diff --git a/docs/api-reference/overview/usage.mdx b/docs/api-reference/overview/usage.mdx
deleted file mode 100644
index 9f23080c7e..0000000000
--- a/docs/api-reference/overview/usage.mdx
+++ /dev/null
@@ -1,18 +0,0 @@
----
-title: "Usage"
----
-
-Prerequisites:
-
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com) or your self-hosted instance.
-- Obtain an API Key in your user settings to be included in requests to the Infisical API.
-
-Using Infisical's API to manage secrets requires a basic understanding of the system and its underlying cryptography detailed [here](/security/overview).
-
-## Concepts
-
-- Each user has a public/private key pair that is stored with the platform; private keys are encrypted locally by the user's password before being sent off to the server during the account signup process.
-- Each (encrypted) secret belongs to a project and environment.
-- Each project has an (encrypted) project key used to encrypt the secrets within that project; Infisical stores copies of the project key, for each member of that project, encrypted under each member's public key.
-- Secrets are encrypted symmetrically by your copy of the project key belonging to the project containing.
-- Infisical uses AES256-GCM and [TweetNaCl.js](https://tweetnacl.js.org/#/) for symmetric and asymmetric encryption/decryption operations.
diff --git a/docs/documentation/getting-started/api.mdx b/docs/documentation/getting-started/api.mdx
deleted file mode 100644
index c638c4d70e..0000000000
--- a/docs/documentation/getting-started/api.mdx
+++ /dev/null
@@ -1,128 +0,0 @@
----
-title: "REST API"
----
-
-Infisical's REST API is the most flexible way to read/write secrets for your application.
-
-In this brief, we'll explore how to fetch a secret back from a project on [Infisical Cloud](https://app.infisical.com) via the REST API.
-
-
-
- To create a project, head to your Organization Overview and press **Add New Project**; we'll call the project **Demo App**.
- 
-
- 
-
- Next, let's head to the **Development** environment of the project and add a secret `FOO=BAR` to it.
-
- 
-
- 
-
- 
-
-
- For this brief, you'll need to disable end-to-end encryption in your Project Settings
-
-
-
- Next, we need to create an identity to represent your application. To create one, head to your Organization Settings > Access Control > Machine Identities and press **Create identity**.
-
- 
-
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
-
- 
-
- Once you've created an identity, you'll be prompted to configure the **Universal Auth** authentication method for it.
-
- 
-
-
-
- In order to use the identity, you'll need the non-sensitive **Client ID**
- of the identity and a **Client Secret** for it; you can think of these credentials akin to a username
- and password used to authenticate with the Infisical API. With that, press on the key icon on the identity to generate a **Client Secret**
- for it.
-
- 
- 
- 
-
-
- To enable the identity to access your project, we need to add it to the project. To do this, head over to the **Demo App** Project Settings > Access Control > Machine Identities and press **Add identity**.
-
- Next, select the identity you want to add to the project and the role you want to assign it.
-
- 
-
- 
-
-
- To access the Infisical API as the identity, you should first perform a login operation
- that is to exchange the **Client ID** and **Client Secret** of the identity for an access token
- by making a request to the `/api/v1/auth/universal-auth/login` endpoint.
-
- #### Sample request
-
- ```
- curl --location --request POST 'https://app.infisical.com/api/v1/auth/universal-auth/login' \
- --header 'Content-Type: application/x-www-form-urlencoded' \
- --data-urlencode 'clientSecret=' \
- --data-urlencode 'clientId='
- ```
-
- #### Sample response
-
- ```
- {
- "accessToken": "...",
- "expiresIn": 7200,
- "tokenType": "Bearer"
- }
- ```
-
- Next, we can use the access token to authenticate with the [Infisical API](/api-reference/overview/introduction) to read/write secrets
-
-
- Each identity access token has a time-to-live (TTL) which you can infer from the response of the login operation;
- the default TTL is `7200` seconds which can be adjusted.
-
- If an identity access token expires, it can no longer authenticate with the Infisical API. In this case,
- a new access token should be obtained from the aforementioned login operation.
-
-
-
- Finally, you can fetch the secret `FOO=BAR` back from **Step 1** by including the access token in the previous step in another request to the `/api/v3/secrets/raw/{secretName}` endpoint.
-
- ### Sample request
-
- ```
- curl --location --request GET 'http://localhost:8080/api/v3/secrets/raw/FOO?workspaceId=657830d579cfc8415d06ce5b&environment=dev' \
- --header 'Authorization: Bearer '
- ```
-
- ### Sample response
-
- ```
- {
- "secret": {
- "_id": "6564234b934d634e1fcd6cdf",
- "version": 1,
- "workspace": "6564173e934d634e1fcd6950",
- "type": "shared",
- "environment": "dev",
- "secretKey": "FOO2",
- "secretValue": "BAR2",
- "secretComment": ""
- }
- }
- ```
-
- Note that you can fetch a list of secrets back by making a request to the `/api/v3/secrets/raw` endpoint.
-
-
-
-See also:
-
-- [API Reference](/api-reference/overview/introduction)
diff --git a/docs/documentation/getting-started/platform.mdx b/docs/documentation/getting-started/platform.mdx
deleted file mode 100644
index 7ce96a0ed8..0000000000
--- a/docs/documentation/getting-started/platform.mdx
+++ /dev/null
@@ -1,65 +0,0 @@
----
-title: "Platform"
----
-
-This quickstart provides an overview of functionalities offered by Infisical.
-
-## Managing your Organization
-
-When you first make an account with Infisical, you also create a new **organization** where you are assigned the `admin` role by default.
-From there, you can invite external members to the organization and start creating **projects** to house secrets.
-
-### Projects
-
-The **Projects** page shows you all the projects that you have access to within your organization.
-Here, you can also create a new project.
-
-
-
-### Members
-
-The **Members** page lets you add or remove external members to your organization.
-Note that you can configure your organization in Infisical to have members authenticate with the platform via protocols like SAML 2.0 and OpenID Connect.
-
-
-
-## Managing your Projects
-
-As mentioned before, projects house secrets which are further organized into environments such as development, testing and production.
-A project can be anything from a single application to a collection of micro-services that you wish to manage secrets for.
-
-### Secrets Overview
-
-The **Secrets Overview** screen provides a bird's-eye view of all the secrets in a project and is useful for comparing secrets and identifying missing ones across environments.
-
-
-
-In the above image, you can already see that:
-
-- `STRIPE_API_KEY` is missing from the **Staging** environment.
-- `JWT_SECRET` is missing from the **Production** environment.
-- `BAR` is `EMPTY` in the **Production** environment.
-
-### Dashboard
-
-The secrets dashboard lets you manage secrets for a specific environment in a project.
-Here, developers can override secrets, version secrets, rollback projects to any point in time and much more.
-
-
-
-### Integrations
-
-The integrations page provides native integrations to sync secrets from a project environment to a [host of ever-expanding integrations](/integrations/overview).
-
-
-
-### Members
-
-The members page lets you add/remove members to/from a project and provision them access to environments via roles. By default, Infisical provides the `admin`, `developer`, and `viewer` roles
-which you can assign to members.
-
-
-
-That's it for the platform quickstart! — We encourage you to continue exploring the documentation to gain a deeper understanding of the extensive features and functionalities that Infisical has to offer.
-
-Next, head back to [Getting Started > Introduction](/documentation/getting-started/overview) to explore ways to fetch secrets from Infisical to your apps and infrastructure.
diff --git a/docs/documentation/guides/nextjs-vercel.mdx b/docs/documentation/guides/nextjs-vercel.mdx
index f4dd9ceca3..ecefb0f2ef 100644
--- a/docs/documentation/guides/nextjs-vercel.mdx
+++ b/docs/documentation/guides/nextjs-vercel.mdx
@@ -199,7 +199,7 @@ Next, navigate to your project's integrations tab in Infisical and press on the
Opting in for the Infisical-Vercel integration will break end-to-end encryption since Infisical will be able to read
your secrets. This is, however, necessary for Infisical to sync the secrets to Vercel.
- Your secrets remain encrypted at rest following our [security guide mechanics](/security/mechanics).
+ Your secrets remain encrypted at rest following our [security guide mechanics](/internals/security).
Now select **Production** for (the source) **Environment** and sync it to the **Production Environment** of the (target) application in Vercel.
@@ -238,7 +238,7 @@ At this stage, you know how to use the Infisical-Vercel integration to sync prod
Yes. Your secrets are still encrypted at rest. To note, most secret managers actually don't support end-to-end encryption.
- Check out the [security guide](/security/overview).
+ Check out the [security guide](/internals/security).
diff --git a/docs/documentation/guides/organization-structure.mdx b/docs/documentation/guides/organization-structure.mdx
index 752c06cccc..8693c8c1cb 100644
--- a/docs/documentation/guides/organization-structure.mdx
+++ b/docs/documentation/guides/organization-structure.mdx
@@ -75,7 +75,7 @@ Infisical’s access control framework is unified for both human users and machi
### 7.3 Attribute-Based Access Control (ABAC)
-[Attribute-based Access Controls](/documentation/platform/access-controls/attribute-based-access-controls) allow restrictions based on tags or attributes linked to secrets. These can be integrated with SAML assertions and other security frameworks for dynamic access management.
+[Attribute-based Access Controls](/documentation/platform/access-controls/abac/overview) allow restrictions based on tags or attributes linked to secrets. These can be integrated with SAML assertions and other security frameworks for dynamic access management.
### 7.4 User Groups
diff --git a/docs/documentation/platform/groups.mdx b/docs/documentation/platform/groups.mdx
index 18bfe6fa59..df4f114366 100644
--- a/docs/documentation/platform/groups.mdx
+++ b/docs/documentation/platform/groups.mdx
@@ -31,7 +31,7 @@ In the following steps, we explore how to create and use user groups to provisio
- When creating a group, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating a group, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/alicloud-auth.mdx b/docs/documentation/platform/identities/alicloud-auth.mdx
index 2f54ef71bf..059adc32da 100644
--- a/docs/documentation/platform/identities/alicloud-auth.mdx
+++ b/docs/documentation/platform/identities/alicloud-auth.mdx
@@ -88,7 +88,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
-When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
+When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
diff --git a/docs/documentation/platform/identities/aws-auth.mdx b/docs/documentation/platform/identities/aws-auth.mdx
index ab2b5cd3a7..1d277a0c02 100644
--- a/docs/documentation/platform/identities/aws-auth.mdx
+++ b/docs/documentation/platform/identities/aws-auth.mdx
@@ -66,7 +66,7 @@ access the Infisical API using the AWS Auth authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/azure-auth.mdx b/docs/documentation/platform/identities/azure-auth.mdx
index 7a7c112efa..dd73f17838 100644
--- a/docs/documentation/platform/identities/azure-auth.mdx
+++ b/docs/documentation/platform/identities/azure-auth.mdx
@@ -66,7 +66,7 @@ access the Infisical API using the Azure Auth authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/gcp-auth.mdx b/docs/documentation/platform/identities/gcp-auth.mdx
index 8d6a1f177a..cdc4a86a19 100644
--- a/docs/documentation/platform/identities/gcp-auth.mdx
+++ b/docs/documentation/platform/identities/gcp-auth.mdx
@@ -72,7 +72,7 @@ access the Infisical API using the GCP ID Token authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
@@ -241,7 +241,7 @@ access the Infisical API using the GCP IAM authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/jwt-auth.mdx b/docs/documentation/platform/identities/jwt-auth.mdx
index 3391388811..29a37a5d42 100644
--- a/docs/documentation/platform/identities/jwt-auth.mdx
+++ b/docs/documentation/platform/identities/jwt-auth.mdx
@@ -61,7 +61,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/kubernetes-auth.mdx b/docs/documentation/platform/identities/kubernetes-auth.mdx
index e357ba75e0..f9412b92b1 100644
--- a/docs/documentation/platform/identities/kubernetes-auth.mdx
+++ b/docs/documentation/platform/identities/kubernetes-auth.mdx
@@ -218,7 +218,7 @@ In the following steps, we explore how to create and use identities for your app
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oci-auth.mdx b/docs/documentation/platform/identities/oci-auth.mdx
index ef5fafa4c3..e07917c725 100644
--- a/docs/documentation/platform/identities/oci-auth.mdx
+++ b/docs/documentation/platform/identities/oci-auth.mdx
@@ -102,7 +102,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
-When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
+When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
diff --git a/docs/documentation/platform/identities/oidc-auth/azure.mdx b/docs/documentation/platform/identities/oidc-auth/azure.mdx
index a9f2447948..c4dd441523 100644
--- a/docs/documentation/platform/identities/oidc-auth/azure.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/azure.mdx
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oidc-auth/circleci.mdx b/docs/documentation/platform/identities/oidc-auth/circleci.mdx
index bb5999f551..09616a5b48 100644
--- a/docs/documentation/platform/identities/oidc-auth/circleci.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/circleci.mdx
@@ -56,7 +56,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oidc-auth/general.mdx b/docs/documentation/platform/identities/oidc-auth/general.mdx
index f847f51fea..26f291734d 100644
--- a/docs/documentation/platform/identities/oidc-auth/general.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/general.mdx
@@ -60,7 +60,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oidc-auth/github.mdx b/docs/documentation/platform/identities/oidc-auth/github.mdx
index 567f38d057..d7c2da2808 100644
--- a/docs/documentation/platform/identities/oidc-auth/github.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/github.mdx
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oidc-auth/gitlab.mdx b/docs/documentation/platform/identities/oidc-auth/gitlab.mdx
index b52d2f8949..c3aeb9dac7 100644
--- a/docs/documentation/platform/identities/oidc-auth/gitlab.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/gitlab.mdx
@@ -59,7 +59,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/oidc-auth/spire.mdx b/docs/documentation/platform/identities/oidc-auth/spire.mdx
index b402a1d10f..6fb3873912 100644
--- a/docs/documentation/platform/identities/oidc-auth/spire.mdx
+++ b/docs/documentation/platform/identities/oidc-auth/spire.mdx
@@ -94,7 +94,7 @@ In the following steps, we explore how to create and use identities to access th
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/tls-cert-auth.mdx b/docs/documentation/platform/identities/tls-cert-auth.mdx
index 0ecb60b996..f52ad3c518 100644
--- a/docs/documentation/platform/identities/tls-cert-auth.mdx
+++ b/docs/documentation/platform/identities/tls-cert-auth.mdx
@@ -68,7 +68,7 @@ To create an identity, head to your Organization Settings > Access Control > [Id
-When creating an identity, you specify an organization-level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
+When creating an identity, you specify an organization-level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > [Organization Roles](https://app.infisical.com/organization/access-management?selectedTab=roles).
diff --git a/docs/documentation/platform/identities/token-auth.mdx b/docs/documentation/platform/identities/token-auth.mdx
index f31e865177..c9a06d1100 100644
--- a/docs/documentation/platform/identities/token-auth.mdx
+++ b/docs/documentation/platform/identities/token-auth.mdx
@@ -42,7 +42,7 @@ using the Token Auth authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/universal-auth.mdx b/docs/documentation/platform/identities/universal-auth.mdx
index 3a87f6da99..18b847a403 100644
--- a/docs/documentation/platform/identities/universal-auth.mdx
+++ b/docs/documentation/platform/identities/universal-auth.mdx
@@ -47,7 +47,7 @@ using the Universal Auth authentication method.
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
diff --git a/docs/documentation/platform/identities/user-identities.mdx b/docs/documentation/platform/identities/user-identities.mdx
index 31e4bf2425..0ee4614a43 100644
--- a/docs/documentation/platform/identities/user-identities.mdx
+++ b/docs/documentation/platform/identities/user-identities.mdx
@@ -7,7 +7,7 @@ description: "Read more about the concept of user identities in Infisical."
A **user identity** (also known as **user**) represents a developer, admin, or any other human entity interacting with resources in Infisical.
-Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../projects).
+Users can be added manually (through Web UI) or programmatically (e.g., API) to [organizations](../organization) and [projects](../project).
Upon being added to an organization and projects, users assume a certain set of roles and permissions that represents their identity.
diff --git a/docs/documentation/platform/kms/overview.mdx b/docs/documentation/platform/kms/overview.mdx
index 577373ab83..bf2cf69f04 100644
--- a/docs/documentation/platform/kms/overview.mdx
+++ b/docs/documentation/platform/kms/overview.mdx
@@ -10,7 +10,7 @@ Infisical can be used as a Key Management System (KMS), referred to as Infisical
By default your Infisical data such as projects and the data within them are encrypted at rest using Infisical's own KMS. This ensures that your data is secure and protected from unauthorized access.
-If you are on-premise, your KMS root key will be created at random with the `ROOT_ENCRYPTION_KEY` environment variable. You can also use a Hardware Security Module (HSM), to create the root key. Read more about [HSM](/docs/documentation/platform/kms/encryption-strategies).
+If you are on-premise, your KMS root key will be created at random with the `ROOT_ENCRYPTION_KEY` environment variable. You can also use a Hardware Security Module (HSM), to create the root key. Read more about [HSM](/documentation/platform/kms/hsm-integration).
Keys managed in KMS are not extractable from the platform. Additionally, data
@@ -109,7 +109,7 @@ In the following steps, we explore how to generate a key and use it to encrypt d
To encrypt data, make an API request to the [Encrypt
- Data](/api-reference/endpoints/kms/keys/encrypt) API endpoint,
+ Data](/api-reference/endpoints/kms/encryption/encrypt) API endpoint,
specifying the key to use.
@@ -168,7 +168,7 @@ In the following steps, we explore how to use decrypt data using an existing key
To decrypt data, make an API request to the [Decrypt
- Data](/api-reference/endpoints/kms/keys/decrypt) API endpoint,
+ Data](/api-reference/endpoints/kms/encryption/decrypt) API endpoint,
specifying the key to use.
### Sample request
diff --git a/docs/documentation/platform/pki/acme-ca.mdx b/docs/documentation/platform/pki/acme-ca.mdx
index bf130da9e4..6ddbdc305c 100644
--- a/docs/documentation/platform/pki/acme-ca.mdx
+++ b/docs/documentation/platform/pki/acme-ca.mdx
@@ -255,7 +255,7 @@ In the following steps, we explore how to set up ACME Certificate Authority inte
The issued certificate and private key are now available through Infisical and can be:
- Downloaded directly from the Infisical UI
- - Retrieved via the Infisical API for programmatic access using the [latest certificate bundle endpoint](/api-reference/endpoints/pki/subscribers/get-latest-cert-bundle)
+ - Retrieved via the Infisical API for programmatic access using the [latest certificate bundle endpoint](/api-reference/endpoints/certificate-profiles/get-latest-active-bundle)
diff --git a/docs/documentation/platform/project-templates.mdx b/docs/documentation/platform/project-templates.mdx
index 7dd5ceb502..9526f40923 100644
--- a/docs/documentation/platform/project-templates.mdx
+++ b/docs/documentation/platform/project-templates.mdx
@@ -106,13 +106,14 @@ In the following steps, we'll explore how to use a project template when creatin
Your project will be provisioned with the configured template roles and environments.
- To use a project template, make an API request to the [Create Project](/api-reference/endpoints/workspaces/create-workspace) API endpoint with the specified template name included.
+ To use a project template, make an API request to the [Create Project](/api-reference/endpoints/projects/create-project) API endpoint with the specified template name included.
### Sample request
```bash Request
curl --request POST \
- --url https://app.infisical.com/api/v2/workspace \
+ --url https://app.infisical.com/api/v1/projects \
+ --header 'Authorization: Bearer ' \
--header 'Content-Type: application/json' \
--data '{
"projectName": "My Project",
diff --git a/docs/documentation/platform/secrets-mgmt/project.mdx b/docs/documentation/platform/secrets-mgmt/project.mdx
index 3e7c7cbc7e..58f50ce373 100644
--- a/docs/documentation/platform/secrets-mgmt/project.mdx
+++ b/docs/documentation/platform/secrets-mgmt/project.mdx
@@ -16,7 +16,7 @@ customized depending on the intended use case.
## Secrets Overview
-The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](./folder) across environments.
+The **Secrets Overview** page captures a birds-eye-view of secrets and [folders](/documentation/platform/folder) across environments.
This is useful for comparing secrets, identifying if anything is missing, and making quick changes.
diff --git a/docs/documentation/platform/ssh/concepts/ssh-certificates.mdx b/docs/documentation/platform/ssh/concepts/ssh-certificates.mdx
index 74bfca228c..1c22550cd8 100644
--- a/docs/documentation/platform/ssh/concepts/ssh-certificates.mdx
+++ b/docs/documentation/platform/ssh/concepts/ssh-certificates.mdx
@@ -21,6 +21,6 @@ Because certificates are time-bound and centrally managed, they’re easier to a
Infisical SSH gives you a secure, scalable way to manage infrastructure access using SSH certificates — without the overhead of running your own certificate authority, wiring trust across hosts, or building issuance workflows from scratch.
-It replaces long-lived SSH keys with short-lived, identity-bound certificates and handles all the moving parts for you: operating CAs, configuring trust between users and hosts, and issuing certificates on demand. With Infisical SSH, you can register a host with [`infisical ssh add-host`](/docs/cli/commands/ssh#infisical-ssh-add-host), then connect with [`infisical ssh connect`](/docs/cli/commands/ssh#infisical-ssh-connect) — that’s all it takes.
+It replaces long-lived SSH keys with short-lived, identity-bound certificates and handles all the moving parts for you: operating CAs, configuring trust between users and hosts, and issuing certificates on demand. With Infisical SSH, you can register a host with [`infisical ssh add-host`](/cli/commands/ssh#infisical-ssh-add-host), then connect with [`infisical ssh connect`](/cli/commands/ssh#infisical-ssh-connect) — that’s all it takes.
The result is centralized, auditable SSH access that’s easy to use and built to scale with your infrastructure.
diff --git a/docs/documentation/platform/sso/general-oidc/overview.mdx b/docs/documentation/platform/sso/general-oidc/overview.mdx
index 586f66f26a..5ba4692647 100644
--- a/docs/documentation/platform/sso/general-oidc/overview.mdx
+++ b/docs/documentation/platform/sso/general-oidc/overview.mdx
@@ -77,7 +77,7 @@ Prerequisites:
- If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login.
+ If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](/documentation/platform/admin-panel/server-admin#default-organization) to expedite OIDC login.
diff --git a/docs/documentation/platform/sso/keycloak-oidc/overview.mdx b/docs/documentation/platform/sso/keycloak-oidc/overview.mdx
index 727bf9be69..0a32df2284 100644
--- a/docs/documentation/platform/sso/keycloak-oidc/overview.mdx
+++ b/docs/documentation/platform/sso/keycloak-oidc/overview.mdx
@@ -103,7 +103,7 @@ description: "Learn how to configure Keycloak OIDC for Infisical SSO."
- If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](../admin-panel/server-admin#default-organization) to expedite OIDC login.
+ If you are only using one organization on your Infisical instance, you can configure a default organization in the [Server Admin Console](/documentation/platform/admin-panel/server-admin#default-organization) to expedite OIDC login.
diff --git a/docs/integrations/platforms/docker-swarm-with-agent.mdx b/docs/integrations/platforms/docker-swarm-with-agent.mdx
index 30118a8f01..40d9986bbd 100644
--- a/docs/integrations/platforms/docker-swarm-with-agent.mdx
+++ b/docs/integrations/platforms/docker-swarm-with-agent.mdx
@@ -4,7 +4,7 @@ description: "Learn how to manage secrets in Docker Swarm services."
---
In this guide, we'll demonstrate how to use Infisical for managing secrets within Docker Swarm.
-Specifically, we'll set up a sidecar container using the [Infisical Agent](/infisical-agent/overview), which authenticates with Infisical to retrieve secrets and access tokens.
+Specifically, we'll set up a sidecar container using the [Infisical Agent](/integrations/platforms/infisical-agent), which authenticates with Infisical to retrieve secrets and access tokens.
These secrets are then stored in a shared volume accessible by other services in your Docker Swarm.
## Prerequisites
@@ -12,7 +12,7 @@ These secrets are then stored in a shared volume accessible by other services in
- Docker version 20.10.24 or newer
- Basic knowledge of Docker Swarm
- [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) installed on your system
-- Familiarity with the [Infisical Agent](/infisical-agent/overview)
+- Familiarity with the [Infisical Agent](/integrations/platforms/infisical-agent)
## Objective
Our goal is to deploy an Nginx instance in your Docker Swarm cluster, configured to display Infisical secrets on its landing page. This will provide hands-on experience in fetching and utilizing secrets from Infisical within Docker Swarm. The principles demonstrated here are also applicable to Docker Compose deployments.
diff --git a/docs/integrations/platforms/ecs-with-agent.mdx b/docs/integrations/platforms/ecs-with-agent.mdx
index 31c5a982b1..b6b9ce7f26 100644
--- a/docs/integrations/platforms/ecs-with-agent.mdx
+++ b/docs/integrations/platforms/ecs-with-agent.mdx
@@ -7,7 +7,7 @@ description: "Learn how to deliver secrets to Amazon Elastic Container Service."
This guide will go over the steps needed to access secrets stored in Infisical from Amazon Elastic Container Service (ECS).
-At a high level, the steps involve setting up an ECS task with an [Infisical Agent](/infisical-agent/overview) as a sidecar container. This sidecar container uses [AWS Auth](/documentation/platform/identities/aws-auth) to authenticate with Infisical to fetch secrets/access tokens.
+At a high level, the steps involve setting up an ECS task with an [Infisical Agent](/integrations/platforms/infisical-agent) as a sidecar container. This sidecar container uses [AWS Auth](/documentation/platform/identities/aws-auth) to authenticate with Infisical to fetch secrets/access tokens.
Once the secrets/access tokens are retrieved, they are then stored in a shared [Amazon Elastic File System](https://aws.amazon.com/efs/) (EFS) volume. This volume is then made accessible to your application and all of its replicas.
This guide primarily focuses on integrating Infisical Cloud with Amazon ECS on AWS Fargate and Amazon EFS.
@@ -21,7 +21,7 @@ This guide requires the following prerequisites:
- Git installed
- Terraform v1.0 or later installed
- Access to AWS credentials
-- Understanding of [Infisical Agent](/infisical-agent/overview)
+- Understanding of [Infisical Agent](/integrations/platforms/infisical-agent)
## What we will deploy
diff --git a/docs/integrations/platforms/kubernetes/infisical-dynamic-secret-crd.mdx b/docs/integrations/platforms/kubernetes/infisical-dynamic-secret-crd.mdx
index 848da40552..f2911ac2f9 100644
--- a/docs/integrations/platforms/kubernetes/infisical-dynamic-secret-crd.mdx
+++ b/docs/integrations/platforms/kubernetes/infisical-dynamic-secret-crd.mdx
@@ -19,7 +19,7 @@ This CRD offers the following features:
### Prerequisites
- A project within Infisical.
-- A [machine identity](/docs/documentation/platform/identities/overview) ready for use in Infisical that has permissions to create dynamic secret leases in the project.
+- A [machine identity](/documentation/platform/identities/machine-identities) ready for use in Infisical that has permissions to create dynamic secret leases in the project.
- You have already configured a dynamic secret in Infisical.
- The operator is installed on to your Kubernetes cluster.
diff --git a/docs/integrations/platforms/kubernetes/infisical-push-secret-crd.mdx b/docs/integrations/platforms/kubernetes/infisical-push-secret-crd.mdx
index 0affe7841f..a5c68e503c 100644
--- a/docs/integrations/platforms/kubernetes/infisical-push-secret-crd.mdx
+++ b/docs/integrations/platforms/kubernetes/infisical-push-secret-crd.mdx
@@ -17,7 +17,7 @@ This CRD offers the following features:
### Prerequisites
- A project within Infisical.
-- A [machine identity](/docs/documentation/platform/identities/overview) ready for use in Infisical that has permissions to create secrets in your project.
+- A [machine identity](/documentation/platform/identities/machine-identities) ready for use in Infisical that has permissions to create secrets in your project.
- The operator is installed on to your Kubernetes cluster.
## Example usage
diff --git a/docs/integrations/platforms/kubernetes/infisical-secret-crd.mdx b/docs/integrations/platforms/kubernetes/infisical-secret-crd.mdx
index d7fb6249a8..a7f3dd4ce5 100644
--- a/docs/integrations/platforms/kubernetes/infisical-secret-crd.mdx
+++ b/docs/integrations/platforms/kubernetes/infisical-secret-crd.mdx
@@ -256,7 +256,7 @@ spec:
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
@@ -432,7 +432,7 @@ spec:
- When creating an identity, you specify an organization level [role](/documentation/platform/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
+ When creating an identity, you specify an organization level [role](/documentation/platform/access-controls/role-based-access-controls) for it to assume; you can configure roles in Organization Settings > Access Control > Organization Roles.
@@ -803,7 +803,7 @@ Follow the instructions below to create and store the service token in a Kuberne
#### 1. Generate service token
-You can generate a [service token](../../documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings.
+You can generate a [service token](/documentation/platform/token) for an Infisical project by heading over to the Infisical dashboard then to Project Settings.
#### 2. Create Kubernetes secret containing service token
diff --git a/docs/integrations/secret-syncs/digital-ocean-app-platform.mdx b/docs/integrations/secret-syncs/digital-ocean-app-platform.mdx
index 91657c7606..56c0470566 100644
--- a/docs/integrations/secret-syncs/digital-ocean-app-platform.mdx
+++ b/docs/integrations/secret-syncs/digital-ocean-app-platform.mdx
@@ -77,7 +77,7 @@ description: "Learn how to configure a DigitalOcean App Platform Sync for Infisi
- To create a **DigitalOcean App Platform Sync**, make an API request to the [Create DigitalOcean Sync](/api-reference/endpoints/secret-syncs/digital-ocean/create) API endpoint.
+ To create a **DigitalOcean App Platform Sync**, make an API request to the [Create DigitalOcean Sync](/api-reference/endpoints/secret-syncs/digital-ocean-app-platform/create) API endpoint.
### Sample request
diff --git a/docs/internals/permissions/overview.mdx b/docs/internals/permissions/overview.mdx
index 2fb4dc28d9..2e73708868 100644
--- a/docs/internals/permissions/overview.mdx
+++ b/docs/internals/permissions/overview.mdx
@@ -85,5 +85,5 @@ The following operators are available for conditions:
| `$in` | Matches any value in array | `{ environment: { $in: ["staging", "production"] } }` |
| `$glob` | Pattern matching using glob syntax | `{ secretPath: { $glob: "/app/\*" } }` |
-These details are especially useful if you're using the API to [create new project roles](../api-reference/endpoints/project-roles/create).
+These details are especially useful if you're using the API to [create new project roles](/api-reference/endpoints/project-roles/create).
The rules outlined on this page, also apply when using our Terraform Provider to manage your Infisical project roles, or any other of our clients that manage project roles.
diff --git a/docs/sdks/languages/go.mdx b/docs/sdks/languages/go.mdx
index 01250c452c..26f8a36d3d 100644
--- a/docs/sdks/languages/go.mdx
+++ b/docs/sdks/languages/go.mdx
@@ -56,7 +56,7 @@ This example demonstrates how to use the Infisical Go SDK in a simple Go applica
We do not recommend hardcoding your [Machine Identity
- Tokens](/platform/identities/overview). Setting it as an environment variable
+ Tokens](/documentation/platform/identities/machine-identities). Setting it as an environment variable
would be best.
diff --git a/docs/sdks/languages/ruby.mdx b/docs/sdks/languages/ruby.mdx
index 3fb9cb3e12..c5417fcdc6 100644
--- a/docs/sdks/languages/ruby.mdx
+++ b/docs/sdks/languages/ruby.mdx
@@ -36,7 +36,7 @@ puts "Secret: #{single_test_secret}"
This example demonstrates how to use the Infisical Ruby SDK in a simple Ruby application. The application retrieves a secret named `API_KEY` from the `dev` environment of the `YOUR_PROJECT_ID` project.
- We do not recommend hardcoding your [Machine Identity Tokens](/platform/identities/overview). Setting it as an environment variable would be best.
+ We do not recommend hardcoding your [Machine Identity Tokens](/documentation/platform/identities/machine-identities). Setting it as an environment variable would be best.
# Installation
diff --git a/docs/self-hosting/deployment-options/native/standalone-binary.mdx b/docs/self-hosting/deployment-options/native/standalone-binary.mdx
deleted file mode 100644
index 5767ca948e..0000000000
--- a/docs/self-hosting/deployment-options/native/standalone-binary.mdx
+++ /dev/null
@@ -1,202 +0,0 @@
----
-title: "Standalone"
-description: "Learn how to deploy Infisical in a standalone environment."
----
-
-# Self-Hosting Infisical with Standalone Infisical
-
-Deploying Infisical in a standalone environment is a great way to get started with Infisical without having to use containers. This guide will walk you through the process of deploying Infisical in a standalone environment.
-This is one of the easiest ways to deploy Infisical. It is a single executable, currently only supported on Debian-based systems.
-
-The standalone deployment implements the "bring your own database" (BYOD) approach. This means that you will need to provide your own databases (specifically Postgres and Redis) for the Infisical services to use. The standalone deployment does not include any databases.
-
-If you wish to streamline the deployment process, we recommend using the Ansible role for Infisical. The Ansible role automates the end to end deployment process, and will take care of everything like databases, redis deployment, web serving, and availability.
-- [Automated Deployment with high availability (HA)](/self-hosting/deployment-options/native/high-availability)
-
-
-## Prerequisites
-- A server running a Debian-based operating system (e.g., Ubuntu, Debian)
-- A Postgres database
-- A Redis database
-
-## Installing Infisical
-Installing Infisical is as simple as running a single command. You can install Infisical by running the following command:
-
-```bash
- $ curl -1sLf 'https://dl.cloudsmith.io/public/infisical/infisical-core/cfg/setup/bash.deb.sh' | sudo bash && sudo apt-get install -y infisical-core
-```
-
-## Running Infisical
-Running Infisical and serving it to the web has a few steps. Below are the steps to get you started with running Infisical in a standalone environment.
- * Setup environment variables
- * Running Postgres migrations
- * Create system daemon
- * Exposing Infisical to the internet
-
-
-
-
- To use Infisical you'll need to configure the environment variables beforehand. You can acheive this by creating an environment file to be used by Infisical.
-
-
- #### Create environment file
- ```bash
- $ mkdir -p /etc/infisical && touch /etc/infisical/environment
- ```
-
- After creating the environment file, you'll need to fill it out with your environment variables.
-
- #### Edit environment file
- ```bash
- $ nano /etc/infisical/environment
- ```
-
- ```bash
- DB_CONNECTION_URI=postgres://user:password@localhost:5432/infisical # Replace with your Postgres database connection URI
- REDIS_URL=redis://localhost:6379 # Replace with your Redis connection URI
- ENCRYPTION_KEY=your_encryption_key # Replace with your encryption key (can be generated with: openssl rand -hex 16)
- AUTH_SECRET=your_auth_secret # Replace with your auth secret (can be generated with: openssl rand -base64 32)
- ```
-
-
- The minimum required environment variables are `DB_CONNECTION_URI`, `REDIS_URL`, `ENCRYPTION_KEY`, and `AUTH_SECRET`. We recommend You take a look at our [list of all available environment variables](/docs/self-hosting/configuration/envars#general-platform), and configure the ones you need.
-
-
-
-
- Assuming you're starting with a fresh Postgres database, you'll need to run the Postgres migrations to syncronize the database schema.
- The migration command will use the environment variables you configured in the previous step.
-
-
- ```bash
- $ eval $(cat /etc/infisical/environment) infisical-core migration:latest
- ```
-
-
- This step will need to be repeated if you update Infisical in the future.
-
-
-
-
-
- ```bash
- $ nano /etc/systemd/system/infisical.service
- ```
-
-
-
- Create a systemd service file for Infisical. Creating a systemd service file will allow Infisical to start automatically when the system boots or in case of a crash.
-
- ```bash
- $ nano /etc/systemd/system/infisical.service
- ```
-
- ```ini
- [Unit]
- Description=Infisical Service
- After=network.target
-
- [Service]
- # The path to the environment file we created in the previous step
- EnvironmentFile=/etc/infisical/environment
- Type=simple
- # Change the user to the user you want to run Infisical as
- User=root
- ExecStart=/usr/local/bin/infisical-core
- Restart=always
- RestartSec=30
-
- [Install]
- WantedBy=multi-user.target
- ```
-
- Now we need to reload the systemd daemon and start the Infisical service.
-
- ```bash
- $ systemctl daemon-reload
- $ systemctl start infisical
- $ systemctl enable infisical
- ```
-
-
- You can check the status of the Infisical service by running `systemctl status infisical`.
- It is also a good idea to check the logs for any errors by running `journalctl --no-pager -u infisical`.
-
-
-
- Exposing Infisical to the internet requires setting up a reverse proxy. You can use any reverse proxy of your choice, but we recommend using HAProxy or Nginx. Below is an example of how to set up a reverse proxy using HAProxy.
-
- #### Install HAProxy
- ```bash
- $ apt-get install -y haproxy
- ```
-
- #### Edit HAProxy configuration
- ```bash
- $ nano /etc/haproxy/haproxy.cfg
- ```
-
- ```ini
- global
- log /dev/log local0
- log /dev/log local1 notice
- chroot /var/lib/haproxy
- stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
- stats timeout 30s
- user haproxy
- group haproxy
- daemon
-
- defaults
- log global
- mode http
- option httplog
- option dontlognull
- timeout connect 5000
- timeout client 50000
- timeout server 50000
-
- frontend http-in
- bind *:80
- default_backend infisical
-
- backend infisical
- server infisicalapp 127.0.0.1:8080 check
- ```
-
-
- If you decide to use Nginx, then please be aware that the configuration will be different. **Infisical listens on port 8080**.
-
-
- #### Restart HAProxy
- ```bash
- $ systemctl restart haproxy
- ```
-
-
-
-
-And that's it! You have successfully deployed Infisical in a standalone environment. You can now access Infisical by visiting `http://your-server-ip`.
-
-
- Please take note that the Infisical team cannot provide infrastructure support for **free self-hosted** deployments.
If you need help with infrastructure, we recommend upgrading to a [paid plan](https://infisical.com/pricing) which includes infrastructure support.
-
- You can also join our community [Slack](https://infisical.com/slack) for help and support from the community.
-
-
-## Troubleshooting
-
-
- This is a common issue related to the HAProxy configuration file. The error is caused by the missing newline character at the end of the file. You can fix this by adding a newline character at the end of the file.
-
- ```bash
- $ echo "" >> /etc/haproxy/haproxy.cfg
- ```
-
-
- This issue can be caused by a number of reasons, mostly realted to the network configuration. Here are a few things you can check:
- 1. Ensure that the firewall is not blocking the connection. You can check this by running `ufw status`. Ensure that port 80 is open.
- 2. If you're using a cloud provider like AWS or GCP, ensure that the security group allows traffic on port 80.
- 3. Ensure that the HAProxy service is running. You can check this by running `systemctl status haproxy`.
- 4. Ensure that the Infisical service is running. You can check this by running `systemctl status infisical`.
-
\ No newline at end of file
diff --git a/docs/self-hosting/overview.mdx b/docs/self-hosting/overview.mdx
index acb692711f..040bfa6b7f 100644
--- a/docs/self-hosting/overview.mdx
+++ b/docs/self-hosting/overview.mdx
@@ -11,7 +11,7 @@ Choose from a number of deployment options listed below to get started.
title="Docker"
color="#000000"
icon="docker"
- href="deployment-options/standalone-infisical"
+ href="./deployment-options/standalone-infisical"
>
Use the fully packaged docker image to deploy Infisical anywhere.
@@ -20,7 +20,7 @@ Choose from a number of deployment options listed below to get started.
title="Docker Compose"
color="#000000"
icon="docker"
- href="deployment-options/docker-compose"
+ href="./deployment-options/docker-compose"
>
Install Infisical using our Docker Compose template.
@@ -28,7 +28,7 @@ Choose from a number of deployment options listed below to get started.
title="Kubernetes"
color="#000000"
icon="gear-complex-code"
- href="deployment-options/kubernetes-helm"
+ href="./deployment-options/kubernetes-helm"
>
Use our Helm chart to Install Infisical on your Kubernetes cluster.
@@ -36,7 +36,7 @@ Choose from a number of deployment options listed below to get started.
Install Infisical on your system without containers using our Linux package.