Add PR suggestions

package.json

@@ -21,7 +21,7 @@
   },
   "author": "Infisical Inc, <daniel@infisical.com>",
   "license": "ISC",
-  "description": "The Infisical SDK provides a convenient way to interact with the Infisical API.",
+  "description": "The Infisical SDK provides a convenient way to programmatically interact with the Infisical API.",
   "devDependencies": {
     "@types/node": "^22.5.1",
     "tsc": "^2.0.4",

src/api/base.ts

@@ -30,6 +30,7 @@ export class ApiClient {
 
       if (!config._retryCount) config._retryCount = 0;
 
+      // handle rate limits and network errors
       if (
         (error.response?.status === 429 ||
           error.response?.status === undefined) &&

src/api/endpoints/environments.ts

@@ -9,11 +9,7 @@ export class EnvironmentsApi {
   ): Promise<CreateEnvironmentResponse> {
     return this.apiClient.post<CreateEnvironmentResponse>(
       `/api/v1/workspace/${data.projectId}/environments`,
-      {
+      data
-        name: data.name,
-        slug: data.slug,
-        position: data.position,
-      }
     );
   }
 }

src/api/endpoints/projects.ts

@@ -21,11 +21,7 @@ export class ProjectsApi {
   ): Promise<InviteMembersResponse> {
     return this.apiClient.post<InviteMembersResponse>(
       `/api/v2/workspace/${data.projectId}/memberships`,
-      {
+      data
-        emails: data.emails,
-        usernames: data.usernames,
-        roleSlugs: data.roleSlugs,
-      }
     );
   }
 }

src/api/endpoints/secrets.ts

@@ -25,7 +25,7 @@ export class SecretsApi {
     const { secretName, ...queryParams } = params;
     return this.apiClient.get<GetSecretResponse>(
       `/api/v3/secrets/raw/${encodeURIComponent(secretName)}`,
-      { params: queryParams }
+      { params }
     );
   }
 

src/api/types/dynamic-secrets.ts

@@ -87,3 +87,43 @@ export interface RenewLeaseRequest {
 export interface RenewLeaseResponse {
   lease: Lease;
 }
+
+export type CreateDynamicSecretOptions = {
+  provider: TDynamicSecretProvider;
+  defaultTTL: string;
+  maxTTL: string;
+  name: string;
+  projectSlug: string;
+  environmentSlug: string;
+  path?: string;
+  metadata?: Record<string, any>;
+};
+
+export type DeleteDynamicSecretOptions = {
+  environmentSlug: string;
+  projectSlug: string;
+  path?: string;
+  isForced?: boolean;
+};
+
+export type CreateDynamicSecretLeaseOptions = {
+  dynamicSecretName: string;
+  environmentSlug: string;
+  projectSlug: string;
+  path?: string;
+  ttl?: string;
+};
+
+export type DeleteDynamicSecretLeaseOptions = {
+  environmentSlug: string;
+  projectSlug: string;
+  path?: string;
+  isForced?: boolean;
+};
+
+export type RenewDynamicSecretLeaseOptions = {
+  environmentSlug: string;
+  projectSlug: string;
+  path?: string;
+  ttl?: string;
+};

src/api/types/environments.ts

@@ -16,5 +16,14 @@ export interface CreateEnvironmentRequest {
 }
 
 export type CreateEnvironmentResponse = {
+  message: string;
+  workspace: string;
   environment: Environment;
 };
+
+export type CreateEnvironmentOptions = {
+  name: string;
+  projectId: string;
+  slug: string;
+  position?: number;
+};

src/api/types/folders.ts

@@ -1,12 +1,14 @@
 export interface Folder {
   id: string;
   name: string;
-  path: string;
+  envId: string;
-  workspaceId: string;
-  environment: string;
   description?: string;
   createdAt: string;
   updatedAt: string;
+  parentId?: string;
+  isReserved?: boolean;
+  lastSecretModified?: string;
+  version?: number;
 }
 
 export interface CreateFolderRequest {
@@ -33,3 +35,18 @@ export interface ListFoldersResponse {
   folders: Folder[];
 }
 
+export type CreateFolderOptions = {
+  name: string;
+  path: string;
+  projectId: string;
+  environment: string;
+  description?: string;
+};
+
+export type ListFoldersOptions = {
+  environment: string;
+  projectId: string;
+  path?: string;
+  recursive?: boolean;
+  lastSecretModified?: string;
+};

src/api/types/projects.ts

@@ -41,3 +41,19 @@ export interface Membership {
 export interface InviteMembersResponse {
   memberships: Membership[];
 }
+
+export type CreateProjectOptions = {
+  projectName: string;
+  type: string;
+  projectDescription?: string;
+  slug?: string;
+  template?: string;
+  kmsKeyId?: string;
+};
+
+export type InviteMemberToProjectOptions = {
+  projectId: string;
+  emails?: string[];
+  usernames?: string[];
+  roleSlugs?: string[];
+};

src/api/types/secrets.ts

@@ -1,3 +1,5 @@
+type SecretType = "shared" | "personal";
+
 export interface Secret {
   id: string;
   workspaceId: string;
@@ -6,7 +8,21 @@ export interface Secret {
   secretValue: string;
   secretComment?: string;
   secretPath?: string;
-  type: "shared" | "personal";
+  secretValueHidden: boolean;
+  secretReminderNote?: string;
+  secretReminderRepeatDays?: number;
+  skipMultilineEncoding?: boolean;
+  folderId?: string;
+  actor?: {
+    actorId?: string;
+    name?: string;
+    actorType?: string;
+    membershipId?: string;
+  }
+  isRotatedSecret: boolean;
+  rotationId?: string;
+  secretMetadata?: Record<string, any>;
+  type: SecretType;
   createdAt: string;
   updatedAt: string;
   version: number;
@@ -29,6 +45,8 @@ export interface ListSecretsResponse {
   imports?: Array<{
     secretPath: string;
     secrets: Secret[];
+    folderId?: string;
+    environment: string;
   }>;
 }
 
@@ -39,7 +57,7 @@ export interface GetSecretRequest {
   expandSecretReferences?: string;
   includeImports?: string;
   secretPath?: string;
-  type?: "shared" | "personal";
+  type?: SecretType;
   version?: number;
   viewSecretValue?: string;
 }
@@ -58,7 +76,7 @@ export interface CreateSecretRequest {
   secretReminderRepeatDays?: number;
   skipMultilineEncoding?: boolean;
   tagIds?: string[];
-  type?: "shared" | "personal";
+  type?: SecretType;
 }
 
 export interface UpdateSecretRequest {
@@ -72,7 +90,7 @@ export interface UpdateSecretRequest {
   secretReminderRepeatDays?: number;
   skipMultilineEncoding?: boolean;
   tagIds?: string[];
-  type?: "shared" | "personal";
+  type?: SecretType;
   metadata?: Record<string, any>;
 }
 
@@ -80,5 +98,58 @@ export interface DeleteSecretRequest {
   workspaceId: string;
   environment: string;
   secretPath?: string;
-  type?: "shared" | "personal";
+  type?: SecretType;
 }
+
+export type ListSecretsOptions = {
+  environment: string;
+  projectId: string;
+  expandSecretReferences?: boolean;
+  includeImports?: boolean;
+  recursive?: boolean;
+  secretPath?: string;
+  tagSlugs?: string[];
+  viewSecretValue?: boolean;
+};
+
+export type GetSecretOptions = {
+  environment: string;
+  secretName: string;
+  expandSecretReferences?: boolean;
+  includeImports?: boolean;
+  secretPath?: string;
+  type?: SecretType;
+  version?: number;
+  projectId: string;
+  viewSecretValue?: boolean;
+};
+
+export type BaseSecretOptions = {
+  environment: string;
+  projectId: string;
+  secretComment?: string;
+  secretPath?: string;
+  secretReminderNote?: string;
+  secretReminderRepeatDays?: number;
+  skipMultilineEncoding?: boolean;
+  tagIds?: string[];
+  type?: SecretType;
+  metadata?: Record<string, any>;
+  secretMetadata?: Record<string, any>[];
+};
+
+export type UpdateSecretOptions = {
+  secretValue?: string;
+  newSecretName?: string;
+} & BaseSecretOptions;
+
+export type CreateSecretOptions = {
+  secretValue: string;
+} & BaseSecretOptions;
+
+export type DeleteSecretOptions = {
+  environment: string;
+  projectId: string;
+  secretPath?: string;
+  type?: SecretType;
+};

src/custom/auth.ts

@@ -27,19 +27,11 @@ export const renewToken = async (apiClient: AuthApi, token?: string) => {
 };
 
 export default class AuthClient {
-  #sdkAuthenticator: AuthenticatorFunction;
-  #apiClient: AuthApi;
-  #accessToken?: string;
-
   constructor(
-    authenticator: AuthenticatorFunction,
+    private sdkAuthenticator: AuthenticatorFunction,
-    apiInstance: AuthApi,
+    private apiClient: AuthApi,
-    accessToken?: string
+    private _accessToken?: string
-  ) {
+  ) {}
-    this.#sdkAuthenticator = authenticator;
-    this.#apiClient = apiInstance;
-    this.#accessToken = accessToken;
-  }
 
   awsIamAuth = {
     login: async (options?: AwsAuthLoginOptions) => {
@@ -53,7 +45,7 @@ export default class AuthClient {
         }
 
         const iamRequest = await performAwsIamLogin(await getAwsRegion());
-        const res = await this.#apiClient.awsIamAuthLogin({
+        const res = await this.apiClient.awsIamAuthLogin({
           iamHttpRequestMethod: iamRequest.iamHttpRequestMethod,
           iamRequestBody: Buffer.from(iamRequest.iamRequestBody).toString(
             "base64"
@@ -64,7 +56,7 @@ export default class AuthClient {
           identityId,
         });
 
-        return this.#sdkAuthenticator(res.accessToken);
+        return this.sdkAuthenticator(res.accessToken);
       } catch (err) {
         throw newInfisicalError(err);
       }
@@ -72,10 +64,10 @@ export default class AuthClient {
     renew: async () => {
       try {
         const refreshedToken = await renewToken(
-          this.#apiClient,
+          this.apiClient,
-          this.#accessToken
+          this._accessToken
         );
-        return this.#sdkAuthenticator(refreshedToken.accessToken);
+        return this.sdkAuthenticator(refreshedToken.accessToken);
       } catch (err) {
         throw newInfisicalError(err);
       }
@@ -85,8 +77,8 @@ export default class AuthClient {
   universalAuth = {
     login: async (options: UniversalAuthLoginRequest) => {
       try {
-        const res = await this.#apiClient.universalAuthLogin(options);
+        const res = await this.apiClient.universalAuthLogin(options);
-        return this.#sdkAuthenticator(res.accessToken);
+        return this.sdkAuthenticator(res.accessToken);
       } catch (err) {
         throw newInfisicalError(err);
       }
@@ -94,10 +86,10 @@ export default class AuthClient {
     renew: async () => {
       try {
         const refreshedToken = await renewToken(
-          this.#apiClient,
+          this.apiClient,
-          this.#accessToken
+          this._accessToken
         );
-        return this.#sdkAuthenticator(refreshedToken.accessToken);
+        return this.sdkAuthenticator(refreshedToken.accessToken);
       } catch (err) {
         throw newInfisicalError(err);
       }
@@ -105,6 +97,6 @@ export default class AuthClient {
   };
 
   accessToken = (token: string) => {
-    return this.#sdkAuthenticator(token);
+    return this.sdkAuthenticator(token);
   };
 }

src/custom/dynamic-secrets.ts

@@ -1,46 +1,13 @@
 import { DynamicSecretsApi } from "../api/endpoints/dynamic-secrets";
 import { TDynamicSecretProvider } from "./schemas/dynamic-secrets";
 import { newInfisicalError } from "./errors";
-
+import {
-export type CreateDynamicSecretOptions = {
+  CreateDynamicSecretOptions,
-  provider: TDynamicSecretProvider;
+  DeleteDynamicSecretOptions,
-  defaultTTL: string;
+  CreateDynamicSecretLeaseOptions,
-  maxTTL: string;
+  DeleteDynamicSecretLeaseOptions,
-  name: string;
+  RenewDynamicSecretLeaseOptions,
-  projectSlug: string;
+} from "../api/types/dynamic-secrets";
-  environmentSlug: string;
-  path?: string;
-  metadata?: Record<string, any>;
-};
-
-export type DeleteDynamicSecretOptions = {
-  environmentSlug: string;
-  projectSlug: string;
-  path?: string;
-  isForced?: boolean;
-};
-
-export type CreateDynamicSecretLeaseOptions = {
-  dynamicSecretName: string;
-  environmentSlug: string;
-  projectSlug: string;
-  path?: string;
-  ttl?: string;
-};
-
-export type DeleteDynamicSecretLeaseOptions = {
-  environmentSlug: string;
-  projectSlug: string;
-  path?: string;
-  isForced?: boolean;
-};
-
-export type RenewDynamicSecretLeaseOptions = {
-  environmentSlug: string;
-  projectSlug: string;
-  path?: string;
-  ttl?: string;
-};
 
 export default class DynamicSecretsClient {
   constructor(private apiClient: DynamicSecretsApi) {}

src/custom/environments.ts

@@ -1,12 +1,6 @@
 import { EnvironmentsApi } from "../api/endpoints/environments";
 import { newInfisicalError } from "./errors";
-
+import { CreateEnvironmentOptions } from "../api/types/environments";
-export type CreateEnvironmentOptions = {
-  name: string;
-  projectId: string;
-  slug: string;
-  position?: number;
-};
 
 export default class EnvironmentsClient {
   constructor(private apiClient: EnvironmentsApi) {}

src/custom/errors.ts

@@ -1,3 +1,5 @@
+import axios from "axios";
+
 export class InfisicalSDKError extends Error {
   constructor(message: string) {
     super(message);
@@ -22,7 +24,7 @@ export class InfisicalSDKRequestError extends Error {
 }
 
 export const newInfisicalError = (error: any) => {
-  if (error?.isAxiosError) {
+  if (axios.isAxiosError(error)) {
     const data = error?.response?.data;
 
     if (data?.message) {
@@ -39,6 +41,7 @@ export const newInfisicalError = (error: any) => {
     } else if (error.message) {
       return new InfisicalSDKError(error.message);
     } else if (error.code) {
+      // If theres no message but a code is present, it's likely to be an aggregation error. This is not specific to Axios, but it falls under the AxiosError type
       return new InfisicalSDKError(error.code);
     } else {
       return new InfisicalSDKError("Request failed with unknown error");

src/custom/folders.ts

@@ -1,21 +1,6 @@
 import { FoldersApi } from "../api/endpoints/folders";
 import { newInfisicalError } from "./errors";
-
+import { CreateFolderOptions, ListFoldersOptions } from "../api/types/folders";
-export type CreateFolderOptions = {
-  name: string;
-  path: string;
-  projectId: string;
-  environment: string;
-  description?: string;
-};
-
-export type ListFoldersOptions = {
-  environment: string;
-  projectId: string;
-  path?: string;
-  recursive?: boolean;
-  lastSecretModified?: string;
-};
 
 export default class FoldersClient {
   constructor(private apiClient: FoldersApi) {}

src/custom/projects.ts

@@ -1,21 +1,6 @@
 import { ProjectsApi } from "../api/endpoints/projects";
 import { newInfisicalError } from "./errors";
-
+import { CreateProjectOptions, InviteMemberToProjectOptions } from "../api/types/projects";
-export type CreateProjectOptions = {
-  projectName: string;
-  type: string;
-  projectDescription?: string;
-  slug?: string;
-  template?: string;
-  kmsKeyId?: string;
-};
-
-export type InviteMemberToProjectOptions = {
-  projectId: string;
-  emails?: string[];
-  usernames?: string[];
-  roleSlugs?: string[];
-};
 
 export default class ProjectsClient {
   constructor(private apiClient: ProjectsApi) {}

src/custom/schemas/dynamic-secrets.ts

@@ -5,30 +5,45 @@ export enum SqlProviders {
   MySQL = "mysql2",
   Oracle = "oracledb",
   MsSQL = "mssql",
-	SapAse = "sap-ase"
+  SapAse = "sap-ase",
 }
 
 export enum ElasticSearchAuthTypes {
   User = "user",
-	ApiKey = "api-key"
+  ApiKey = "api-key",
 }
 
 export enum LdapCredentialType {
   Dynamic = "dynamic",
-	Static = "static"
+  Static = "static",
 }
 
 export enum TotpConfigType {
   URL = "url",
-	MANUAL = "manual"
+  MANUAL = "manual",
 }
 
 export enum TotpAlgorithm {
   SHA1 = "sha1",
   SHA256 = "sha256",
-	SHA512 = "sha512"
+  SHA512 = "sha512",
 }
 
+const passwordRequirementsSchema = z.object({
+  length: z
+    .number()
+    .min(1, { message: "Password length must be at least 1" })
+    .max(250, { message: "Password length must be at most 250" }),
+
+  required: z.object({
+    minUppercase: z.number().min(0).optional(),
+    minLowercase: z.number().min(0).optional(),
+    minDigits: z.number().min(0).optional(),
+    minSymbols: z.number().min(0).optional(),
+  }),
+  allowedSymbols: z.string().optional(),
+});
+
 const DynamicSecretRedisDBSchema = z.object({
   host: z.string().trim().toLowerCase(),
   port: z.number(),
@@ -37,7 +52,7 @@ const DynamicSecretRedisDBSchema = z.object({
   creationStatement: z.string().trim(),
   revocationStatement: z.string().trim(),
   renewStatement: z.string().trim().optional(),
-	ca: z.string().optional()
+  ca: z.string().optional(),
 });
 
 const DynamicSecretAwsElastiCacheSchema = z.object({
@@ -48,7 +63,7 @@ const DynamicSecretAwsElastiCacheSchema = z.object({
   region: z.string().trim(),
   creationStatement: z.string().trim(),
   revocationStatement: z.string().trim(),
-	ca: z.string().optional()
+  ca: z.string().optional(),
 });
 
 const DynamicSecretElasticSearchSchema = z.object({
@@ -61,16 +76,16 @@ const DynamicSecretElasticSearchSchema = z.object({
     z.object({
       type: z.literal(ElasticSearchAuthTypes.User),
       username: z.string().trim(),
-			password: z.string().trim()
+      password: z.string().trim(),
     }),
     z.object({
       type: z.literal(ElasticSearchAuthTypes.ApiKey),
       apiKey: z.string().trim(),
-			apiKeyId: z.string().trim()
+      apiKeyId: z.string().trim(),
-		})
+    }),
   ]),
 
-	ca: z.string().optional()
+  ca: z.string().optional(),
 });
 
 const DynamicSecretRabbitMqSchema = z.object({
@@ -88,9 +103,9 @@ const DynamicSecretRabbitMqSchema = z.object({
     permissions: z.object({
       read: z.string().trim().min(1),
       write: z.string().trim().min(1),
-			configure: z.string().trim().min(1)
+      configure: z.string().trim().min(1),
-		})
+    }),
-	})
+  }),
 });
 
 const DynamicSecretSqlDBSchema = z.object({
@@ -103,7 +118,8 @@ const DynamicSecretSqlDBSchema = z.object({
   creationStatement: z.string().trim(),
   revocationStatement: z.string().trim(),
   renewStatement: z.string().trim().optional(),
-	ca: z.string().optional()
+  ca: z.string().optional(),
+  passwordRequirements: passwordRequirementsSchema.optional(),
 });
 
 const DynamicSecretCassandraSchema = z.object({
@@ -116,7 +132,7 @@ const DynamicSecretCassandraSchema = z.object({
   creationStatement: z.string().trim(),
   revocationStatement: z.string().trim(),
   renewStatement: z.string().trim().optional(),
-	ca: z.string().optional()
+  ca: z.string().optional(),
 });
 
 const DynamicSecretSapAseSchema = z.object({
@@ -126,7 +142,7 @@ const DynamicSecretSapAseSchema = z.object({
   username: z.string().trim(),
   password: z.string().trim(),
   creationStatement: z.string().trim(),
-	revocationStatement: z.string().trim()
+  revocationStatement: z.string().trim(),
 });
 
 const DynamicSecretAwsIamSchema = z.object({
@@ -137,23 +153,43 @@ const DynamicSecretAwsIamSchema = z.object({
   permissionBoundaryPolicyArn: z.string().trim().optional(),
   policyDocument: z.string().trim().optional(),
   userGroups: z.string().trim().optional(),
-	policyArns: z.string().trim().optional()
+  policyArns: z.string().trim().optional(),
 });
 
 const DynamicSecretMongoAtlasSchema = z.object({
-	adminPublicKey: z.string().trim().min(1).describe("Admin user public api key"),
+  adminPublicKey: z
-	adminPrivateKey: z.string().trim().min(1).describe("Admin user private api key"),
+    .string()
-	groupId: z.string().trim().min(1).describe("Unique 24-hexadecimal digit string that identifies your project. This is same as project id"),
+    .trim()
+    .min(1)
+    .describe("Admin user public api key"),
+  adminPrivateKey: z
+    .string()
+    .trim()
+    .min(1)
+    .describe("Admin user private api key"),
+  groupId: z
+    .string()
+    .trim()
+    .min(1)
+    .describe(
+      "Unique 24-hexadecimal digit string that identifies your project. This is same as project id"
+    ),
   roles: z
     .object({
-			collectionName: z.string().optional().describe("Collection on which this role applies."),
+      collectionName: z
-			databaseName: z.string().min(1).describe("Database to which the user is granted access privileges."),
+        .string()
+        .optional()
+        .describe("Collection on which this role applies."),
+      databaseName: z
+        .string()
+        .min(1)
+        .describe("Database to which the user is granted access privileges."),
       roleName: z
         .string()
         .min(1)
         .describe(
           ' Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
-				)
+        ),
     })
     .array()
     .min(1),
@@ -162,10 +198,17 @@ const DynamicSecretMongoAtlasSchema = z.object({
       name: z
         .string()
         .min(1)
-				.describe("Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."),
+        .describe(
-			type: z.string().min(1).describe("Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM")
+          "Human-readable label that identifies the cluster or MongoDB Atlas Data Lake that this database user can access."
+        ),
+      type: z
+        .string()
+        .min(1)
+        .describe(
+          "Category of resource that this database user can access. Enum: CLUSTER, DATA_LAKE, STREAM"
+        ),
     })
-		.array()
+    .array(),
 });
 
 const DynamicSecretMongoDBSchema = z.object({
@@ -181,7 +224,7 @@ const DynamicSecretMongoDBSchema = z.object({
     .min(1)
     .describe(
       'Enum: "atlasAdmin" "backup" "clusterMonitor" "dbAdmin" "dbAdminAnyDatabase" "enableSharding" "read" "readAnyDatabase" "readWrite" "readWriteAnyDatabase" "<a custom role name>".Human-readable label that identifies a group of privileges assigned to a database user. This value can either be a built-in role or a custom role.'
-		)
+    ),
 });
 
 const DynamicSecretSapHanaSchema = z.object({
@@ -192,7 +235,7 @@ const DynamicSecretSapHanaSchema = z.object({
   creationStatement: z.string().trim(),
   revocationStatement: z.string().trim(),
   renewStatement: z.string().trim().optional(),
-	ca: z.string().optional()
+  ca: z.string().optional(),
 });
 
 const DynamicSecretSnowflakeSchema = z.object({
@@ -202,7 +245,7 @@ const DynamicSecretSnowflakeSchema = z.object({
   password: z.string().trim().min(1),
   creationStatement: z.string().trim().min(1),
   revocationStatement: z.string().trim().min(1),
-	renewStatement: z.string().trim().optional()
+  renewStatement: z.string().trim().optional(),
 });
 
 const AzureEntraIDSchema = z.object({
@@ -210,7 +253,7 @@ const AzureEntraIDSchema = z.object({
   userId: z.string().trim().min(1),
   email: z.string().trim().min(1),
   applicationId: z.string().trim().min(1),
-	clientSecret: z.string().trim().min(1)
+  clientSecret: z.string().trim().min(1),
 });
 
 const LdapSchema = z.union([
@@ -219,10 +262,13 @@ const LdapSchema = z.union([
     binddn: z.string().trim().min(1),
     bindpass: z.string().trim().min(1),
     ca: z.string().optional(),
-		credentialType: z.literal(LdapCredentialType.Dynamic).optional().default(LdapCredentialType.Dynamic),
+    credentialType: z
+      .literal(LdapCredentialType.Dynamic)
+      .optional()
+      .default(LdapCredentialType.Dynamic),
     creationLdif: z.string().min(1),
     revocationLdif: z.string().min(1),
-		rollbackLdif: z.string().optional()
+    rollbackLdif: z.string().optional(),
   }),
   z.object({
     url: z.string().trim().min(1),
@@ -230,8 +276,8 @@ const LdapSchema = z.union([
     bindpass: z.string().trim().min(1),
     ca: z.string().optional(),
     credentialType: z.literal(LdapCredentialType.Static),
-		rotationLdif: z.string().min(1)
+    rotationLdif: z.string().min(1),
-	})
+  }),
 ]);
 
 const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
@@ -242,12 +288,12 @@ const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
       .url()
       .trim()
       .min(1)
-			.refine(val => {
+      .refine((val) => {
         const urlObj = new URL(val);
         const secret = urlObj.searchParams.get("secret");
 
         return Boolean(secret);
-			}, "OTP URL must contain secret field")
+      }, "OTP URL must contain secret field"),
   }),
   z.object({
     configType: z.literal(TotpConfigType.MANUAL),
@@ -255,11 +301,11 @@ const DynamicSecretTotpSchema = z.discriminatedUnion("configType", [
       .string()
       .trim()
       .min(1)
-			.transform(val => val.replace(/\s+/g, "")),
+      .transform((val) => val.replace(/\s+/g, "")),
     period: z.number().optional(),
     algorithm: z.nativeEnum(TotpAlgorithm).optional(),
-		digits: z.number().optional()
+    digits: z.number().optional(),
-	})
+  }),
 ]);
 
 export enum DynamicSecretProviders {
@@ -277,25 +323,72 @@ export enum DynamicSecretProviders {
   SapHana = "sap-hana",
   Snowflake = "snowflake",
   Totp = "totp",
-	SapAse = "sap-ase"
+  SapAse = "sap-ase",
 }
 
 const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
-	z.object({ type: z.literal(DynamicSecretProviders.SqlDatabase), inputs: DynamicSecretSqlDBSchema }),
+  z.object({
-	z.object({ type: z.literal(DynamicSecretProviders.Cassandra), inputs: DynamicSecretCassandraSchema }),
+    type: z.literal(DynamicSecretProviders.SqlDatabase),
-	z.object({ type: z.literal(DynamicSecretProviders.SapAse), inputs: DynamicSecretSapAseSchema }),
+    inputs: DynamicSecretSqlDBSchema,
-	z.object({ type: z.literal(DynamicSecretProviders.AwsIam), inputs: DynamicSecretAwsIamSchema }),
+  }),
-	z.object({ type: z.literal(DynamicSecretProviders.Redis), inputs: DynamicSecretRedisDBSchema }),
+  z.object({
-	z.object({ type: z.literal(DynamicSecretProviders.SapHana), inputs: DynamicSecretSapHanaSchema }),
+    type: z.literal(DynamicSecretProviders.Cassandra),
-	z.object({ type: z.literal(DynamicSecretProviders.AwsElastiCache), inputs: DynamicSecretAwsElastiCacheSchema }),
+    inputs: DynamicSecretCassandraSchema,
-	z.object({ type: z.literal(DynamicSecretProviders.MongoAtlas), inputs: DynamicSecretMongoAtlasSchema }),
+  }),
-	z.object({ type: z.literal(DynamicSecretProviders.ElasticSearch), inputs: DynamicSecretElasticSearchSchema }),
+  z.object({
-	z.object({ type: z.literal(DynamicSecretProviders.MongoDB), inputs: DynamicSecretMongoDBSchema }),
+    type: z.literal(DynamicSecretProviders.SapAse),
-	z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }),
+    inputs: DynamicSecretSapAseSchema,
-	z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }),
+  }),
-	z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }),
+  z.object({
-	z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema }),
+    type: z.literal(DynamicSecretProviders.AwsIam),
-	z.object({ type: z.literal(DynamicSecretProviders.Totp), inputs: DynamicSecretTotpSchema })
+    inputs: DynamicSecretAwsIamSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.Redis),
+    inputs: DynamicSecretRedisDBSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.SapHana),
+    inputs: DynamicSecretSapHanaSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.AwsElastiCache),
+    inputs: DynamicSecretAwsElastiCacheSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.MongoAtlas),
+    inputs: DynamicSecretMongoAtlasSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.ElasticSearch),
+    inputs: DynamicSecretElasticSearchSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.MongoDB),
+    inputs: DynamicSecretMongoDBSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.RabbitMq),
+    inputs: DynamicSecretRabbitMqSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.AzureEntraID),
+    inputs: AzureEntraIDSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.Ldap),
+    inputs: LdapSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.Snowflake),
+    inputs: DynamicSecretSnowflakeSchema,
+  }),
+  z.object({
+    type: z.literal(DynamicSecretProviders.Totp),
+    inputs: DynamicSecretTotpSchema,
+  }),
 ]);
 
-export type TDynamicSecretProvider = z.infer<typeof DynamicSecretProviderSchema>;
+export type TDynamicSecretProvider = z.infer<
+  typeof DynamicSecretProviderSchema
+>;

src/custom/secrets.ts

@@ -1,61 +1,7 @@
 import { SecretsApi } from "../api/endpoints/secrets";
 import { Secret } from "../api/types";
 import { newInfisicalError } from "./errors";
-
+import { ListSecretsOptions, GetSecretOptions, UpdateSecretOptions, CreateSecretOptions, DeleteSecretOptions } from "../api/types/secrets";
-type SecretType = "shared" | "personal";
-
-type ListSecretsOptions = {
-  environment: string;
-  projectId: string;
-  expandSecretReferences?: boolean;
-  includeImports?: boolean;
-  recursive?: boolean;
-  secretPath?: string;
-  tagSlugs?: string[];
-  viewSecretValue?: boolean;
-};
-
-type GetSecretOptions = {
-  environment: string;
-  secretName: string;
-  expandSecretReferences?: boolean;
-  includeImports?: boolean;
-  secretPath?: string;
-  type?: SecretType;
-  version?: number;
-  projectId: string;
-  viewSecretValue?: boolean;
-};
-
-type BaseSecretOptions = {
-	environment: string;
-	projectId: string;
-	secretComment?: string;
-	secretPath?: string;
-	secretReminderNote?: string;
-	secretReminderRepeatDays?: number;
-	skipMultilineEncoding?: boolean;
-	tagIds?: string[];
-	type?: SecretType;
-	metadata?: Record<string, any>;
-	secretMetadata?: Record<string, any>[];
-};
-
-export type UpdateSecretOptions = {
-  secretValue?: string;
-  newSecretName?: string;
-} & BaseSecretOptions;
-
-export type CreateSecretOptions = {
-  secretValue: string;
-} & BaseSecretOptions;
-
-export type DeleteSecretOptions = {
-  environment: string;
-  projectId: string;
-  secretPath?: string;
-  type?: SecretType;
-};
 
 const convertBool = (value?: boolean) => (value ? "true" : "false");
 
@@ -100,6 +46,11 @@ export default class SecretsClient {
     if (imports) {
       for (const imp of imports) {
         for (const importedSecret of imp.secrets) {
+          // CASE: We need to ensure that the imported values don't override the "base" secrets.
+          // Priority order is:
+					// Local/Preset variables -> Actual secrets -> Imported secrets (high->low)
+
+					// Check if the secret already exists in the secrets list
           if (!secrets.find((s) => s.secretKey === importedSecret.secretKey)) {
             secrets.push({
               ...importedSecret,

src/index.ts

@@ -97,10 +97,3 @@ export {
   TDynamicSecretProvider,
   DynamicSecretProviders,
 } from "./custom/schemas";
-
-// Export domain-specific types
-export * from "./custom/secrets";
-export * from "./custom/dynamic-secrets";
-export * from "./custom/environments";
-export * from "./custom/projects";
-export * from "./custom/folders";