What's Changed

• fix: correct broken docs link for remove group machine identity endpoint by @devin-ai-integration[bot] in #5553
• fix: rename docs file to remove-group-machine-identity for consistent naming and fix sidebar by @devin-ai-integration[bot] in #5554
• feat: this pr re-orders the permission on loading up to make forbid rule to have higher priority by @akhilmhdh in #5535
• fix(pki): send profile default KU/EKU values on certificate submit by @saifsmailbox98 in #5533
• chore(ui): update book a demo link URL to /talk-to-us by @devin-ai-integration[bot] in #5558
• fix: use request environment for approval notifications by @frankeld in #5551
• docs(java-sdk): add token revocation methods by @IgorHorta in #5549
• docs(cicd): added github ci/cd documentation by @jakehulberg in #5260
• improvement(pki): add daily expiration alert by @saifsmailbox98 in #5552
• feat: add auto kmip setup for org by @sheensantoscapadngan in #5500
• feat(kubernetes-auth): add wildcard and regex support for kube auth by @PrestigePvP in #5565
• feat(auth): implement sub-organization login selection by @IgorHorta in #5522
• feat(secrets): add navigation to secrets from reference tree by @IgorHorta in #5564
• fix: use correct property for LDAP modify operation type by @devin-ai-integration[bot] in #5572
• improvement(pki): add metadata support to certificate and certificate requests including searching by @saifsmailbox98 in #5555
• chore: remove frontend scim checks for user management by @sheensantoscapadngan in #5575
• feat: add PKI Sectigo External CA docs by @carlosmonastyrski in #5578
• improvement(policies): policies UI update by @victorvhs017 in #5524
• fix: fips crashing by @varonix0 in #5580

New Contributors

• @frankeld made their first contribution in #5551
• @jakehulberg made their first contribution in #5260
• @PrestigePvP made their first contribution in #5565

Full Changelog: v0.158.6...v0.158.7

What's Changed

• feat(frontend): add support for adding environments on the overview page by @scott-ray-wilson in #5514
• chore: removed all namespace and reference by @akhilmhdh in #5478
• feature: add GTM + update CSP to allow it by @carlosmonastyrski in #5507
• feat: add secret import support to overview page by @scott-ray-wilson in #5509
• fix: certificate profile CA selector to display the CA name by @carlosmonastyrski in #5541
• fix: optimize bulk secret upsert to prevent 502/500 timeouts on large batches by @devin-ai-integration[bot] in #5537
• fix: de-duplicate batch creations/upserts by @varonix0 in #5545
• fix: use server-side search for machine identity dropdown in project templates by @devin-ai-integration[bot] in #5543

Full Changelog: v0.158.5...v0.158.6

What's Changed

• feat(api): new membership API for org and suborgs groups by @IgorHorta in #5472
• fix(audit-log-stream): remove AbortSignal.timeout to fix retry failures and memory pressure by @victorvhs017 in #5474
• docs(python): add LDAP authentication method to Python SDK documentation by @victorvhs017 in #5511
• improvement(frontend): migrate org membership page to v3 components by @scott-ray-wilson in #5510
• docs(ansible): add LDAP authentication method to Ansible documentation by @victorvhs017 in #5518
• feat(frontend): migrate org MI page to v3 components by @scott-ray-wilson in #5513
• fix(frontend): display generate lease for totp dynamic secret on overview page by @scott-ray-wilson in #5523
• feature: add Azure DNS as a provider for ACME by @carlosmonastyrski in #5262
• feat(pki): expand certificate profile defaults beyond TTL by @saifsmailbox98 in #5493
• improvement(dockerfile): increase Node.js memory limit from 1024MB to 2048MB by @victorvhs017 in #5519
• feat(pki): add AWS PCA external CA integration by @saifsmailbox98 in #5515

Full Changelog: v0.158.4...v0.158.5

What's Changed

• improvement(secret-rotation): validate conflicts before rotating external credentials by @victorvhs017 in #5461

Full Changelog: v0.158.3...v0.158.4

What's Changed

• feat: added logger to vault app connection for debug by @akhilmhdh in #5403
• fix: gateway v2 support for hashicorp vault connection by @varonix0 in #5410
• improvement(frontend): enhance secret diff view and commit handling by @victorvhs017 in #5364
• feat(sso): support wildcard email domains for OIDC by @IgorHorta in #5409
• fix(permissions): add a check for empty glob paths by @victorvhs017 in #5415
• feat: updated permission error message by @akhilmhdh in #5414
• feat: implement durable queue for redis queues that needs persistence in PG by @akhilmhdh in #5380
• feat: add secret reminder support to overview page by @scott-ray-wilson in #5387
• feat: remove folders from PAM by @sheensantoscapadngan in #5390
• feat(pam): windows server by @x032205 in #5396
• fix: address pam account mutation response issue by @sheensantoscapadngan in #5421
• feat(pam): add web launcher for browser-based terminal access to PostgreSQL accounts by @saifsmailbox98 in #5399
• feat(pam): simplify resource accounts table and add rotation badge by @devin-ai-integration[bot] in #5419
• docs: updates after pam restructuring by @sheensantoscapadngan in #5420
• fix(server): use SITE_URL in bootstrap startup message by @themavik in #5436
• fix(docker): exclude test private keys and BDD files from production images by @themavik in #5439
• feat(flyio): support automatic redeployment on Fly.io after secret ch… by @IgorHorta in #5447
• fix(secret-sync): fixed Render Secret Sync deletion bugs by @victorvhs017 in #5448
• fix(app-connection): hashicorp vault https gateway usage by @varonix0 in #5457
• feat(secret-sync): support for vault KV engine v1 by @varonix0 in #5460
• improvement(api): add config for sending audit logs to clickhouse by @fangpenlin in #5458
• feat(frontend): add support for personal overrides on overview page and split override view by @scott-ray-wilson in #5417
• improvement(api): update local dev env to use infisical for the db name and credentials by @fangpenlin in #5462
• chore: removed lint stage check by @akhilmhdh in #5434
• feat(pki): add pagerduty channel to PKI alerting and split alerting docs by @saifsmailbox98 in #5433
• chore: added redis reconnect on error by @akhilmhdh in #5466
• feat(ui): add inline search filter bar to audit logs page by @maidul98 in #5465
• feat(pam): in-browser web access terminal for PAM postgres accounts by @saifsmailbox98 in #5425
• feature: add PKI Network Discovery by @carlosmonastyrski in #5428
• feat(frontend): add secret share action to overview page by @scott-ray-wilson in #5426
• feat(frontend): add upload support to overview page by @scott-ray-wilson in #5459
• improvement(api): query audit logs with clickhouse by @fangpenlin in #5463
• docs: sprig for export command by @varonix0 in #5468
• improvement(api): disable wait_for_async_insert for clickhouse audit logs insert now by @fangpenlin in #5469
• feat(secret-sharing): cleaned up API and exposed publicly by @varonix0 in #5427
• Update envkey.mdx by @kneuens-lab in #5471
• docs(cli): removed cloudsmith links cli by @victorvhs017 in #5467
• chore: add Certificate Import API Reference by @carlosmonastyrski in #5476
• feat(pam): ad server resource & account by @x032205 in #5464
• docs: improve linking on PAM overview page by @devin-ai-integration[bot] in #5356
• feat(vault): reusable gateway by @varonix0 in #5481
• improvement(api): fix default value not actually updated if no value provided for the i… by @fangpenlin in #5482
• feat: secret version value redaction by @varonix0 in #5392
• feat(frontend): add single environment overview display and expand overview functionality by @scott-ray-wilson in #5473
• feat: v4 secrets router refactor by @varonix0 in #5404
• docs(changelog): redirect changelog page to docs overview page by @devin-ai-integration[bot] in #5497
• docs(pam): add docs for postgres web access by @saifsmailbox98 in #5498
• feat(overview): add commit history access to overview page by @scott-ray-wilson in #5484
• fix: remove extra vault migration validation by @varonix0 in #5499
• improvement(frontend): update styling of bulk select to match v3 components by @scott-ray-wilson in #5483
• feat: removed the check in rotation and also added useSudo capability in unix linux account rotation by @akhilmhdh in #5495
• fix: increase PKI Sync name length by @carlosmonastyrski in #5504
• fix: sendApprovalEmailsFn wrong end of url symbol by @carlosmonastyrski in #5506
• docs: update network discovery reference by @sheensantoscapadngan in #5505
• chore: add support for PKI DNS CNAME delegation by @carlosmonastyrski in #5501
• fix: updated ldap auth lockout to be like ua lockout by @akhilmhdh in #5503
• feat(ui): refactor secret dependency tree view by @varonix0 in #5502
• fix: unblock e2e tests by @varonix0 in #5508

New Contributors

• @themavik made their first contribution in #5436
• @kneuens-lab made their first contribution in #5471

Full Changelog: v0.158.2...v0.158.3

What's Changed

• fix: update aws sm sync to properly handle key schema when using many-to-one mapping by @scott-ray-wilson in #5381
• docs: updated information on operator default value by @akhilmhdh in #5382
• feat: secret reference dependency tracking by @varonix0 in #5374
• fix: resolved failing enotfound error in hcp vault app connection by @akhilmhdh in #5394
• docs: improve vault migration docs by @varonix0 in #5371

Full Changelog: v0.158.1...v0.158.2

What's Changed

• feat: revamped event architecture by @akhilmhdh in #5271
• fix(secret-approval): stable pagination for change requests list (V2) by @IgorHorta in #5312
• chore: add basic constraints deduction for sign certificate by @sheensantoscapadngan in #5313
• improvement: use placeholder color for empty value on secret input by @scott-ray-wilson in #5317
• docs: improve Kubernetes Helm deployment guide by @devin-ai-integration[bot] in #5301
• docs: improve docker-compose self-hosting guide by @devin-ai-integration[bot] in #5297
• docs: add Infisical Secrets Management YouTube video to overview page by @devin-ai-integration[bot] in #5321
• docs: make secrets management video responsive by @dangtony98 in #5322
• fix: resolved failing approval generation on update and delete with metadata by @akhilmhdh in #5304
• docs: add sub-organization authentication support to CLI and Go SDK by @akhilmhdh in #5326
• fix(ui): openrouter branding in docs (SECRETS-102) by @IgorHorta in #5328
• feature: add secret comment support to overview page by @scott-ray-wilson in #5319
• feat(ui): allow change request submitter to cancel their own request by @IgorHorta in #5330
• improvement: add skeleton loading transitions to overview page by @scott-ray-wilson in #5320
• feat(ui): add app connection id permission condition to secret syncs by @IgorHorta in #5325
• feat(pki): add support for csr based certificate issuance from web ui by @saifsmailbox98 in #5308
• fix: added more cleanup for event service by @akhilmhdh in #5341
• feature(frontend): manage tags on overview page by @scott-ray-wilson in #5335
• fix: add not-before and not-after check in sign CSR by @sheensantoscapadngan in #5342
• fix(pki): return helpful error for malformed JSON on certificate endpoint for CSR by @saifsmailbox98 in #5331
• chore: improve CA details page and migrate to V3 components by @carlosmonastyrski in #5332
• docs: fix inconsistent security email address by @njg7194 in #5339
• feat(ui): move App Connections to Integrations tab by @IgorHorta in #5347
• docs: add Okta OIDC SSO step-by-step guide by @devin-ai-integration[bot] in #5316
• improvement: clarify authorized emails must have an infisical account for secret sharing by @scott-ray-wilson in #5343
• feat: dbt app connection & service token secret rotation by @varonix0 in #5307
• feature(frontend): manage secret metadata from overview page by @scott-ray-wilson in #5337
• chore: update CA details images on docs by @carlosmonastyrski in #5348
• feature: add PKI Cloudflare Sync by @carlosmonastyrski in #5311
• fix(backend): correct SAML user complete check & always verify email on provision by @scott-ray-wilson in #5358
• docs: update releases docs by @devin-ai-integration[bot] in #5357
• docs(operator): infisicalsecret crd syncConfig by @varonix0 in #5360
• feature(frontend): toggle multi-line encoding from overview page by @scott-ray-wilson in #5338
• improvement(frontend): update change request label depending on review/merge status by @scott-ray-wilson in #5361
• docs: add sub-organizations documentation by @IgorHorta in #5359
• docs: add comprehensive AWS ECS self-hosting guide by @devin-ai-integration[bot] in #5302
• docs: add comprehensive GCP GKE self-hosting guide by @devin-ai-integration[bot] in #5303
• feat(pki): add webhooks to alerts by @saifsmailbox98 in #5327
• docs: add AWS and GCP native deployment guides to navigation by @devin-ai-integration[bot] in #5305
• docs: fix self-hosting overview page GCP link and card descriptions by @devin-ai-integration[bot] in #5296
• docs: clarify single-instance vs dual-phase rotation per provider by @IgorHorta in #5354
• feature: add AWS load balancer PKI sync by @carlosmonastyrski in #5285
• feat: add requestId query parameter to notification URLs for secret approval requests by @devin-ai-integration[bot] in #5370
• feat: automatically update references when secrets are moved or updated by @varonix0 in #5344
• fix(ui): add secret approval request role to allow users view CR other than theirs by @IgorHorta in #5345
• feat(frontend): secret version history on overview page by @scott-ray-wilson in #5363
• fix(frontend): remove secret ID being set as secret comment by @scott-ray-wilson in #5375
• feat(pki): add slack webhook to alerts by @saifsmailbox98 in #5369
• feature(api): add display name support for sub-organizations by @IgorHorta in #5362
• feat: add access insights to overview page by @scott-ray-wilson in #5373
• docs: update Linux HA deployment to use new Infisical repository URL by @devin-ai-integration[bot] in #5378
• fix(secrets): resolve rename validation error for skipMultilineEncoding by @IgorHorta in #5379
• fix: queue PKI Alert V2 run once a day by @carlosmonastyrski in #5384
• feat(pam): individual resource & account pages by @x032205 in #5376
• fix(api): include create secrets when resolving tags in bulk upsert by @MuzzaiyyanHussain in #5324
• fix(rotation): use local auth for Windows local account verification by @victorvhs017 in #5386

New Contributors

• @njg7194 made their first contribution in #5339
• @MuzzaiyyanHussain made their first contribution in #5324

Full Changelog: v0.158.0...v0.158.1

What's Changed

• feat(pki): add default TTL setting to certificate profiles by @saifsmailbox98 in #5238
• feat(pki): add certificate details page by @saifsmailbox98 in #5270
• fix: remove INFISICAL_PLATFORM_VERSION from secrets cache key by @devin-ai-integration[bot] in #5292
• feat: updated identity login endpoints suborganization paramater to organizationSlug by @akhilmhdh in #5281
• fix: rename template to certificate policy on Certificate Profiles page by @devin-ai-integration[bot] in #5298
• improvement(pki): provide the option of creating policies from the profile creation form by @saifsmailbox98 in #5294
• fix(api): ensure commits are linted/formatted before commit by @IgorHorta in #5282
• feat: circle ci secret sync by @luizbafilho in #5255
• feature: add a new option on PKI ACME enrollment method to skip EAB validation by @carlosmonastyrski in #5227
• feat(secret-rotation): add OpenRouter API key rotation support by @IgorHorta in #5299
• feat(frontend): update secret overview UI and migrate to v3 components by @scott-ray-wilson in #5289
• feature(secret-rotation): windows local account secret rotation by @victorvhs017 in #5269

Full Changelog: v0.157.0...v0.158.0

What's Changed

• docs: add rate limits section to API reference by @x032205 in #5230
• chore(docs): fix typo by @varonix0 in #5226
• fix: migration error in read-compat-flag by @akhilmhdh in #5232
• improvement(secret-syncs): update max name size to 256 by @x032205 in #5215
• feat: added query to remove orphan user org membership by @akhilmhdh in #5233
• feat: added cleanup query to remove orphan identity by @akhilmhdh in #5237
• feat: add show/hide password toggle to login page by @devin-ai-integration[bot] in #5241
• feature(project-templates): add groups to templates by @x032205 in #5234
• fix(sign-up): implement email notification for existing accounts during signup by @victorvhs017 in #5244
• improvement(gateway): introduce safeJWTSchema for identity token validation in gateway cmd deployment by @victorvhs017 in #5245
• fix: enable URL sharing for secret approval change requests by @devin-ai-integration[bot] in #5246
• chore: add CA:true policy constraint to docs by @carlosmonastyrski in #5231
• fix(organization-invite): add validation for disposable emails by @victorvhs017 in #5254
• improvement(mfa): implement MFA unlock email handling with keystore lockout mechanism by @victorvhs017 in #5239
• feature: add PKI approval workflows by @carlosmonastyrski in #5218
• fix: small PKI approvals doc path renaming for clearer trace by @carlosmonastyrski in #5256
• fix: pki approvals doc references by @carlosmonastyrski in #5258
• chore: enable identity support for org list endpoint by @sheensantoscapadngan in #5259
• feat(agent-sentinel): add gateway support for MCP servers by @saifsmailbox98 in #5225
• feat(project-templates): add machine identities by @x032205 in #5252
• feat(backend): add sanitized schema generation for analytics views by @maidul98 in #5251
• feat: make resource optional in MCP endpoint OAuth flow by @devin-ai-integration[bot] in #5267
• feat: add select/deselect all tools option for MCP server endpoints by @devin-ai-integration[bot] in #5266
• fix(vault-migration): handle soft deleted secrets by @varonix0 in #5263
• fix(identities-projects): add lock to identity insert and custom rate-limitings for identities and projects creation by @victorvhs017 in #5242
• feat: implements user account recovery by @akhilmhdh in #5236
• fix: move ts-node from devDependencies to dependencies for migration support by @devin-ai-integration[bot] in #5273
• fix(ui): secret field json diff visibility issue by @IgorHorta in #5274
• feat(db): add role-based access grants for analytics schema by @maidul98 in #5279
• fix: fixes and improvements on PKI CAs by @carlosmonastyrski in #5024
• fix: remove project version check from grantProjectAdminAccess by @devin-ai-integration[bot] in #5272
• improvement(pki): add error tooltip for failed cert requests and restrict actions to issued certificates by @saifsmailbox98 in #5283
• fix(pki): disable the policy selector with a message that no policies are available by @saifsmailbox98 in #5284
• feat: made organization role api available for identity and external use by @akhilmhdh in #5280
• fix(saml): support Azure SAML 'Sign assertion only' configuration by @devin-ai-integration[bot] in #5275

New Contributors

• @devin-ai-integration[bot] made their first contribution in #5241
• @IgorHorta made their first contribution in #5274

Full Changelog: v0.156.3...v0.156.4

What's Changed

• docs: adding custom Unify script to Mintlify docs by @ashwin-infisical in #5228
• improvement(gitlab-integration): moved from 'name' to 'fullName' when using GitLab groups by @victorvhs017 in #5229
• feat(project-templates): support for users on templates by @x032205 in #5198

Full Changelog: v0.156.2...v0.156.3