={handleFormReset}
+                  projectSlug={projectSlug}
+                  secretPath={secretPath}
+                  environment={environment}
+                />
+              </motion.div>
+            )}
        </AnimatePresence>
      </ModalContent>
    </Modal>
--- a/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/SqlDatabaseInputForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/ActionBar/CreateDynamicSecretForm/SqlDatabaseInputForm.tsx
@@ -141,7 +141,7 @@ export const SqlDatabaseInputForm = ({

  return (
    <div>
-      <form onSubmit={handleSubmit(handleCreateDynamicSecret)}>
+      <form onSubmit={handleSubmit(handleCreateDynamicSecret)} autoComplete="off">
        <div>
          <div className="flex items-center space-x-2">
            <div className="flex-grow">
@@ -265,7 +265,7 @@ export const SqlDatabaseInputForm = ({
                      isError={Boolean(error?.message)}
                      errorText={error?.message}
                    >
-                      <Input {...field} />
+                      <Input {...field} autoComplete="off" />
                    </FormControl>
                  )}
                />
@@ -278,7 +278,7 @@ export const SqlDatabaseInputForm = ({
                      isError={Boolean(error?.message)}
                      errorText={error?.message}
                    >
-                      <Input {...field} type="password" />
+                      <Input {...field} type="password" autoComplete="new-password" />
                    </FormControl>
                  )}
                />
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx
@@ -55,7 +55,10 @@ const OutputDisplay = ({

 const renderOutputForm = (provider: DynamicSecretProviders, data: unknown) => {
  const { DB_PASSWORD, DB_USERNAME } = data as { DB_USERNAME: string; DB_PASSWORD: string };
-  if (provider === DynamicSecretProviders.SqlDatabase) {
+  if (
+    provider === DynamicSecretProviders.SqlDatabase ||
+    provider === DynamicSecretProviders.Cassandra
+  ) {
    return (
      <div>
        <OutputDisplay label="Database User" value={DB_USERNAME} />
@@ -102,7 +105,6 @@ export const CreateDynamicSecretLease = ({
      ttl: "1h"
    }
  });
-  

  const createDynamicSecretLease = useCreateDynamicSecretLease();

--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretCassandraForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretCassandraForm.tsx
@@ -0,0 +1,374 @@
+import { Controller, useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import ms from "ms";
+import { z } from "zod";
+
+import { TtlFormLabel } from "@app/components/features";
+import { createNotification } from "@app/components/notifications";
+import {
+  Accordion,
+  AccordionContent,
+  AccordionItem,
+  AccordionTrigger,
+  Button,
+  FormControl,
+  Input,
+  SecretInput,
+  TextArea
+} from "@app/components/v2";
+import { useUpdateDynamicSecret } from "@app/hooks/api";
+import { TDynamicSecret } from "@app/hooks/api/dynamicSecret/types";
+
+const formSchema = z.object({
+  inputs: z
+    .object({
+      host: z.string().toLowerCase().min(1),
+      port: z.coerce.number(),
+      keyspace: z.string().optional(),
+      localDataCenter: z.string().min(1),
+      username: z.string().min(1),
+      password: z.string().min(1),
+      creationStatement: z.string().min(1),
+      revocationStatement: z.string().min(1),
+      renewStatement: z.string().optional(),
+      ca: z.string().optional()
+    })
+    .partial(),
+  defaultTTL: z.string().superRefine((val, ctx) => {
+    const valMs = ms(val);
+    if (valMs < 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+    // a day
+    if (valMs > 24 * 60 * 60 * 1000)
+      ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+  }),
+  maxTTL: z
+    .string()
+    .optional()
+    .superRefine((val, ctx) => {
+      if (!val) return;
+      const valMs = ms(val);
+      if (valMs < 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be a greater than 1min" });
+      // a day
+      if (valMs > 24 * 60 * 60 * 1000)
+        ctx.addIssue({ code: z.ZodIssueCode.custom, message: "TTL must be less than a day" });
+    })
+    .nullable(),
+  newName: z
+    .string()
+    .refine((val) => val.toLowerCase() === val, "Must be lowercase")
+    .optional()
+});
+type TForm = z.infer<typeof formSchema>;
+
+type Props = {
+  onClose: () => void;
+  dynamicSecret: TDynamicSecret & { inputs: unknown };
+  secretPath: string;
+  environment: string;
+  projectSlug: string;
+};
+
+export const EditDynamicSecretCassandraForm = ({
+  onClose,
+  dynamicSecret,
+  environment,
+  secretPath,
+  projectSlug
+}: Props) => {
+  const {
+    control,
+    formState: { isSubmitting },
+    handleSubmit
+  } = useForm<TForm>({
+    resolver: zodResolver(formSchema),
+    values: {
+      defaultTTL: dynamicSecret.defaultTTL,
+      maxTTL: dynamicSecret.maxTTL,
+      newName: dynamicSecret.name,
+      inputs: {
+        ...(dynamicSecret.inputs as TForm["inputs"])
+      }
+    }
+  });
+
+  const updateDynamicSecret = useUpdateDynamicSecret();
+
+  const handleUpdateDynamicSecret = async ({ inputs, maxTTL, defaultTTL, newName }: TForm) => {
+    // wait till previous request is finished
+    if (updateDynamicSecret.isLoading) return;
+    try {
+      await updateDynamicSecret.mutateAsync({
+        name: dynamicSecret.name,
+        path: secretPath,
+        projectSlug,
+        environmentSlug: environment,
+        data: {
+          maxTTL: maxTTL || undefined,
+          defaultTTL,
+          inputs,
+          newName: newName === dynamicSecret.name ? undefined : newName
+        }
+      });
+      onClose();
+      createNotification({
+        type: "success",
+        text: "Successfully updated dynamic secret"
+      });
+    } catch (err) {
+      createNotification({
+        type: "error",
+        text: "Failed to update dynamic secret"
+      });
+    }
+  };
+
+  return (
+    <div>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
+        <div className="flex items-center space-x-2">
+          <div className="flex-grow">
+            <Controller
+              control={control}
+              name="newName"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Secret Name"
+                  isError={Boolean(error)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} placeholder="DYN-1" />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="defaultTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Default TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+          </div>
+          <div className="w-32">
+            <Controller
+              control={control}
+              name="maxTTL"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label={<TtlFormLabel label="Max TTL" />}
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} value={field.value || ""} />
+                </FormControl>
+              )}
+            />
+          </div>
+        </div>
+        <div>
+          <div className="mb-4 border-b border-b-mineshaft-600 pb-2">Configuration</div>
+          <div className="flex flex-col">
+            <div className="flex items-center space-x-2">
+              <Controller
+                control={control}
+                name="inputs.host"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Host"
+                    className="flex-grow"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                name="inputs.port"
+                defaultValue={9042}
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Port"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input
+                      {...field}
+                      type="number"
+                      onChange={(el) => field.onChange(parseInt(el.target.value, 10))}
+                    />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <Controller
+              control={control}
+              name="inputs.localDataCenter"
+              defaultValue="datacenter1"
+              render={({ field, fieldState: { error } }) => (
+                <FormControl
+                  label="Local Data Center"
+                  isError={Boolean(error?.message)}
+                  errorText={error?.message}
+                >
+                  <Input {...field} />
+                </FormControl>
+              )}
+            />
+            <div className="flex items-center space-x-2">
+              <Controller
+                control={control}
+                name="inputs.username"
+                defaultValue=""
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="User"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} autoComplete="off" />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                name="inputs.password"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Password"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} type="password" autoComplete="new-password" />
+                  </FormControl>
+                )}
+              />
+              <Controller
+                control={control}
+                name="inputs.keyspace"
+                defaultValue="default"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    label="Keyspace"
+                    isOptional
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <Input {...field} />
+                  </FormControl>
+                )}
+              />
+            </div>
+            <div>
+              <Controller
+                control={control}
+                name="inputs.ca"
+                render={({ field, fieldState: { error } }) => (
+                  <FormControl
+                    isOptional
+                    label="CA(SSL)"
+                    isError={Boolean(error?.message)}
+                    errorText={error?.message}
+                  >
+                    <SecretInput
+                      {...field}
+                      containerClassName="text-bunker-300 hover:border-primary-400/50 border border-mineshaft-600 bg-mineshaft-900 px-2 py-1.5"
+                    />
+                  </FormControl>
+                )}
+              />
+              <Accordion type="multiple" className="w-full bg-mineshaft-700">
+                <AccordionItem value="modify-sql-statement">
+                  <AccordionTrigger>Modify CQL Statements</AccordionTrigger>
+                  <AccordionContent>
+                    <Controller
+                      control={control}
+                      name="inputs.creationStatement"
+                      defaultValue={
+                        "CREATE ROLE '{{username}}' WITH PASSWORD '{{password}}' AND LOGIN=true;\nGRANT ALL PERMISSIONS ON ALL KEYSPACES TO '{{username}}';"
+                      }
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          label="Creation Statement"
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          helperText="variables: keyspace. username, password and expiration are dynamically provisioned"
+                        >
+                          <TextArea
+                            {...field}
+                            reSize="none"
+                            rows={3}
+                            className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                    <Controller
+                      control={control}
+                      name="inputs.revocationStatement"
+                      defaultValue='DROP ROLE "{{username}}";'
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          label="Revocation Statement"
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                          helperText="variables: keyspace, username is dynamically provisioned"
+                        >
+                          <TextArea
+                            {...field}
+                            reSize="none"
+                            rows={3}
+                            className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                    <Controller
+                      control={control}
+                      name="inputs.renewStatement"
+                      defaultValue=""
+                      render={({ field, fieldState: { error } }) => (
+                        <FormControl
+                          label="Renew Statement"
+                          helperText="variables: keyspace, username and expiration are dynamically provisioned"
+                          isError={Boolean(error?.message)}
+                          errorText={error?.message}
+                        >
+                          <TextArea
+                            {...field}
+                            reSize="none"
+                            rows={3}
+                            className="border-mineshaft-600 bg-mineshaft-900 text-sm"
+                          />
+                        </FormControl>
+                      )}
+                    />
+                  </AccordionContent>
+                </AccordionItem>
+              </Accordion>
+            </div>
+          </div>
+        </div>
+        <div className="mt-4 flex items-center space-x-4">
+          <Button type="submit" isLoading={isSubmitting}>
+            Save
+          </Button>
+          <Button variant="outline_bg" onClick={onClose}>
+            Cancel
+          </Button>
+        </div>
+      </form>
+    </div>
+  );
+};
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx
@@ -4,6 +4,7 @@ import { Spinner } from "@app/components/v2";
 import { useGetDynamicSecretDetails } from "@app/hooks/api";
 import { DynamicSecretProviders } from "@app/hooks/api/dynamicSecret/types";

+import { EditDynamicSecretCassandraForm } from "./EditDynamicSecretCassandraForm";
 import { EditDynamicSecretSqlProviderForm } from "./EditDynamicSecretSqlProviderForm";

 type Props = {
@@ -56,6 +57,23 @@ export const EditDynamicSecretForm = ({
          />
        </motion.div>
      )}
+      {dynamicSecretDetails?.type === DynamicSecretProviders.Cassandra && (
+        <motion.div
+          key="cassandra-provider-edit"
+          transition={{ duration: 0.1 }}
+          initial={{ opacity: 0, translateX: 30 }}
+          animate={{ opacity: 1, translateX: 0 }}
+          exit={{ opacity: 0, translateX: -30 }}
+        >
+          <EditDynamicSecretCassandraForm
+            onClose={onClose}
+            projectSlug={projectSlug}
+            secretPath={secretPath}
+            dynamicSecret={dynamicSecretDetails}
+            environment={environment}
+          />
+        </motion.div>
+      )}
    </AnimatePresence>
  );
 };
--- a/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretSqlProviderForm.tsx
+++ b/frontend/src/views/SecretMainPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretSqlProviderForm.tsx
@@ -128,7 +128,7 @@ export const EditDynamicSecretSqlProviderForm = ({

  return (
    <div>
-      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)}>
+      <form onSubmit={handleSubmit(handleUpdateDynamicSecret)} autoComplete="off">
        <div className="flex items-center space-x-2">
          <div className="flex-grow">
            <Controller
@@ -244,7 +244,7 @@ export const EditDynamicSecretSqlProviderForm = ({
                    isError={Boolean(error?.message)}
                    errorText={error?.message}
                  >
-                    <Input {...field} />
+                    <Input {...field} autoComplete="off" />
                  </FormControl>
                )}
              />
@@ -257,7 +257,7 @@ export const EditDynamicSecretSqlProviderForm = ({
                    isError={Boolean(error?.message)}
                    errorText={error?.message}
                  >
-                    <Input {...field} type="password" />
+                    <Input {...field} type="password" autoComplete="new-password" />
                  </FormControl>
                )}
              />
--- a/sink/cassandra.yaml
+++ b/sink/cassandra.yaml
--- a/sink/docker-compose.cassandra.yml
+++ b/sink/docker-compose.cassandra.yml
@@ -0,0 +1,10 @@
+version: '3'
+
+services:
+  cassandra:
+    image: cassandra
+    volumes:
+      - ./cassandra.yaml:/etc/cassandra/cassandra.yaml
+    ports:
+      - "9042:9042"
+