From 30ccfbfc8e8a269c437c80e50366ea21468503bb Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Wed, 5 Mar 2025 17:20:57 -0300
Subject: [PATCH 01/11] Add actor to secret version history

---
 ...1152_add-actor-id-to-secret-versions-v2.ts |  52 +++++
 backend/src/db/schemas/secret-versions-v2.ts  |   5 +-
 .../secret-approval-request-service.ts        |  12 +-
 .../secret-replication-service.ts             |   8 +
 .../secret-snapshot-service.ts                |  15 +-
 backend/src/server/routes/index.ts            |   4 +-
 backend/src/server/routes/sanitizedSchemas.ts |  10 +-
 .../external-migration-fns.ts                 |   4 +
 .../secret-v2-bridge/secret-v2-bridge-fns.ts  |  25 ++-
 .../secret-v2-bridge-service.ts               |  70 +++++-
 .../secret-v2-bridge-types.ts                 |   8 +
 backend/src/services/secret/secret-service.ts |  34 ++-
 backend/src/services/secret/secret-types.ts   |   8 +
 frontend/src/hooks/api/secrets/types.ts       |   5 +
 .../SecretListView/SecretDetailSidebar.tsx    | 204 +++++++++++-------
 15 files changed, 376 insertions(+), 88 deletions(-)
 create mode 100644 backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts

diff --git a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
new file mode 100644
index 0000000000..e4340a436b
--- /dev/null
+++ b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
@@ -0,0 +1,52 @@
+import { Knex } from "knex";
+
+import { TableName } from "@app/db/schemas";
+
+export async function up(knex: Knex): Promise<void> {
+  const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
+  const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
+  const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
+
+  if (!hasSecretVersionV2UserActorId) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.uuid("userActorId");
+      t.foreign("userActorId").references("id").inTable(TableName.Users);
+    });
+  }
+
+  if (!hasSecretVersionV2IdentityActorId) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.uuid("identityActorId");
+      t.foreign("identityActorId").references("id").inTable(TableName.Identity);
+    });
+  }
+  if (!hasSecretVersionV2ActorType) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.string("actorType");
+    });
+  }
+}
+
+export async function down(knex: Knex): Promise<void> {
+  const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
+  const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
+  const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
+
+  if (hasSecretVersionV2UserActorId) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.dropColumn("userActorId");
+    });
+  }
+
+  if (!hasSecretVersionV2IdentityActorId) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.dropColumn("identityActorId");
+    });
+  }
+
+  if (!hasSecretVersionV2ActorType) {
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
+      t.dropColumn("actorType");
+    });
+  }
+}
diff --git a/backend/src/db/schemas/secret-versions-v2.ts b/backend/src/db/schemas/secret-versions-v2.ts
index 160ed1c144..593a46b068 100644
--- a/backend/src/db/schemas/secret-versions-v2.ts
+++ b/backend/src/db/schemas/secret-versions-v2.ts
@@ -25,7 +25,10 @@ export const SecretVersionsV2Schema = z.object({
   folderId: z.string().uuid(),
   userId: z.string().uuid().nullable().optional(),
   createdAt: z.date(),
-  updatedAt: z.date()
+  updatedAt: z.date(),
+  userActorId: z.string().uuid().nullable().optional(),
+  identityActorId: z.string().uuid().nullable().optional(),
+  actorType: z.string().nullable().optional()
 });
 
 export type TSecretVersionsV2 = z.infer<typeof SecretVersionsV2Schema>;
diff --git a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
index 17eecf5088..7f8d266c9c 100644
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
@@ -757,7 +757,11 @@ export const secretApprovalRequestServiceFactory = ({
               secretDAL,
               secretVersionDAL,
               secretTagDAL,
-              secretVersionTagDAL
+              secretVersionTagDAL,
+              actor: {
+                type: actor,
+                actorId
+              }
             })
           : [];
         const updatedSecrets = secretUpdationCommits.length
@@ -803,7 +807,11 @@ export const secretApprovalRequestServiceFactory = ({
               secretDAL,
               secretVersionDAL,
               secretTagDAL,
-              secretVersionTagDAL
+              secretVersionTagDAL,
+              actor: {
+                type: actor,
+                actorId
+              }
             })
           : [];
         const deletedSecret = secretDeletionCommits.length
diff --git a/backend/src/ee/services/secret-replication/secret-replication-service.ts b/backend/src/ee/services/secret-replication/secret-replication-service.ts
index 3c25db98c4..c9b0a35328 100644
--- a/backend/src/ee/services/secret-replication/secret-replication-service.ts
+++ b/backend/src/ee/services/secret-replication/secret-replication-service.ts
@@ -710,6 +710,10 @@ export const secretReplicationServiceFactory = ({
                   tx,
                   secretTagDAL,
                   secretVersionTagDAL,
+                  actor: {
+                    type: actor,
+                    actorId
+                  },
                   inputSecrets: locallyCreatedSecrets.map((doc) => {
                     return {
                       keyEncoding: doc.keyEncoding,
@@ -741,6 +745,10 @@ export const secretReplicationServiceFactory = ({
                   tx,
                   secretTagDAL,
                   secretVersionTagDAL,
+                  actor: {
+                    type: actor,
+                    actorId
+                  },
                   inputSecrets: locallyUpdatedSecrets.map((doc) => {
                     return {
                       filter: {
diff --git a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
index 1c34f6b3d4..06ad0cba53 100644
--- a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
+++ b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
@@ -370,7 +370,20 @@ export const secretSnapshotServiceFactory = ({
         const secrets = await secretV2BridgeDAL.insertMany(
           rollbackSnaps.flatMap(({ secretVersions, folderId }) =>
             secretVersions.map(
-              ({ latestSecretVersion, version, updatedAt, createdAt, secretId, envId, id, tags, ...el }) => ({
+              ({
+                latestSecretVersion,
+                version,
+                updatedAt,
+                createdAt,
+                secretId,
+                envId,
+                id,
+                tags,
+                userActorId,
+                identityActorId,
+                actorType,
+                ...el
+              }) => ({
                 ...el,
                 id: secretId,
                 version: deletedTopLevelSecsGroupById[secretId] ? latestSecretVersion + 1 : latestSecretVersion,
diff --git a/backend/src/server/routes/index.ts b/backend/src/server/routes/index.ts
index efc1cb8655..f4b1bcc357 100644
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -1039,7 +1039,9 @@ export const registerRoutes = async (
     secretApprovalRequestSecretDAL,
     kmsService,
     snapshotService,
-    resourceMetadataDAL
+    resourceMetadataDAL,
+    userDAL,
+    identityDAL
   });
 
   const secretApprovalRequestService = secretApprovalRequestServiceFactory({
diff --git a/backend/src/server/routes/sanitizedSchemas.ts b/backend/src/server/routes/sanitizedSchemas.ts
index 4d645ac4be..16a7396cd3 100644
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@@ -111,7 +111,15 @@ export const secretRawSchema = z.object({
   secretReminderRepeatDays: z.number().nullable().optional(),
   skipMultilineEncoding: z.boolean().default(false).nullable().optional(),
   createdAt: z.date(),
-  updatedAt: z.date()
+  updatedAt: z.date(),
+  actor: z
+    .object({
+      actorId: z.string().nullable(),
+      actorType: z.string().nullable(),
+      name: z.string().nullable().optional()
+    })
+    .optional()
+    .nullable()
 });
 
 export const ProjectPermissionSchema = z.object({
diff --git a/backend/src/services/external-migration/external-migration-fns.ts b/backend/src/services/external-migration/external-migration-fns.ts
index 7446787923..f4a54f0db9 100644
--- a/backend/src/services/external-migration/external-migration-fns.ts
+++ b/backend/src/services/external-migration/external-migration-fns.ts
@@ -772,6 +772,10 @@ export const importDataIntoInfisicalFn = async ({
             secretVersionDAL,
             secretTagDAL,
             secretVersionTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             tx
           });
         }
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
index cc40b0f268..046b23deca 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
@@ -10,6 +10,7 @@ import { ResourceMetadataDTO } from "../resource-metadata/resource-metadata-sche
 import { TSecretFolderDALFactory } from "../secret-folder/secret-folder-dal";
 import { TSecretV2BridgeDALFactory } from "./secret-v2-bridge-dal";
 import { TFnSecretBulkDelete, TFnSecretBulkInsert, TFnSecretBulkUpdate } from "./secret-v2-bridge-types";
+import { ActorType } from "../auth/auth-type";
 
 const INTERPOLATION_SYNTAX_REG = /\${([a-zA-Z0-9-_.]+)}/g;
 // akhilmhdh: JS regex with global save state in .test
@@ -62,6 +63,7 @@ export const fnSecretBulkInsert = async ({
   resourceMetadataDAL,
   secretTagDAL,
   secretVersionTagDAL,
+  actor,
   tx
 }: TFnSecretBulkInsert) => {
   const sanitizedInputSecrets = inputSecrets.map(
@@ -90,6 +92,9 @@ export const fnSecretBulkInsert = async ({
     })
   );
 
+  const userActorId = actor && actor.type === ActorType.USER ? actor.actorId : undefined;
+  const identityActorId = actor && actor.type !== ActorType.USER ? actor.actorId : undefined;
+
   const newSecrets = await secretDAL.insertMany(
     sanitizedInputSecrets.map((el) => ({ ...el, folderId })),
     tx
@@ -106,6 +111,9 @@ export const fnSecretBulkInsert = async ({
     sanitizedInputSecrets.map((el) => ({
       ...el,
       folderId,
+      userActorId,
+      identityActorId,
+      actorType: actor?.type,
       secretId: newSecretGroupedByKeyName[el.key][0].id
     })),
     tx
@@ -157,8 +165,12 @@ export const fnSecretBulkUpdate = async ({
   secretVersionDAL,
   secretTagDAL,
   secretVersionTagDAL,
-  resourceMetadataDAL
+  resourceMetadataDAL,
+  actor
 }: TFnSecretBulkUpdate) => {
+  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
+  const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
+
   const sanitizedInputSecrets = inputSecrets.map(
     ({
       filter,
@@ -216,7 +228,10 @@ export const fnSecretBulkUpdate = async ({
         encryptedValue,
         reminderRepeatDays,
         folderId,
-        secretId
+        secretId,
+        userActorId,
+        identityActorId,
+        actorType: actor?.type
       })
     ),
     tx
@@ -616,6 +631,11 @@ export const reshapeBridgeSecret = (
   secret: Omit<TSecretsV2, "encryptedValue" | "encryptedComment"> & {
     value: string;
     comment: string;
+    actor?: {
+      actorType?: string;
+      actorId?: string;
+      name?: string;
+    };
     tags?: {
       id: string;
       slug: string;
@@ -636,6 +656,7 @@ export const reshapeBridgeSecret = (
   _id: secret.id,
   id: secret.id,
   user: secret.userId,
+  actor: secret.actor,
   tags: secret.tags,
   skipMultilineEncoding: secret.skipMultilineEncoding,
   secretReminderRepeatDays: secret.reminderRepeatDays,
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
index 0ffb0ea4cd..dd0b2d9ece 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
@@ -62,6 +62,8 @@ import {
 } from "./secret-v2-bridge-types";
 import { TSecretVersionV2DALFactory } from "./secret-version-dal";
 import { TSecretVersionV2TagDALFactory } from "./secret-version-tag-dal";
+import { TUserDALFactory } from "../user/user-dal";
+import { TIdentityDALFactory } from "../identity/identity-dal";
 
 type TSecretV2BridgeServiceFactoryDep = {
   secretDAL: TSecretV2BridgeDALFactory;
@@ -85,6 +87,8 @@ type TSecretV2BridgeServiceFactoryDep = {
   >;
   snapshotService: Pick<TSecretSnapshotServiceFactory, "performSnapshot">;
   resourceMetadataDAL: Pick<TResourceMetadataDALFactory, "insertMany" | "delete">;
+  userDAL: Pick<TUserDALFactory, "find">;
+  identityDAL: Pick<TIdentityDALFactory, "find">;
 };
 
 export type TSecretV2BridgeServiceFactory = ReturnType<typeof secretV2BridgeServiceFactory>;
@@ -107,7 +111,9 @@ export const secretV2BridgeServiceFactory = ({
   secretApprovalRequestDAL,
   secretApprovalRequestSecretDAL,
   kmsService,
-  resourceMetadataDAL
+  resourceMetadataDAL,
+  userDAL,
+  identityDAL
 }: TSecretV2BridgeServiceFactoryDep) => {
   const $validateSecretReferences = async (
     projectId: string,
@@ -301,6 +307,10 @@ export const secretV2BridgeServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -483,6 +493,10 @@ export const secretV2BridgeServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -1230,6 +1244,10 @@ export const secretV2BridgeServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -1490,6 +1508,10 @@ export const secretV2BridgeServiceFactory = ({
           secretVersionDAL,
           secretTagDAL,
           secretVersionTagDAL,
+          actor: {
+            type: actor,
+            actorId
+          },
           resourceMetadataDAL
         });
         updatedSecrets.push(...bulkUpdatedSecrets.map((el) => ({ ...el, secretPath: folder.path })));
@@ -1522,6 +1544,10 @@ export const secretV2BridgeServiceFactory = ({
             secretVersionDAL,
             secretTagDAL,
             secretVersionTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             tx
           });
           updatedSecrets.push(...bulkInsertedSecrets.map((el) => ({ ...el, secretPath: folder.path })));
@@ -1690,13 +1716,39 @@ export const secretV2BridgeServiceFactory = ({
       projectId: folder.projectId
     });
     const secretVersions = await secretVersionDAL.find({ secretId }, { offset, limit, sort: [["createdAt", "desc"]] });
-    return secretVersions.map((el) =>
-      reshapeBridgeSecret(folder.projectId, folder.environment.envSlug, "/", {
+
+    const userIds = Array.from(
+      new Set(secretVersions.map((version) => version.userActorId).filter(Boolean))
+    ) as string[];
+
+    const users = userIds.length > 0 ? await userDAL.find({ $in: { id: userIds } }) : [];
+    const usersById = groupBy(users, (user) => user.id);
+
+    const identitiesIds = Array.from(
+      new Set(secretVersions.map((version) => version.identityActorId).filter(Boolean))
+    ) as string[];
+    const identities = identitiesIds.length > 0 ? await identityDAL.find({ $in: { id: identitiesIds } }) : [];
+    const identitiesById = groupBy(identities, (identity) => identity.id);
+
+    return secretVersions.map((el) => {
+      let entityId;
+      let actorName;
+      if (el.userActorId) {
+        actorName = usersById[el.userActorId]?.[0]?.username;
+        entityId = el.userActorId;
+      } else if (el.identityActorId) {
+        actorName = identitiesById[el.identityActorId]?.[0]?.name;
+        entityId = el.identityActorId;
+      }
+      const actorEntity = el.actorType ? { actorType: el.actorType, actorId: entityId, name: actorName } : undefined;
+
+      return reshapeBridgeSecret(folder.projectId, folder.environment.envSlug, "/", {
         ...el,
+        actor: actorEntity,
         value: el.encryptedValue ? secretManagerDecryptor({ cipherTextBlob: el.encryptedValue }).toString() : "",
         comment: el.encryptedComment ? secretManagerDecryptor({ cipherTextBlob: el.encryptedComment }).toString() : ""
-      })
-    );
+      });
+    });
   };
 
   // this is a backfilling API for secret references
@@ -1956,6 +2008,10 @@ export const secretV2BridgeServiceFactory = ({
             secretTagDAL,
             resourceMetadataDAL,
             secretVersionTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             inputSecrets: locallyCreatedSecrets.map((doc) => {
               return {
                 type: doc.type,
@@ -1982,6 +2038,10 @@ export const secretV2BridgeServiceFactory = ({
             tx,
             secretTagDAL,
             secretVersionTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             inputSecrets: locallyUpdatedSecrets.map((doc) => {
               return {
                 filter: {
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
index ad8264e810..22956463df 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-types.ts
@@ -168,6 +168,10 @@ export type TFnSecretBulkInsert = {
   secretVersionDAL: Pick<TSecretVersionV2DALFactory, "insertMany">;
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecretV2">;
   secretVersionTagDAL: Pick<TSecretVersionV2TagDALFactory, "insertMany">;
+  actor?: {
+    type: string;
+    actorId: string;
+  };
 };
 
 type TRequireReferenceIfValue =
@@ -192,6 +196,10 @@ export type TFnSecretBulkUpdate = {
   secretVersionDAL: Pick<TSecretVersionV2DALFactory, "insertMany">;
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecretV2" | "deleteTagsToSecretV2">;
   secretVersionTagDAL: Pick<TSecretVersionV2TagDALFactory, "insertMany">;
+  actor?: {
+    type: string;
+    actorId: string;
+  };
   tx?: Knex;
 };
 
diff --git a/backend/src/services/secret/secret-service.ts b/backend/src/services/secret/secret-service.ts
index 93f68e813d..49640ac2a9 100644
--- a/backend/src/services/secret/secret-service.ts
+++ b/backend/src/services/secret/secret-service.ts
@@ -284,6 +284,10 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -429,6 +433,10 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -822,6 +830,10 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -931,7 +943,11 @@ export const secretServiceFactory = ({
         secretDAL,
         secretVersionDAL,
         secretTagDAL,
-        secretVersionTagDAL
+        secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        }
       })
     );
 
@@ -2404,6 +2420,10 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -2514,6 +2534,10 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
+        actor: {
+          type: actor,
+          actorId
+        },
         tx
       })
     );
@@ -2848,6 +2872,10 @@ export const secretServiceFactory = ({
             secretDAL,
             tx,
             secretTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             secretVersionTagDAL,
             inputSecrets: locallyCreatedSecrets.map((doc) => {
               return {
@@ -2879,6 +2907,10 @@ export const secretServiceFactory = ({
             tx,
             secretTagDAL,
             secretVersionTagDAL,
+            actor: {
+              type: actor,
+              actorId
+            },
             inputSecrets: locallyUpdatedSecrets.map((doc) => {
               return {
                 filter: {
diff --git a/backend/src/services/secret/secret-types.ts b/backend/src/services/secret/secret-types.ts
index 1586052763..242296c50b 100644
--- a/backend/src/services/secret/secret-types.ts
+++ b/backend/src/services/secret/secret-types.ts
@@ -322,6 +322,10 @@ export type TFnSecretBulkInsert = {
   secretVersionDAL: Pick<TSecretVersionDALFactory, "insertMany">;
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecret">;
   secretVersionTagDAL: Pick<TSecretVersionTagDALFactory, "insertMany">;
+  actor?: {
+    type?: string;
+    actorId: string;
+  };
 };
 
 export type TFnSecretBulkUpdate = {
@@ -336,6 +340,10 @@ export type TFnSecretBulkUpdate = {
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecret" | "deleteTagsManySecret">;
   secretVersionTagDAL: Pick<TSecretVersionTagDALFactory, "insertMany">;
   tx?: Knex;
+  actor?: {
+    type?: string;
+    actorId: string;
+  };
 };
 
 export type TAttachSecretTagsDTO = {
diff --git a/frontend/src/hooks/api/secrets/types.ts b/frontend/src/hooks/api/secrets/types.ts
index 92dc220b81..92e671c8bd 100644
--- a/frontend/src/hooks/api/secrets/types.ts
+++ b/frontend/src/hooks/api/secrets/types.ts
@@ -101,6 +101,11 @@ export type SecretVersions = {
   skipMultilineEncoding?: boolean;
   createdAt: string;
   updatedAt: string;
+  actor?: {
+    actorId?: string,
+    actorType: string,
+    name?: string
+  };
 };
 
 // dto
diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
index 168cd6f43a..04f343427f 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -9,11 +9,14 @@ import {
   faPlus,
   faShare,
   faTag,
-  faTrash
+  faTrash,
+  faUser,
+  faDesktop,
+  faServer
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
-import { Link } from "@tanstack/react-router";
+import { Link, useNavigate } from "@tanstack/react-router";
 import { format } from "date-fns";
 
 import { UpgradePlanModal } from "@app/components/license/UpgradePlanModal";
@@ -49,6 +52,8 @@ import { useGetSecretVersion } from "@app/hooks/api";
 import { useGetSecretAccessList } from "@app/hooks/api/secrets/queries";
 import { SecretV3RawSanitized, WsTag } from "@app/hooks/api/types";
 import { ProjectType } from "@app/hooks/api/workspace/types";
+import { ActorType } from "@app/hooks/api/auditLogs/enums";
+import { useGetWorkspaceUsers } from "@app/hooks/api";
 
 import { CreateReminderForm } from "./CreateReminderForm";
 import { formSchema, SecretActionType, TFormSchema } from "./SecretListView.utils";
@@ -120,7 +125,9 @@ export const SecretDetailSidebar = ({
     {}
   );
   const selectTagSlugs = selectedTags.map((i) => i.slug);
-
+  const navigate = useNavigate();
+  const { data: members = [] } = useGetWorkspaceUsers(currentWorkspace.id);
+  
   const cannotEditSecret = permission.cannot(
     ProjectPermissionActions.Edit,
     subject(ProjectPermissionSub.Secrets, {
@@ -201,6 +208,41 @@ export const SecretDetailSidebar = ({
   const secretReminderRepeatDays = watch("reminderRepeatDays");
   const secretReminderNote = watch("reminderNote");
 
+  const getModifiedByIcon = (userType: string) => {
+    switch (userType) {
+      case ActorType.USER:
+        return faUser;
+      case ActorType.IDENTITY:
+        return faDesktop;
+      default:
+        return faServer;
+    }
+  }
+
+  const getUserMembershipId = (actorId: string) => {
+    return members.filter((member) => member.user?.id === actorId)?.[0].id || null;
+  }
+
+  const getLinkToModifyHistoryEntity = (actorId: string, actorType: string) => {
+    switch(actorType) {
+      case ActorType.USER:
+        return `/${ProjectType.SecretManager}/${currentWorkspace.id}/members/${getUserMembershipId(actorId)}`;
+      case ActorType.IDENTITY:
+        return `/${ProjectType.SecretManager}/${currentWorkspace.id}/identities/${actorId}`;
+      default:
+        return null;
+    }
+  }
+
+  const onModifyHistoryClick = (actorId: string | undefined, actorType: string) => {
+    if (actorId && actorType !== ActorType.PLATFORM) { 
+      const redirectLink = getLinkToModifyHistoryEntity(actorId, actorType);
+      if (redirectLink) {
+        navigate({ to: redirectLink });
+      }
+    }
+  }
+
   return (
     <>
       <CreateReminderForm
@@ -618,7 +660,7 @@ export const SecretDetailSidebar = ({
               <div className="mb-4flex-grow dark cursor-default text-sm text-bunker-300">
                 <div className="mb-2 pl-1">Version History</div>
                 <div className="thin-scrollbar flex h-48 flex-col space-y-2 overflow-y-auto overflow-x-hidden rounded-md border border-mineshaft-600 bg-mineshaft-900 p-4 dark:[color-scheme:dark]">
-                  {secretVersion?.map(({ createdAt, secretValue, version, id }) => (
+                  {secretVersion?.map(({ createdAt, secretValue, version, id, actor }) => (
                     <div className="flex flex-row">
                       <div key={id} className="flex w-full flex-col space-y-1">
                         <div className="flex items-center">
@@ -633,36 +675,29 @@ export const SecretDetailSidebar = ({
                           <div className="relative w-10">
                             <div className="absolute bottom-0 left-3 top-0 mt-0.5 border-l border-mineshaft-400/60" />
                           </div>
-                          <div className="flex flex-row">
-                            <div className="h-min w-fit rounded-sm bg-primary-500/10 px-1 text-primary-300/70">
-                              Value:
-                            </div>
-                            <div className="group break-all pl-1 font-mono">
-                              <div className="relative hidden cursor-pointer transition-all duration-200 group-[.show-value]:inline">
-                                <button
-                                  type="button"
-                                  className="select-none"
-                                  onClick={(e) => {
-                                    navigator.clipboard.writeText(secretValue || "");
-                                    const target = e.currentTarget;
-                                    target.style.borderBottom = "1px dashed";
-                                    target.style.paddingBottom = "-1px";
-
-                                    // Create and insert popup
-                                    const popup = document.createElement("div");
-                                    popup.className =
-                                      "w-16 flex justify-center absolute top-6 left-0 text-xs text-primary-100 bg-mineshaft-800 px-1 py-0.5 rounded-md border border-primary-500/50";
-                                    popup.textContent = "Copied!";
-                                    target.parentElement?.appendChild(popup);
-
-                                    // Remove popup and border after delay
-                                    setTimeout(() => {
-                                      popup.remove();
-                                      target.style.borderBottom = "none";
-                                    }, 3000);
-                                  }}
-                                  onKeyDown={(e) => {
-                                    if (e.key === "Enter" || e.key === " ") {
+                          <div className="flex flex-col w-full cursor-default">
+                            {actor && (
+                              <div className="flex flex-row">
+                                <div className="flex flex-row w-fit text-sm">
+                                  Modified by: 
+                                  <Tooltip content={actor.name}>
+                                    <div onClick={() => onModifyHistoryClick(actor.actorId, actor.actorType)} className="cursor-pointer">
+                                      <FontAwesomeIcon icon={getModifiedByIcon(actor.actorType)} className="ml-2"/>
+                                    </div>
+                                  </Tooltip>
+                                </div>
+                              </div>
+                            )}
+                            <div className="flex flex-row">
+                              <div className="h-min w-fit rounded-sm bg-primary-500/10 px-1 text-primary-300/70">
+                                Value:
+                              </div>
+                              <div className="group break-all pl-1 font-mono">
+                                <div className="relative hidden cursor-pointer transition-all duration-200 group-[.show-value]:inline">
+                                  <button
+                                    type="button"
+                                    className="select-none"
+                                    onClick={(e) => {
                                       navigator.clipboard.writeText(secretValue || "");
                                       const target = e.currentTarget;
                                       target.style.borderBottom = "1px dashed";
@@ -680,51 +715,72 @@ export const SecretDetailSidebar = ({
                                         popup.remove();
                                         target.style.borderBottom = "none";
                                       }, 3000);
-                                    }
-                                  }}
-                                >
-                                  {secretValue}
-                                </button>
-                                <button
-                                  type="button"
-                                  className="ml-1 cursor-pointer"
-                                  onClick={(e) => {
-                                    e.stopPropagation();
-                                    e.currentTarget
-                                      .closest(".group")
-                                      ?.classList.remove("show-value");
-                                  }}
-                                  onKeyDown={(e) => {
-                                    if (e.key === "Enter" || e.key === " ") {
+                                    }}
+                                    onKeyDown={(e) => {
+                                      if (e.key === "Enter" || e.key === " ") {
+                                        navigator.clipboard.writeText(secretValue || "");
+                                        const target = e.currentTarget;
+                                        target.style.borderBottom = "1px dashed";
+                                        target.style.paddingBottom = "-1px";
+
+                                        // Create and insert popup
+                                        const popup = document.createElement("div");
+                                        popup.className =
+                                          "w-16 flex justify-center absolute top-6 left-0 text-xs text-primary-100 bg-mineshaft-800 px-1 py-0.5 rounded-md border border-primary-500/50";
+                                        popup.textContent = "Copied!";
+                                        target.parentElement?.appendChild(popup);
+
+                                        // Remove popup and border after delay
+                                        setTimeout(() => {
+                                          popup.remove();
+                                          target.style.borderBottom = "none";
+                                        }, 3000);
+                                      }
+                                    }}
+                                  >
+                                    {secretValue}
+                                  </button>
+                                  <button
+                                    type="button"
+                                    className="ml-1 cursor-pointer"
+                                    onClick={(e) => {
                                       e.stopPropagation();
                                       e.currentTarget
                                         .closest(".group")
                                         ?.classList.remove("show-value");
-                                    }
-                                  }}
-                                >
-                                  <FontAwesomeIcon icon={faEyeSlash} />
-                                </button>
+                                    }}
+                                    onKeyDown={(e) => {
+                                      if (e.key === "Enter" || e.key === " ") {
+                                        e.stopPropagation();
+                                        e.currentTarget
+                                          .closest(".group")
+                                          ?.classList.remove("show-value");
+                                      }
+                                    }}
+                                  >
+                                    <FontAwesomeIcon icon={faEyeSlash} />
+                                  </button>
+                                </div>
+                                <span className="group-[.show-value]:hidden">
+                                  {secretValue?.replace(/./g, "*")}
+                                  <button
+                                    type="button"
+                                    className="ml-1 cursor-pointer"
+                                    onClick={(e) => {
+                                      e.currentTarget.closest(".group")?.classList.add("show-value");
+                                    }}
+                                    onKeyDown={(e) => {
+                                      if (e.key === "Enter" || e.key === " ") {
+                                        e.currentTarget
+                                          .closest(".group")
+                                          ?.classList.add("show-value");
+                                      }
+                                    }}
+                                  >
+                                    <FontAwesomeIcon icon={faEye} />
+                                  </button>
+                                </span>
                               </div>
-                              <span className="group-[.show-value]:hidden">
-                                {secretValue?.replace(/./g, "*")}
-                                <button
-                                  type="button"
-                                  className="ml-1 cursor-pointer"
-                                  onClick={(e) => {
-                                    e.currentTarget.closest(".group")?.classList.add("show-value");
-                                  }}
-                                  onKeyDown={(e) => {
-                                    if (e.key === "Enter" || e.key === " ") {
-                                      e.currentTarget
-                                        .closest(".group")
-                                        ?.classList.add("show-value");
-                                    }
-                                  }}
-                                >
-                                  <FontAwesomeIcon icon={faEye} />
-                                </button>
-                              </span>
                             </div>
                           </div>
                         </div>

From 2dda7180a9b53ef611887f721b6fda4a0fbabbe4 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Wed, 5 Mar 2025 17:36:00 -0300
Subject: [PATCH 02/11] Fix linter issue

---
 .../components/SecretListView/SecretDetailSidebar.tsx            | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
index 04f343427f..161f9cbf1c 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -681,6 +681,7 @@ export const SecretDetailSidebar = ({
                                 <div className="flex flex-row w-fit text-sm">
                                   Modified by: 
                                   <Tooltip content={actor.name}>
+                                    {/* eslint-disable-next-line jsx-a11y/click-events-have-key-events, jsx-a11y/no-static-element-interactions */}
                                     <div onClick={() => onModifyHistoryClick(actor.actorId, actor.actorType)} className="cursor-pointer">
                                       <FontAwesomeIcon icon={getModifiedByIcon(actor.actorType)} className="ml-2"/>
                                     </div>

From 30bcf1f20411a739e0dfa4a6d9a7bfefc92c3a60 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 09:10:13 -0300
Subject: [PATCH 03/11] Fix linter and type issues, made a small fix for secret
 rotation platform events

---
 .../secret-rotation-queue.ts                  |  2 +
 .../secret-snapshot-service.ts                | 13 +++-
 backend/src/server/routes/sanitizedSchemas.ts |  4 +-
 .../secret-v2-bridge/secret-v2-bridge-fns.ts  |  6 +-
 backend/src/services/secret/secret-fns.ts     | 19 +++++-
 backend/src/services/secret/secret-types.ts   |  4 +-
 frontend/src/hooks/api/secrets/types.ts       |  8 +--
 .../SecretListView/SecretDetailSidebar.tsx    | 63 +++++++++++++------
 .../SecretListView/SecretListView.tsx         |  6 +-
 9 files changed, 91 insertions(+), 34 deletions(-)

diff --git a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
index fdc493b9fd..48af65d29f 100644
--- a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
@@ -39,6 +39,7 @@ import {
   secretRotationPreSetFn
 } from "./secret-rotation-queue-fn";
 import { TSecretRotationData, TSecretRotationDbFn, TSecretRotationEncData } from "./secret-rotation-queue-types";
+import { ActorType } from "@app/services/auth/auth-type";
 
 export type TSecretRotationQueueFactory = ReturnType<typeof secretRotationQueueFactory>;
 
@@ -332,6 +333,7 @@ export const secretRotationQueueFactory = ({
           await secretVersionV2BridgeDAL.insertMany(
             updatedSecrets.map(({ id, updatedAt, createdAt, ...el }) => ({
               ...el,
+              actorType: ActorType.PLATFORM,
               secretId: id
             })),
             tx
diff --git a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
index 06ad0cba53..40ac4493fe 100644
--- a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
+++ b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
@@ -34,6 +34,7 @@ import { TSnapshotFolderDALFactory } from "./snapshot-folder-dal";
 import { TSnapshotSecretDALFactory } from "./snapshot-secret-dal";
 import { TSnapshotSecretV2DALFactory } from "./snapshot-secret-v2-dal";
 import { getFullFolderPath } from "./snapshot-service-fns";
+import { ActorType } from "@app/services/auth/auth-type";
 
 type TSecretSnapshotServiceFactoryDep = {
   snapshotDAL: TSnapshotDALFactory;
@@ -414,8 +415,18 @@ export const secretSnapshotServiceFactory = ({
           })),
           tx
         );
+        const userActorId = actor === ActorType.USER ? actorId : undefined;
+        const identityActorId = actor !== ActorType.USER ? actorId : undefined;
+        const actorType = actor || ActorType.PLATFORM;
+
         const secretVersions = await secretVersionV2BridgeDAL.insertMany(
-          secrets.map(({ id, updatedAt, createdAt, ...el }) => ({ ...el, secretId: id })),
+          secrets.map(({ id, updatedAt, createdAt, ...el }) => ({
+            ...el,
+            secretId: id,
+            userActorId,
+            identityActorId,
+            actorType
+          })),
           tx
         );
         await secretVersionV2TagBridgeDAL.insertMany(
diff --git a/backend/src/server/routes/sanitizedSchemas.ts b/backend/src/server/routes/sanitizedSchemas.ts
index 16a7396cd3..3009993c0b 100644
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@@ -114,8 +114,8 @@ export const secretRawSchema = z.object({
   updatedAt: z.date(),
   actor: z
     .object({
-      actorId: z.string().nullable(),
-      actorType: z.string().nullable(),
+      actorId: z.string().nullable().optional(),
+      actorType: z.string().nullable().optional(),
       name: z.string().nullable().optional()
     })
     .optional()
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
index 046b23deca..007df0872c 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
@@ -94,6 +94,7 @@ export const fnSecretBulkInsert = async ({
 
   const userActorId = actor && actor.type === ActorType.USER ? actor.actorId : undefined;
   const identityActorId = actor && actor.type !== ActorType.USER ? actor.actorId : undefined;
+  const actorType = actor?.type || ActorType.PLATFORM;
 
   const newSecrets = await secretDAL.insertMany(
     sanitizedInputSecrets.map((el) => ({ ...el, folderId })),
@@ -113,7 +114,7 @@ export const fnSecretBulkInsert = async ({
       folderId,
       userActorId,
       identityActorId,
-      actorType: actor?.type,
+      actorType,
       secretId: newSecretGroupedByKeyName[el.key][0].id
     })),
     tx
@@ -170,6 +171,7 @@ export const fnSecretBulkUpdate = async ({
 }: TFnSecretBulkUpdate) => {
   const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
   const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
+  const actorType = actor?.type || ActorType.PLATFORM;
 
   const sanitizedInputSecrets = inputSecrets.map(
     ({
@@ -231,7 +233,7 @@ export const fnSecretBulkUpdate = async ({
         secretId,
         userActorId,
         identityActorId,
-        actorType: actor?.type
+        actorType
       })
     ),
     tx
diff --git a/backend/src/services/secret/secret-fns.ts b/backend/src/services/secret/secret-fns.ts
index 1775d1f444..3ecdcbd081 100644
--- a/backend/src/services/secret/secret-fns.ts
+++ b/backend/src/services/secret/secret-fns.ts
@@ -525,6 +525,7 @@ export const fnSecretBulkInsert = async ({
   secretVersionDAL,
   secretTagDAL,
   secretVersionTagDAL,
+  actor,
   tx
 }: TFnSecretBulkInsert) => {
   const sanitizedInputSecrets = inputSecrets.map(
@@ -579,9 +580,17 @@ export const fnSecretBulkInsert = async ({
       [`${TableName.Secret}Id` as const]: newSecretGroupByBlindIndex[secretBlindIndex as string][0].id
     }))
   );
+
+  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
+  const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
+  const actorType = actor?.type || ActorType.PLATFORM;
+
   const secretVersions = await secretVersionDAL.insertMany(
     sanitizedInputSecrets.map((el) => ({
       ...el,
+      userActorId,
+      identityActorId,
+      actorType,
       secretId: newSecretGroupByBlindIndex[el.secretBlindIndex as string][0].id
     })),
     tx
@@ -614,7 +623,8 @@ export const fnSecretBulkUpdate = async ({
   secretDAL,
   secretVersionDAL,
   secretTagDAL,
-  secretVersionTagDAL
+  secretVersionTagDAL,
+  actor
 }: TFnSecretBulkUpdate) => {
   const sanitizedInputSecrets = inputSecrets.map(
     ({
@@ -664,10 +674,17 @@ export const fnSecretBulkUpdate = async ({
     })
   );
 
+  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
+  const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
+  const actorType = actor?.type || ActorType.PLATFORM;
+
   const newSecrets = await secretDAL.bulkUpdate(sanitizedInputSecrets, tx);
   const secretVersions = await secretVersionDAL.insertMany(
     newSecrets.map(({ id, createdAt, updatedAt, ...el }) => ({
       ...el,
+      userActorId,
+      identityActorId,
+      actorType,
       secretId: id
     })),
     tx
diff --git a/backend/src/services/secret/secret-types.ts b/backend/src/services/secret/secret-types.ts
index 242296c50b..4b671b02d3 100644
--- a/backend/src/services/secret/secret-types.ts
+++ b/backend/src/services/secret/secret-types.ts
@@ -324,7 +324,7 @@ export type TFnSecretBulkInsert = {
   secretVersionTagDAL: Pick<TSecretVersionTagDALFactory, "insertMany">;
   actor?: {
     type?: string;
-    actorId: string;
+    actorId?: string;
   };
 };
 
@@ -342,7 +342,7 @@ export type TFnSecretBulkUpdate = {
   tx?: Knex;
   actor?: {
     type?: string;
-    actorId: string;
+    actorId?: string;
   };
 };
 
diff --git a/frontend/src/hooks/api/secrets/types.ts b/frontend/src/hooks/api/secrets/types.ts
index 92e671c8bd..9fbef1488a 100644
--- a/frontend/src/hooks/api/secrets/types.ts
+++ b/frontend/src/hooks/api/secrets/types.ts
@@ -102,10 +102,10 @@ export type SecretVersions = {
   createdAt: string;
   updatedAt: string;
   actor?: {
-    actorId?: string,
-    actorType: string,
-    name?: string
-  };
+    actorId?: string | null;
+    actorType?: string | null;
+    name?: string | null;
+  } | null;
 };
 
 // dto
diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
index 161f9cbf1c..2f1a178b96 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -48,12 +48,11 @@ import {
   useWorkspace
 } from "@app/context";
 import { usePopUp, useToggle } from "@app/hooks";
-import { useGetSecretVersion } from "@app/hooks/api";
+import { useGetSecretVersion, useGetWorkspaceUsers } from "@app/hooks/api";
 import { useGetSecretAccessList } from "@app/hooks/api/secrets/queries";
 import { SecretV3RawSanitized, WsTag } from "@app/hooks/api/types";
 import { ProjectType } from "@app/hooks/api/workspace/types";
 import { ActorType } from "@app/hooks/api/auditLogs/enums";
-import { useGetWorkspaceUsers } from "@app/hooks/api";
 
 import { CreateReminderForm } from "./CreateReminderForm";
 import { formSchema, SecretActionType, TFormSchema } from "./SecretListView.utils";
@@ -127,7 +126,7 @@ export const SecretDetailSidebar = ({
   const selectTagSlugs = selectedTags.map((i) => i.slug);
   const navigate = useNavigate();
   const { data: members = [] } = useGetWorkspaceUsers(currentWorkspace.id);
-  
+
   const cannotEditSecret = permission.cannot(
     ProjectPermissionActions.Edit,
     subject(ProjectPermissionSub.Secrets, {
@@ -199,9 +198,16 @@ export const SecretDetailSidebar = ({
     await onSaveSecret(secret, { ...secret, ...data }, () => reset());
   };
 
-  const handleReminderSubmit = async (reminderRepeatDays: number | null | undefined, reminderNote: string | null | undefined) => {
-    await onSaveSecret(secret, { ...secret, reminderRepeatDays, reminderNote, isReminderEvent: true }, () => { });
-  }
+  const handleReminderSubmit = async (
+    reminderRepeatDays: number | null | undefined,
+    reminderNote: string | null | undefined
+  ) => {
+    await onSaveSecret(
+      secret,
+      { ...secret, reminderRepeatDays, reminderNote, isReminderEvent: true },
+      () => {}
+    );
+  };
 
   const [createReminderFormOpen, setCreateReminderFormOpen] = useToggle(false);
 
@@ -217,14 +223,23 @@ export const SecretDetailSidebar = ({
       default:
         return faServer;
     }
-  }
+  };
+
+  const getModifiedByName = (userType: string, userName: string | undefined) => {
+    switch (userType) {
+      case ActorType.PLATFORM:
+        return "System-generated";
+      default:
+        return userName;
+    }
+  };
 
   const getUserMembershipId = (actorId: string) => {
     return members.filter((member) => member.user?.id === actorId)?.[0].id || null;
-  }
+  };
 
   const getLinkToModifyHistoryEntity = (actorId: string, actorType: string) => {
-    switch(actorType) {
+    switch (actorType) {
       case ActorType.USER:
         return `/${ProjectType.SecretManager}/${currentWorkspace.id}/members/${getUserMembershipId(actorId)}`;
       case ActorType.IDENTITY:
@@ -232,16 +247,16 @@ export const SecretDetailSidebar = ({
       default:
         return null;
     }
-  }
+  };
 
   const onModifyHistoryClick = (actorId: string | undefined, actorType: string) => {
-    if (actorId && actorType !== ActorType.PLATFORM) { 
+    if (actorId && actorType !== ActorType.PLATFORM) {
       const redirectLink = getLinkToModifyHistoryEntity(actorId, actorType);
       if (redirectLink) {
         navigate({ to: redirectLink });
       }
     }
-  }
+  };
 
   return (
     <>
@@ -255,7 +270,7 @@ export const SecretDetailSidebar = ({
           if (data) {
             setValue("reminderRepeatDays", data.days, { shouldDirty: false });
             setValue("reminderNote", data.note, { shouldDirty: false });
-            handleReminderSubmit(data.days, data.note)
+            handleReminderSubmit(data.days, data.note);
           }
         }}
       />
@@ -675,15 +690,23 @@ export const SecretDetailSidebar = ({
                           <div className="relative w-10">
                             <div className="absolute bottom-0 left-3 top-0 mt-0.5 border-l border-mineshaft-400/60" />
                           </div>
-                          <div className="flex flex-col w-full cursor-default">
+                          <div className="flex w-full cursor-default flex-col">
                             {actor && (
                               <div className="flex flex-row">
-                                <div className="flex flex-row w-fit text-sm">
-                                  Modified by: 
-                                  <Tooltip content={actor.name}>
+                                <div className="flex w-fit flex-row text-sm">
+                                  Modified by:
+                                  <Tooltip content={getModifiedByName(actor.actorType, actor.name)}>
                                     {/* eslint-disable-next-line jsx-a11y/click-events-have-key-events, jsx-a11y/no-static-element-interactions */}
-                                    <div onClick={() => onModifyHistoryClick(actor.actorId, actor.actorType)} className="cursor-pointer">
-                                      <FontAwesomeIcon icon={getModifiedByIcon(actor.actorType)} className="ml-2"/>
+                                    <div
+                                      onClick={() =>
+                                        onModifyHistoryClick(actor.actorId, actor.actorType)
+                                      }
+                                      className="cursor-pointer"
+                                    >
+                                      <FontAwesomeIcon
+                                        icon={getModifiedByIcon(actor.actorType)}
+                                        className="ml-2"
+                                      />
                                     </div>
                                   </Tooltip>
                                 </div>
@@ -697,7 +720,7 @@ export const SecretDetailSidebar = ({
                                 <div className="relative hidden cursor-pointer transition-all duration-200 group-[.show-value]:inline">
                                   <button
                                     type="button"
-                                    className="select-none"
+                                    className="select-none text-left"
                                     onClick={(e) => {
                                       navigator.clipboard.writeText(secretValue || "");
                                       const target = e.currentTarget;
diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretListView.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretListView.tsx
index ec765a3616..e817aa1f93 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretListView.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretListView.tsx
@@ -238,10 +238,12 @@ export const SecretListView = ({
         if (!isReminderEvent) {
           handlePopUpClose("secretDetail");
         }
-        
+
         let successMessage;
         if (isReminderEvent) {
-          successMessage = reminderRepeatDays ? "Successfully saved secret reminder" : "Successfully deleted secret reminder";
+          successMessage = reminderRepeatDays 
+            ? "Successfully saved secret reminder" 
+            : "Successfully deleted secret reminder";
         } else {
           successMessage = "Successfully saved secrets";
         }

From 7f767791244617ae65f250bfab3e22390112561a Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 09:17:55 -0300
Subject: [PATCH 04/11] Fix frontend type errors

---
 ...250305131152_add-actor-id-to-secret-versions-v2.ts |  4 ++--
 .../components/SecretListView/SecretDetailSidebar.tsx | 11 ++++++-----
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
index e4340a436b..25237122bf 100644
--- a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
+++ b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
@@ -38,13 +38,13 @@ export async function down(knex: Knex): Promise<void> {
     });
   }
 
-  if (!hasSecretVersionV2IdentityActorId) {
+  if (hasSecretVersionV2IdentityActorId) {
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.dropColumn("identityActorId");
     });
   }
 
-  if (!hasSecretVersionV2ActorType) {
+  if (hasSecretVersionV2ActorType) {
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.dropColumn("actorType");
     });
diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
index 2f1a178b96..1f89073857 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -214,7 +214,7 @@ export const SecretDetailSidebar = ({
   const secretReminderRepeatDays = watch("reminderRepeatDays");
   const secretReminderNote = watch("reminderNote");
 
-  const getModifiedByIcon = (userType: string) => {
+  const getModifiedByIcon = (userType: string | undefined | null) => {
     switch (userType) {
       case ActorType.USER:
         return faUser;
@@ -225,7 +225,7 @@ export const SecretDetailSidebar = ({
     }
   };
 
-  const getModifiedByName = (userType: string, userName: string | undefined) => {
+  const getModifiedByName = (userType: string | undefined | null, userName: string | null | undefined) => {
     switch (userType) {
       case ActorType.PLATFORM:
         return "System-generated";
@@ -235,7 +235,8 @@ export const SecretDetailSidebar = ({
   };
 
   const getUserMembershipId = (actorId: string) => {
-    return members.filter((member) => member.user?.id === actorId)?.[0].id || null;
+    const foundMember = members.find((member) => member.user?.id === actorId);
+    return foundMember?.id || null;
   };
 
   const getLinkToModifyHistoryEntity = (actorId: string, actorType: string) => {
@@ -249,8 +250,8 @@ export const SecretDetailSidebar = ({
     }
   };
 
-  const onModifyHistoryClick = (actorId: string | undefined, actorType: string) => {
-    if (actorId && actorType !== ActorType.PLATFORM) {
+  const onModifyHistoryClick = (actorId: string | undefined | null, actorType: string | undefined | null) => {
+    if (actorType && actorId && actorType !== ActorType.PLATFORM) {
       const redirectLink = getLinkToModifyHistoryEntity(actorId, actorType);
       if (redirectLink) {
         navigate({ to: redirectLink });

From efc3b6d474eb0bc8c3a942c06d0d6b1be5131603 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 11:31:26 -0300
Subject: [PATCH 05/11] Remove secret_version_v1 changes

---
 .../secret-approval-request-service.ts        | 12 ++-----
 .../secret-replication-service.ts             |  8 -----
 backend/src/services/secret/secret-fns.ts     | 18 +---------
 backend/src/services/secret/secret-service.ts | 34 +------------------
 backend/src/services/secret/secret-types.ts   |  8 -----
 5 files changed, 4 insertions(+), 76 deletions(-)

diff --git a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
index 3624344f14..8569ef2a9c 100644
--- a/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
+++ b/backend/src/ee/services/secret-approval-request/secret-approval-request-service.ts
@@ -761,11 +761,7 @@ export const secretApprovalRequestServiceFactory = ({
               secretDAL,
               secretVersionDAL,
               secretTagDAL,
-              secretVersionTagDAL,
-              actor: {
-                type: actor,
-                actorId
-              }
+              secretVersionTagDAL
             })
           : [];
         const updatedSecrets = secretUpdationCommits.length
@@ -811,11 +807,7 @@ export const secretApprovalRequestServiceFactory = ({
               secretDAL,
               secretVersionDAL,
               secretTagDAL,
-              secretVersionTagDAL,
-              actor: {
-                type: actor,
-                actorId
-              }
+              secretVersionTagDAL
             })
           : [];
         const deletedSecret = secretDeletionCommits.length
diff --git a/backend/src/ee/services/secret-replication/secret-replication-service.ts b/backend/src/ee/services/secret-replication/secret-replication-service.ts
index c9b0a35328..3c25db98c4 100644
--- a/backend/src/ee/services/secret-replication/secret-replication-service.ts
+++ b/backend/src/ee/services/secret-replication/secret-replication-service.ts
@@ -710,10 +710,6 @@ export const secretReplicationServiceFactory = ({
                   tx,
                   secretTagDAL,
                   secretVersionTagDAL,
-                  actor: {
-                    type: actor,
-                    actorId
-                  },
                   inputSecrets: locallyCreatedSecrets.map((doc) => {
                     return {
                       keyEncoding: doc.keyEncoding,
@@ -745,10 +741,6 @@ export const secretReplicationServiceFactory = ({
                   tx,
                   secretTagDAL,
                   secretVersionTagDAL,
-                  actor: {
-                    type: actor,
-                    actorId
-                  },
                   inputSecrets: locallyUpdatedSecrets.map((doc) => {
                     return {
                       filter: {
diff --git a/backend/src/services/secret/secret-fns.ts b/backend/src/services/secret/secret-fns.ts
index 3ecdcbd081..d7c9b86fbe 100644
--- a/backend/src/services/secret/secret-fns.ts
+++ b/backend/src/services/secret/secret-fns.ts
@@ -525,7 +525,6 @@ export const fnSecretBulkInsert = async ({
   secretVersionDAL,
   secretTagDAL,
   secretVersionTagDAL,
-  actor,
   tx
 }: TFnSecretBulkInsert) => {
   const sanitizedInputSecrets = inputSecrets.map(
@@ -581,16 +580,9 @@ export const fnSecretBulkInsert = async ({
     }))
   );
 
-  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
-  const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
-  const actorType = actor?.type || ActorType.PLATFORM;
-
   const secretVersions = await secretVersionDAL.insertMany(
     sanitizedInputSecrets.map((el) => ({
       ...el,
-      userActorId,
-      identityActorId,
-      actorType,
       secretId: newSecretGroupByBlindIndex[el.secretBlindIndex as string][0].id
     })),
     tx
@@ -623,8 +615,7 @@ export const fnSecretBulkUpdate = async ({
   secretDAL,
   secretVersionDAL,
   secretTagDAL,
-  secretVersionTagDAL,
-  actor
+  secretVersionTagDAL
 }: TFnSecretBulkUpdate) => {
   const sanitizedInputSecrets = inputSecrets.map(
     ({
@@ -674,17 +665,10 @@ export const fnSecretBulkUpdate = async ({
     })
   );
 
-  const userActorId = actor && actor?.type === ActorType.USER ? actor?.actorId : undefined;
-  const identityActorId = actor && actor?.type !== ActorType.USER ? actor?.actorId : undefined;
-  const actorType = actor?.type || ActorType.PLATFORM;
-
   const newSecrets = await secretDAL.bulkUpdate(sanitizedInputSecrets, tx);
   const secretVersions = await secretVersionDAL.insertMany(
     newSecrets.map(({ id, createdAt, updatedAt, ...el }) => ({
       ...el,
-      userActorId,
-      identityActorId,
-      actorType,
       secretId: id
     })),
     tx
diff --git a/backend/src/services/secret/secret-service.ts b/backend/src/services/secret/secret-service.ts
index 49640ac2a9..93f68e813d 100644
--- a/backend/src/services/secret/secret-service.ts
+++ b/backend/src/services/secret/secret-service.ts
@@ -284,10 +284,6 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        },
         tx
       })
     );
@@ -433,10 +429,6 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        },
         tx
       })
     );
@@ -830,10 +822,6 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        },
         tx
       })
     );
@@ -943,11 +931,7 @@ export const secretServiceFactory = ({
         secretDAL,
         secretVersionDAL,
         secretTagDAL,
-        secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        }
+        secretVersionTagDAL
       })
     );
 
@@ -2420,10 +2404,6 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        },
         tx
       })
     );
@@ -2534,10 +2514,6 @@ export const secretServiceFactory = ({
         secretVersionDAL,
         secretTagDAL,
         secretVersionTagDAL,
-        actor: {
-          type: actor,
-          actorId
-        },
         tx
       })
     );
@@ -2872,10 +2848,6 @@ export const secretServiceFactory = ({
             secretDAL,
             tx,
             secretTagDAL,
-            actor: {
-              type: actor,
-              actorId
-            },
             secretVersionTagDAL,
             inputSecrets: locallyCreatedSecrets.map((doc) => {
               return {
@@ -2907,10 +2879,6 @@ export const secretServiceFactory = ({
             tx,
             secretTagDAL,
             secretVersionTagDAL,
-            actor: {
-              type: actor,
-              actorId
-            },
             inputSecrets: locallyUpdatedSecrets.map((doc) => {
               return {
                 filter: {
diff --git a/backend/src/services/secret/secret-types.ts b/backend/src/services/secret/secret-types.ts
index 4b671b02d3..1586052763 100644
--- a/backend/src/services/secret/secret-types.ts
+++ b/backend/src/services/secret/secret-types.ts
@@ -322,10 +322,6 @@ export type TFnSecretBulkInsert = {
   secretVersionDAL: Pick<TSecretVersionDALFactory, "insertMany">;
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecret">;
   secretVersionTagDAL: Pick<TSecretVersionTagDALFactory, "insertMany">;
-  actor?: {
-    type?: string;
-    actorId?: string;
-  };
 };
 
 export type TFnSecretBulkUpdate = {
@@ -340,10 +336,6 @@ export type TFnSecretBulkUpdate = {
   secretTagDAL: Pick<TSecretTagDALFactory, "saveTagsToSecret" | "deleteTagsManySecret">;
   secretVersionTagDAL: Pick<TSecretVersionTagDALFactory, "insertMany">;
   tx?: Knex;
-  actor?: {
-    type?: string;
-    actorId?: string;
-  };
 };
 
 export type TAttachSecretTagsDTO = {

From 0513307d9843a194ebfb5fc46c4912111816eed5 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 12:55:10 -0300
Subject: [PATCH 06/11] Improve code quality

---
 ...1152_add-actor-id-to-secret-versions-v2.ts | 31 ++-----------------
 .../secret-snapshot-service.ts                |  1 +
 2 files changed, 3 insertions(+), 29 deletions(-)

diff --git a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
index 25237122bf..af1e2c85ad 100644
--- a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
+++ b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
@@ -3,49 +3,22 @@ import { Knex } from "knex";
 import { TableName } from "@app/db/schemas";
 
 export async function up(knex: Knex): Promise<void> {
-  const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
-  const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
-  const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
-
-  if (!hasSecretVersionV2UserActorId) {
+  if (!(await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId"))) {
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.uuid("userActorId");
       t.foreign("userActorId").references("id").inTable(TableName.Users);
-    });
-  }
-
-  if (!hasSecretVersionV2IdentityActorId) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.uuid("identityActorId");
       t.foreign("identityActorId").references("id").inTable(TableName.Identity);
-    });
-  }
-  if (!hasSecretVersionV2ActorType) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.string("actorType");
     });
   }
 }
 
 export async function down(knex: Knex): Promise<void> {
-  const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
-  const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
-  const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
-
-  if (hasSecretVersionV2UserActorId) {
+  if (await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId")) {
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.dropColumn("userActorId");
-    });
-  }
-
-  if (hasSecretVersionV2IdentityActorId) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.dropColumn("identityActorId");
-    });
-  }
-
-  if (hasSecretVersionV2ActorType) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       t.dropColumn("actorType");
     });
   }
diff --git a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
index 40ac4493fe..b057d81106 100644
--- a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
+++ b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
@@ -380,6 +380,7 @@ export const secretSnapshotServiceFactory = ({
                 envId,
                 id,
                 tags,
+                // exclude the bottom fields from the secret - they are for versioning only.
                 userActorId,
                 identityActorId,
                 actorType,

From 9116acd37b1464201fb8c8dcfcb14b94fddd0dbb Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 13:07:03 -0300
Subject: [PATCH 07/11] Fix linter issues

---
 .../secret-rotation-queue/secret-rotation-queue.ts            | 2 +-
 .../ee/services/secret-snapshot/secret-snapshot-service.ts    | 2 +-
 backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts | 2 +-
 .../src/services/secret-v2-bridge/secret-v2-bridge-service.ts | 4 ++--
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
index 48af65d29f..ac8fcc9f2d 100644
--- a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue.ts
@@ -13,6 +13,7 @@ import { NotFoundError } from "@app/lib/errors";
 import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 import { QueueJobs, QueueName, TQueueServiceFactory } from "@app/queue";
+import { ActorType } from "@app/services/auth/auth-type";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { KmsDataKey } from "@app/services/kms/kms-types";
 import { TProjectBotServiceFactory } from "@app/services/project-bot/project-bot-service";
@@ -39,7 +40,6 @@ import {
   secretRotationPreSetFn
 } from "./secret-rotation-queue-fn";
 import { TSecretRotationData, TSecretRotationDbFn, TSecretRotationEncData } from "./secret-rotation-queue-types";
-import { ActorType } from "@app/services/auth/auth-type";
 
 export type TSecretRotationQueueFactory = ReturnType<typeof secretRotationQueueFactory>;
 
diff --git a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
index b057d81106..dc2cff4567 100644
--- a/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
+++ b/backend/src/ee/services/secret-snapshot/secret-snapshot-service.ts
@@ -7,6 +7,7 @@ import { decryptSymmetric128BitHexKeyUTF8 } from "@app/lib/crypto";
 import { InternalServerError, NotFoundError } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
 import { logger } from "@app/lib/logger";
+import { ActorType } from "@app/services/auth/auth-type";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { KmsDataKey } from "@app/services/kms/kms-types";
 import { TProjectBotServiceFactory } from "@app/services/project-bot/project-bot-service";
@@ -34,7 +35,6 @@ import { TSnapshotFolderDALFactory } from "./snapshot-folder-dal";
 import { TSnapshotSecretDALFactory } from "./snapshot-secret-dal";
 import { TSnapshotSecretV2DALFactory } from "./snapshot-secret-v2-dal";
 import { getFullFolderPath } from "./snapshot-service-fns";
-import { ActorType } from "@app/services/auth/auth-type";
 
 type TSecretSnapshotServiceFactoryDep = {
   snapshotDAL: TSnapshotDALFactory;
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
index 007df0872c..8e7eab514f 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
@@ -5,12 +5,12 @@ import { ForbiddenRequestError, NotFoundError } from "@app/lib/errors";
 import { groupBy } from "@app/lib/fn";
 import { logger } from "@app/lib/logger";
 
+import { ActorType } from "../auth/auth-type";
 import { TProjectEnvDALFactory } from "../project-env/project-env-dal";
 import { ResourceMetadataDTO } from "../resource-metadata/resource-metadata-schema";
 import { TSecretFolderDALFactory } from "../secret-folder/secret-folder-dal";
 import { TSecretV2BridgeDALFactory } from "./secret-v2-bridge-dal";
 import { TFnSecretBulkDelete, TFnSecretBulkInsert, TFnSecretBulkUpdate } from "./secret-v2-bridge-types";
-import { ActorType } from "../auth/auth-type";
 
 const INTERPOLATION_SYNTAX_REG = /\${([a-zA-Z0-9-_.]+)}/g;
 // akhilmhdh: JS regex with global save state in .test
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
index dd0b2d9ece..5162c34880 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
@@ -23,6 +23,7 @@ import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 
 import { ActorType } from "../auth/auth-type";
+import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TKmsServiceFactory } from "../kms/kms-service";
 import { KmsDataKey } from "../kms/kms-types";
 import { TProjectEnvDALFactory } from "../project-env/project-env-dal";
@@ -32,6 +33,7 @@ import { TSecretFolderDALFactory } from "../secret-folder/secret-folder-dal";
 import { TSecretImportDALFactory } from "../secret-import/secret-import-dal";
 import { fnSecretsV2FromImports } from "../secret-import/secret-import-fns";
 import { TSecretTagDALFactory } from "../secret-tag/secret-tag-dal";
+import { TUserDALFactory } from "../user/user-dal";
 import { TSecretV2BridgeDALFactory } from "./secret-v2-bridge-dal";
 import {
   expandSecretReferencesFactory,
@@ -62,8 +64,6 @@ import {
 } from "./secret-v2-bridge-types";
 import { TSecretVersionV2DALFactory } from "./secret-version-dal";
 import { TSecretVersionV2TagDALFactory } from "./secret-version-tag-dal";
-import { TUserDALFactory } from "../user/user-dal";
-import { TIdentityDALFactory } from "../identity/identity-dal";
 
 type TSecretV2BridgeServiceFactoryDep = {
   secretDAL: TSecretV2BridgeDALFactory;

From 8e311658d438d7d361c29156ec4b38ff11e65c5d Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 15:15:52 -0300
Subject: [PATCH 08/11] Improve query to only use one to retrieve all
 information

---
 backend/src/server/routes/index.ts            |  4 +-
 backend/src/server/routes/sanitizedSchemas.ts |  3 +-
 .../secret-v2-bridge/secret-v2-bridge-fns.ts  | 20 ++++---
 .../secret-v2-bridge-service.ts               | 39 +++-----------
 .../secret-v2-bridge/secret-version-dal.ts    | 54 ++++++++++++++++++-
 frontend/src/hooks/api/secrets/types.ts       |  1 +
 .../SecretListView/SecretDetailSidebar.tsx    | 47 +++++++++-------
 7 files changed, 105 insertions(+), 63 deletions(-)

diff --git a/backend/src/server/routes/index.ts b/backend/src/server/routes/index.ts
index f4b1bcc357..efc1cb8655 100644
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -1039,9 +1039,7 @@ export const registerRoutes = async (
     secretApprovalRequestSecretDAL,
     kmsService,
     snapshotService,
-    resourceMetadataDAL,
-    userDAL,
-    identityDAL
+    resourceMetadataDAL
   });
 
   const secretApprovalRequestService = secretApprovalRequestServiceFactory({
diff --git a/backend/src/server/routes/sanitizedSchemas.ts b/backend/src/server/routes/sanitizedSchemas.ts
index 3009993c0b..a6cc8bae0a 100644
--- a/backend/src/server/routes/sanitizedSchemas.ts
+++ b/backend/src/server/routes/sanitizedSchemas.ts
@@ -116,7 +116,8 @@ export const secretRawSchema = z.object({
     .object({
       actorId: z.string().nullable().optional(),
       actorType: z.string().nullable().optional(),
-      name: z.string().nullable().optional()
+      name: z.string().nullable().optional(),
+      membershipId: z.string().nullable().optional()
     })
     .optional()
     .nullable()
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
index 8e7eab514f..751235cdea 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts
@@ -633,11 +633,12 @@ export const reshapeBridgeSecret = (
   secret: Omit<TSecretsV2, "encryptedValue" | "encryptedComment"> & {
     value: string;
     comment: string;
-    actor?: {
-      actorType?: string;
-      actorId?: string;
-      name?: string;
-    };
+    userActorName?: string | null;
+    identityActorName?: string | null;
+    userActorId?: string | null;
+    identityActorId?: string | null;
+    membershipId?: string | null;
+    actorType?: string | null;
     tags?: {
       id: string;
       slug: string;
@@ -658,7 +659,14 @@ export const reshapeBridgeSecret = (
   _id: secret.id,
   id: secret.id,
   user: secret.userId,
-  actor: secret.actor,
+  actor: secret.actorType
+    ? {
+        actorType: secret.actorType,
+        actorId: secret.userActorId || secret.identityActorId,
+        name: secret.identityActorName || secret.userActorName,
+        membershipId: secret.membershipId
+      }
+    : undefined,
   tags: secret.tags,
   skipMultilineEncoding: secret.skipMultilineEncoding,
   secretReminderRepeatDays: secret.reminderRepeatDays,
diff --git a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
index 5162c34880..9063da5c49 100644
--- a/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
+++ b/backend/src/services/secret-v2-bridge/secret-v2-bridge-service.ts
@@ -23,7 +23,6 @@ import { logger } from "@app/lib/logger";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 
 import { ActorType } from "../auth/auth-type";
-import { TIdentityDALFactory } from "../identity/identity-dal";
 import { TKmsServiceFactory } from "../kms/kms-service";
 import { KmsDataKey } from "../kms/kms-types";
 import { TProjectEnvDALFactory } from "../project-env/project-env-dal";
@@ -33,7 +32,6 @@ import { TSecretFolderDALFactory } from "../secret-folder/secret-folder-dal";
 import { TSecretImportDALFactory } from "../secret-import/secret-import-dal";
 import { fnSecretsV2FromImports } from "../secret-import/secret-import-fns";
 import { TSecretTagDALFactory } from "../secret-tag/secret-tag-dal";
-import { TUserDALFactory } from "../user/user-dal";
 import { TSecretV2BridgeDALFactory } from "./secret-v2-bridge-dal";
 import {
   expandSecretReferencesFactory,
@@ -87,8 +85,6 @@ type TSecretV2BridgeServiceFactoryDep = {
   >;
   snapshotService: Pick<TSecretSnapshotServiceFactory, "performSnapshot">;
   resourceMetadataDAL: Pick<TResourceMetadataDALFactory, "insertMany" | "delete">;
-  userDAL: Pick<TUserDALFactory, "find">;
-  identityDAL: Pick<TIdentityDALFactory, "find">;
 };
 
 export type TSecretV2BridgeServiceFactory = ReturnType<typeof secretV2BridgeServiceFactory>;
@@ -111,9 +107,7 @@ export const secretV2BridgeServiceFactory = ({
   secretApprovalRequestDAL,
   secretApprovalRequestSecretDAL,
   kmsService,
-  resourceMetadataDAL,
-  userDAL,
-  identityDAL
+  resourceMetadataDAL
 }: TSecretV2BridgeServiceFactoryDep) => {
   const $validateSecretReferences = async (
     projectId: string,
@@ -1715,36 +1709,15 @@ export const secretV2BridgeServiceFactory = ({
       type: KmsDataKey.SecretManager,
       projectId: folder.projectId
     });
-    const secretVersions = await secretVersionDAL.find({ secretId }, { offset, limit, sort: [["createdAt", "desc"]] });
-
-    const userIds = Array.from(
-      new Set(secretVersions.map((version) => version.userActorId).filter(Boolean))
-    ) as string[];
-
-    const users = userIds.length > 0 ? await userDAL.find({ $in: { id: userIds } }) : [];
-    const usersById = groupBy(users, (user) => user.id);
-
-    const identitiesIds = Array.from(
-      new Set(secretVersions.map((version) => version.identityActorId).filter(Boolean))
-    ) as string[];
-    const identities = identitiesIds.length > 0 ? await identityDAL.find({ $in: { id: identitiesIds } }) : [];
-    const identitiesById = groupBy(identities, (identity) => identity.id);
+    const secretVersions = await secretVersionDAL.findVersionsBySecretIdWithActors(secretId, folder.projectId, {
+      offset,
+      limit,
+      sort: [["createdAt", "desc"]]
+    });
 
     return secretVersions.map((el) => {
-      let entityId;
-      let actorName;
-      if (el.userActorId) {
-        actorName = usersById[el.userActorId]?.[0]?.username;
-        entityId = el.userActorId;
-      } else if (el.identityActorId) {
-        actorName = identitiesById[el.identityActorId]?.[0]?.name;
-        entityId = el.identityActorId;
-      }
-      const actorEntity = el.actorType ? { actorType: el.actorType, actorId: entityId, name: actorName } : undefined;
-
       return reshapeBridgeSecret(folder.projectId, folder.environment.envSlug, "/", {
         ...el,
-        actor: actorEntity,
         value: el.encryptedValue ? secretManagerDecryptor({ cipherTextBlob: el.encryptedValue }).toString() : "",
         comment: el.encryptedComment ? secretManagerDecryptor({ cipherTextBlob: el.encryptedComment }).toString() : ""
       });
diff --git a/backend/src/services/secret-v2-bridge/secret-version-dal.ts b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
index 7772b85183..59bc4c6ff0 100644
--- a/backend/src/services/secret-v2-bridge/secret-version-dal.ts
+++ b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
@@ -1,9 +1,10 @@
+/* eslint-disable @typescript-eslint/no-unsafe-assignment */
 import { Knex } from "knex";
 
 import { TDbClient } from "@app/db";
 import { TableName, TSecretVersionsV2, TSecretVersionsV2Update } from "@app/db/schemas";
 import { BadRequestError, DatabaseError } from "@app/lib/errors";
-import { ormify, selectAllTableCols } from "@app/lib/knex";
+import { ormify, selectAllTableCols, TFindOpt } from "@app/lib/knex";
 import { logger } from "@app/lib/logger";
 import { QueueName } from "@app/queue";
 
@@ -119,11 +120,60 @@ export const secretVersionV2BridgeDALFactory = (db: TDbClient) => {
     logger.info(`${QueueName.DailyResourceCleanUp}: pruning secret version v2 completed`);
   };
 
+  const findVersionsBySecretIdWithActors = async (
+    secretId: string,
+    projectId: string,
+    { offset, limit, sort = [["createdAt", "desc"]] }: TFindOpt<TSecretVersionsV2> = {},
+    tx?: Knex
+  ) => {
+    try {
+      const query = (tx || db)(TableName.SecretVersionV2)
+        .where(`${TableName.SecretVersionV2}.secretId`, secretId)
+        .leftJoin(TableName.Users, `${TableName.Users}.id`, `${TableName.SecretVersionV2}.userActorId`)
+        .leftJoin(
+          TableName.ProjectMembership,
+          `${TableName.ProjectMembership}.userId`,
+          `${TableName.SecretVersionV2}.userActorId`
+        )
+        .leftJoin(TableName.Identity, `${TableName.Identity}.id`, `${TableName.SecretVersionV2}.identityActorId`)
+        .select(
+          selectAllTableCols(TableName.SecretVersionV2),
+          `${TableName.Users}.username as userActorName`,
+          `${TableName.Identity}.name as identityActorName`,
+          `${TableName.ProjectMembership}.id as membershipId`
+        );
+
+      if (limit) void query.limit(limit);
+      if (offset) void query.offset(offset);
+      if (sort) {
+        void query.orderBy(
+          sort.map(([column, order, nulls]) => ({
+            column: `${TableName.SecretVersionV2}.${column as string}`,
+            order,
+            nulls
+          }))
+        );
+      }
+
+      const docs: Array<
+        TSecretVersionsV2 & {
+          userActorName: string | undefined | null;
+          identityActorName: string | undefined | null;
+          membershipId: string | undefined | null;
+        }
+      > = await query;
+      return docs;
+    } catch (error) {
+      throw new DatabaseError({ error, name: "FindVersionsBySecretIdWithActors" });
+    }
+  };
+
   return {
     ...secretVersionV2Orm,
     pruneExcessVersions,
     findLatestVersionMany,
     bulkUpdate,
-    findLatestVersionByFolderId
+    findLatestVersionByFolderId,
+    findVersionsBySecretIdWithActors
   };
 };
diff --git a/frontend/src/hooks/api/secrets/types.ts b/frontend/src/hooks/api/secrets/types.ts
index 9fbef1488a..9e0a82dda2 100644
--- a/frontend/src/hooks/api/secrets/types.ts
+++ b/frontend/src/hooks/api/secrets/types.ts
@@ -105,6 +105,7 @@ export type SecretVersions = {
     actorId?: string | null;
     actorType?: string | null;
     name?: string | null;
+    membershipId?: string | null;
   } | null;
 };
 
diff --git a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
index 1f89073857..d788152227 100644
--- a/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
+++ b/frontend/src/pages/secret-manager/SecretDashboardPage/components/SecretListView/SecretDetailSidebar.tsx
@@ -5,14 +5,14 @@ import {
   faArrowRotateRight,
   faCheckCircle,
   faClock,
+  faDesktop,
   faEyeSlash,
   faPlus,
+  faServer,
   faShare,
   faTag,
   faTrash,
-  faUser,
-  faDesktop,
-  faServer
+  faUser
 } from "@fortawesome/free-solid-svg-icons";
 import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
 import { zodResolver } from "@hookform/resolvers/zod";
@@ -48,11 +48,11 @@ import {
   useWorkspace
 } from "@app/context";
 import { usePopUp, useToggle } from "@app/hooks";
-import { useGetSecretVersion, useGetWorkspaceUsers } from "@app/hooks/api";
+import { useGetSecretVersion } from "@app/hooks/api";
+import { ActorType } from "@app/hooks/api/auditLogs/enums";
 import { useGetSecretAccessList } from "@app/hooks/api/secrets/queries";
 import { SecretV3RawSanitized, WsTag } from "@app/hooks/api/types";
 import { ProjectType } from "@app/hooks/api/workspace/types";
-import { ActorType } from "@app/hooks/api/auditLogs/enums";
 
 import { CreateReminderForm } from "./CreateReminderForm";
 import { formSchema, SecretActionType, TFormSchema } from "./SecretListView.utils";
@@ -125,7 +125,6 @@ export const SecretDetailSidebar = ({
   );
   const selectTagSlugs = selectedTags.map((i) => i.slug);
   const navigate = useNavigate();
-  const { data: members = [] } = useGetWorkspaceUsers(currentWorkspace.id);
 
   const cannotEditSecret = permission.cannot(
     ProjectPermissionActions.Edit,
@@ -225,7 +224,10 @@ export const SecretDetailSidebar = ({
     }
   };
 
-  const getModifiedByName = (userType: string | undefined | null, userName: string | null | undefined) => {
+  const getModifiedByName = (
+    userType: string | undefined | null,
+    userName: string | null | undefined
+  ) => {
     switch (userType) {
       case ActorType.PLATFORM:
         return "System-generated";
@@ -234,15 +236,14 @@ export const SecretDetailSidebar = ({
     }
   };
 
-  const getUserMembershipId = (actorId: string) => {
-    const foundMember = members.find((member) => member.user?.id === actorId);
-    return foundMember?.id || null;
-  };
-
-  const getLinkToModifyHistoryEntity = (actorId: string, actorType: string) => {
+  const getLinkToModifyHistoryEntity = (
+    actorId: string,
+    actorType: string,
+    membershipId: string | null = ""
+  ) => {
     switch (actorType) {
       case ActorType.USER:
-        return `/${ProjectType.SecretManager}/${currentWorkspace.id}/members/${getUserMembershipId(actorId)}`;
+        return `/${ProjectType.SecretManager}/${currentWorkspace.id}/members/${membershipId}`;
       case ActorType.IDENTITY:
         return `/${ProjectType.SecretManager}/${currentWorkspace.id}/identities/${actorId}`;
       default:
@@ -250,9 +251,13 @@ export const SecretDetailSidebar = ({
     }
   };
 
-  const onModifyHistoryClick = (actorId: string | undefined | null, actorType: string | undefined | null) => {
+  const onModifyHistoryClick = (
+    actorId: string | undefined | null,
+    actorType: string | undefined | null,
+    membershipId: string | undefined | null
+  ) => {
     if (actorType && actorId && actorType !== ActorType.PLATFORM) {
-      const redirectLink = getLinkToModifyHistoryEntity(actorId, actorType);
+      const redirectLink = getLinkToModifyHistoryEntity(actorId, actorType, membershipId);
       if (redirectLink) {
         navigate({ to: redirectLink });
       }
@@ -700,7 +705,11 @@ export const SecretDetailSidebar = ({
                                     {/* eslint-disable-next-line jsx-a11y/click-events-have-key-events, jsx-a11y/no-static-element-interactions */}
                                     <div
                                       onClick={() =>
-                                        onModifyHistoryClick(actor.actorId, actor.actorType)
+                                        onModifyHistoryClick(
+                                          actor.actorId,
+                                          actor.actorType,
+                                          actor.membershipId
+                                        )
                                       }
                                       className="cursor-pointer"
                                     >
@@ -792,7 +801,9 @@ export const SecretDetailSidebar = ({
                                     type="button"
                                     className="ml-1 cursor-pointer"
                                     onClick={(e) => {
-                                      e.currentTarget.closest(".group")?.classList.add("show-value");
+                                      e.currentTarget
+                                        .closest(".group")
+                                        ?.classList.add("show-value");
                                     }}
                                     onKeyDown={(e) => {
                                       if (e.key === "Enter" || e.key === " ") {

From 3ca931acf1602c8d523b4d525bff44be4b32524a Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 16:38:49 -0300
Subject: [PATCH 09/11] Add condition to query to only retrieve the actual
 project id

---
 backend/src/services/secret-v2-bridge/secret-version-dal.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/src/services/secret-v2-bridge/secret-version-dal.ts b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
index 59bc4c6ff0..4eff51a0f9 100644
--- a/backend/src/services/secret-v2-bridge/secret-version-dal.ts
+++ b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
@@ -136,6 +136,8 @@ export const secretVersionV2BridgeDALFactory = (db: TDbClient) => {
           `${TableName.SecretVersionV2}.userActorId`
         )
         .leftJoin(TableName.Identity, `${TableName.Identity}.id`, `${TableName.SecretVersionV2}.identityActorId`)
+        .where(`${TableName.ProjectMembership}.projectId`, projectId)
+        .orWhereNull(`${TableName.ProjectMembership}.projectId`)
         .select(
           selectAllTableCols(TableName.SecretVersionV2),
           `${TableName.Users}.username as userActorName`,

From 2ee4d68fd076ddcb6e0e49757f06d837915d7362 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 17:04:01 -0300
Subject: [PATCH 10/11] Fix case for multiple projects messing with the joins

---
 ...1152_add-actor-id-to-secret-versions-v2.ts | 40 ++++++++++++++-----
 .../secret-v2-bridge/secret-version-dal.ts    | 11 +++--
 2 files changed, 38 insertions(+), 13 deletions(-)

diff --git a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
index af1e2c85ad..eb1046f04f 100644
--- a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
+++ b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
@@ -3,23 +3,43 @@ import { Knex } from "knex";
 import { TableName } from "@app/db/schemas";
 
 export async function up(knex: Knex): Promise<void> {
-  if (!(await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId"))) {
+  if (await knex.schema.hasTable(TableName.SecretVersionV2)) {
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
-      t.uuid("userActorId");
-      t.foreign("userActorId").references("id").inTable(TableName.Users);
-      t.uuid("identityActorId");
-      t.foreign("identityActorId").references("id").inTable(TableName.Identity);
-      t.string("actorType");
+      const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
+      const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
+      const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
+
+      if (!hasSecretVersionV2UserActorId) {
+        t.uuid("userActorId");
+        t.foreign("userActorId").references("id").inTable(TableName.Users);
+      }
+      if (!hasSecretVersionV2IdentityActorId) {
+        t.uuid("identityActorId");
+        t.foreign("identityActorId").references("id").inTable(TableName.Identity);
+      }
+      if (!hasSecretVersionV2ActorType) {
+        t.string("actorType");
+      }
     });
   }
 }
 
 export async function down(knex: Knex): Promise<void> {
-  if (await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId")) {
+  if (await knex.schema.hasTable(TableName.SecretVersionV2)) {
+    const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
+    const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
+    const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
+
     await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
-      t.dropColumn("userActorId");
-      t.dropColumn("identityActorId");
-      t.dropColumn("actorType");
+      if (hasSecretVersionV2UserActorId) {
+        t.dropColumn("userActorId");
+      }
+      if (hasSecretVersionV2IdentityActorId) {
+        t.dropColumn("identityActorId");
+      }
+      if (hasSecretVersionV2ActorType) {
+        t.dropColumn("actorType");
+      }
     });
   }
 }
diff --git a/backend/src/services/secret-v2-bridge/secret-version-dal.ts b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
index 4eff51a0f9..d06aa14725 100644
--- a/backend/src/services/secret-v2-bridge/secret-version-dal.ts
+++ b/backend/src/services/secret-v2-bridge/secret-version-dal.ts
@@ -128,7 +128,6 @@ export const secretVersionV2BridgeDALFactory = (db: TDbClient) => {
   ) => {
     try {
       const query = (tx || db)(TableName.SecretVersionV2)
-        .where(`${TableName.SecretVersionV2}.secretId`, secretId)
         .leftJoin(TableName.Users, `${TableName.Users}.id`, `${TableName.SecretVersionV2}.userActorId`)
         .leftJoin(
           TableName.ProjectMembership,
@@ -136,8 +135,14 @@ export const secretVersionV2BridgeDALFactory = (db: TDbClient) => {
           `${TableName.SecretVersionV2}.userActorId`
         )
         .leftJoin(TableName.Identity, `${TableName.Identity}.id`, `${TableName.SecretVersionV2}.identityActorId`)
-        .where(`${TableName.ProjectMembership}.projectId`, projectId)
-        .orWhereNull(`${TableName.ProjectMembership}.projectId`)
+        .where((qb) => {
+          void qb.where(`${TableName.SecretVersionV2}.secretId`, secretId);
+          void qb.where(`${TableName.ProjectMembership}.projectId`, projectId);
+        })
+        .orWhere((qb) => {
+          void qb.where(`${TableName.SecretVersionV2}.secretId`, secretId);
+          void qb.whereNull(`${TableName.ProjectMembership}.projectId`);
+        })
         .select(
           selectAllTableCols(TableName.SecretVersionV2),
           `${TableName.Users}.username as userActorName`,

From b7640f2d0332fdf3642c764b0fe9ade904343459 Mon Sep 17 00:00:00 2001
From: carlosmonastyrski <charly.monastyrski@gmail.com>
Date: Thu, 6 Mar 2025 17:36:09 -0300
Subject: [PATCH 11/11] Lint fixes

---
 .../20250305131152_add-actor-id-to-secret-versions-v2.ts  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
index eb1046f04f..fb9a047aff 100644
--- a/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
+++ b/backend/src/db/migrations/20250305131152_add-actor-id-to-secret-versions-v2.ts
@@ -4,11 +4,11 @@ import { TableName } from "@app/db/schemas";
 
 export async function up(knex: Knex): Promise<void> {
   if (await knex.schema.hasTable(TableName.SecretVersionV2)) {
-    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
-      const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
-      const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
-      const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
+    const hasSecretVersionV2UserActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "userActorId");
+    const hasSecretVersionV2IdentityActorId = await knex.schema.hasColumn(TableName.SecretVersionV2, "identityActorId");
+    const hasSecretVersionV2ActorType = await knex.schema.hasColumn(TableName.SecretVersionV2, "actorType");
 
+    await knex.schema.alterTable(TableName.SecretVersionV2, (t) => {
       if (!hasSecretVersionV2UserActorId) {
         t.uuid("userActorId");
         t.foreign("userActorId").references("id").inTable(TableName.Users);