fix: remove INFISICAL_PLATFORM_VERSION from secrets cache key

[devin-ai-integration]

Context

Every time a new Infisical version is deployed, the entire secrets cache becomes invalid because INFISICAL_PLATFORM_VERSION was included in the cache key computation. This caused all secret requests against new containers to perform expensive WITH RECURSIVE database queries since there was no "existing" cache for the new version.

This PR removes the platform version from the cache key, so deployments no longer invalidate the secrets cache.

Before: Cache key was secret-manager:{version}:{projectId}:...
After: Cache key is secret-manager:{projectId}:...

Related Slack discussion concluded that secret structure changes are rare enough (2-3 times/year) that the tradeoff is acceptable.

Steps to verify the change

1. Review that SecretServiceCacheKeys.productKey no longer includes the platform version
2. Verify the unused getConfig import was removed

Type

• Fix
• Feature
• Improvement
• Breaking
• Docs
• Chore

Checklist

• Title follows the conventional commit format
• Tested locally (type checks pass)
• Updated docs (if needed)
• Read the contributing guide

---

Requested by: @maidul98
Link to Devin run: https://app.devin.ai/sessions/3e861d270d834407a0bbd54c1345d6cb

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR removes INFISICAL_PLATFORM_VERSION from the secrets cache key computation to prevent cache invalidation on every deployment.

Changes:

• Removed unused getConfig import from @app/lib/config/env
• Modified SecretServiceCacheKeys.productKey to return just ProjectType.SecretManager instead of including the platform version
• Cache key format changed from secret-manager:{version}:{projectId}:... to secret-manager:{projectId}:...

Impact:
This change means that deployments will no longer trigger a full cache invalidation, improving performance during version updates. The tradeoff is that secret structure changes (which occur 2-3 times/year according to the PR description) may require manual cache invalidation, but this is acceptable given the deployment frequency vs schema change frequency.

Confidence Score: 5/5

• This PR is safe to merge with no concerns
• The change is straightforward, well-justified, and has minimal risk. It removes a version component from a cache key, which is a simple string modification with clear intent. The unused import cleanup is also appropriate.
• No files require special attention

Important Files Changed

Filename	Overview
backend/src/services/secret-v2-bridge/secret-v2-bridge-dal.ts	Removed INFISICAL_PLATFORM_VERSION from cache key to prevent cache invalidation on deployments