Update docs for blind indices and secrets v3 endpoints

backend/swagger/index.ts

@@ -220,7 +220,7 @@ const generateOpenAPISpec = async () => {
 
   const outputJSONFile = '../spec.json';
   const outputYAMLFile = '../docs/spec.yaml';
-  const endpointsFiles = ['../src/app.ts'];
+  const endpointsFiles = ['../src/index.ts'];
 
   const spec = await swaggerAutogen(outputJSONFile, endpointsFiles, doc);
   await fs.writeFile(outputYAMLFile, yaml.dump(spec.data));

docs/api-reference/endpoints/secrets/create.mdx

@@ -1,11 +1,11 @@
 ---
 title: "Create"
-openapi: "POST /api/v2/secrets/"
+openapi: "POST /api/v3/secrets/{secretName}"
 ---
 
 <Tip>
   Using this route requires understanding Infisical's system and cryptography.
   It may be helpful to read through the
   [introduction](/api-reference/overview/introduction) and [guide for creating
-  secrets](/api-reference/overview/examples/create-secrets).
+  secrets](/api-reference/overview/examples/create-secret).
 </Tip>

docs/api-reference/endpoints/secrets/delete.mdx

@@ -1,4 +1,4 @@
 ---
 title: "Delete"
-openapi: "DELETE /api/v2/secrets/"
+openapi: "DELETE /api/v3/secrets/{secretName}"
 ---

docs/api-reference/endpoints/secrets/read-one.mdx

@@ -0,0 +1,11 @@
+---
+title: "Retrieve"
+openapi: "GET /api/v3/secrets/{secretName}"
+---
+
+<Tip>
+  Using this route requires understanding Infisical's system and cryptography.
+  It may be helpful to read through the
+  [introduction](/api-reference/overview/introduction) and [guide for retrieving
+  secrets](/api-reference/overview/examples/retrieve-secret).
+</Tip>

docs/api-reference/endpoints/secrets/read.mdx

@@ -1,11 +1,11 @@
 ---
-title: "Retrieve"
-openapi: "GET /api/v2/secrets/"
+title: "Retrieve All"
+openapi: "GET /api/v3/secrets/"
 ---
 
 <Tip>
   Using this route requires understanding Infisical's system and cryptography.
   It may be helpful to read through the
   [introduction](/api-reference/overview/introduction) and [guide for retrieving
-  secrets](/api-reference/overview/examples/retrieve-secrets).
+  secrets](/api-reference/overview/examples/retrieve-secret).
 </Tip>

docs/api-reference/endpoints/secrets/update.mdx

@@ -1,11 +1,11 @@
 ---
 title: "Update"
-openapi: "PATCH /api/v2/secrets/"
+openapi: "PATCH /api/v3/secrets/{secretName}"
 ---
 
 <Tip>
   Using this route requires understanding Infisical's system and cryptography.
   It may be helpful to read through the
   [introduction](/api-reference/overview/introduction) and [guide for updating
-  secrets](/api-reference/overview/examples/update-secrets).
+  secrets](/api-reference/overview/examples/update-secret).
 </Tip>

docs/api-reference/overview/blind-indices.mdx

@@ -0,0 +1,18 @@
+---
+title: "Blind Indices"
+---
+
+In April 2023, we added the capability for users to query for secrets by name to improve the user experience of Infisical. Previously, it was only possible to query by id of the secret or fetch all secrets belonging to a project and environment.
+
+Blind indexing must be enabled for projects created prior to April 2023 to take effect. If your project can be blind indexed, then you'll see a section in your project settings appear as shown below:
+
+![project enable blind indices](../../images/project-settings-blind-indices.png)
+
+
+It works using virtually irreversible blind indices generated by applying `argon2id` to the name of each secret and a random 128-bit salt assigned to each project on the server. We continue to keep the values of secrets E2EE by default. 
+
+You can read more about it [here](/security/mechanics).
+
+<Note>
+    As previously mentioned, all projects made after April 2023 are automatically blind indexed. If you created a project before this date, you have to enable it manually in your project settings.
+</Note>

docs/api-reference/overview/examples/create-secrets.mdx → docs/api-reference/overview/examples/create-secret.mdx

@@ -1,21 +1,21 @@
 ---
-title: "Create secrets"
+title: "Create secret"
+description: "How to add a secret using an Infisical Token scoped to a project and environment"
 ---
 
-In this example, we demonstrate how to add secrets to a project and environment using an Infisical Token.
-
 Prerequisites:
 
-- Set up and add envars to [Infisical Cloud](https://app.infisical.com)
-- Create an [Infisical Token](../../../getting-started/dashboard/token) for your project and environment.
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com).
+- Create an [Infisical Token](../../../getting-started/dashboard/token) for your project and environment with write access enabled.
 - Grasp a basic understanding of the system and its underlying cryptography [here](/api-reference/overview/introduction).
+- [Ensure that your project is blind-indexed](../blind-indices).
 
 ## Flow
 
 1. [Get your Infisical Token data](/api-reference/endpoints/service-tokens/get) including a (encrypted) project key.
 2. Decrypt the (encrypted) project key with the key from your Infisical Token.
-3. Encrypt your secret(s) with the project key
-4. [Send (encrypted) secret(s) to Infical](/api-reference/endpoints/secrets/create)
+3. Encrypt your secret with the project key
+4. [Send (encrypted) secret to Infisical](/api-reference/endpoints/secrets/create)
 
 ## Example
 
@@ -84,7 +84,7 @@ const createSecrets = async () => {
         secret: serviceTokenSecret
     });
 
-	// 3. Encrypt your secret(s) with the project key
+	// 3. Encrypt your secret with the project key
     const {
         ciphertext: secretKeyCiphertext,
         iv: secretKeyIV,
@@ -111,27 +111,23 @@ const createSecrets = async () => {
         text: secretComment,
         secret: projectKey
     });
-
-    const secret = {
-        type: secretType,
-        secretKeyCiphertext,
-        secretKeyIV,
-        secretKeyTag,
-        secretValueCiphertext,
-        secretValueIV,
-        secretValueTag,
-        secretCommentCiphertext,
-        secretCommentIV,
-        secretCommentTag
-    }
 
-	// 4. Send (encrypted) secret(s) to Infisical
+	// 4. Send (encrypted) secret to Infisical
     await axios.post(
-        `${BASE_URL}/api/v2/secrets`,
+        `${BASE_URL}/api/v3/secrets/${secretKey}`,
         {
             workspaceId: serviceTokenData.workspace,
             environment: serviceTokenData.environment,
-            secrets: [secret]
+            type: secretType,
+            secretKeyCiphertext,
+            secretKeyIV,
+            secretKeyTag,
+            secretValueCiphertext,
+            secretValueIV,
+            secretValueTag,
+            secretCommentCiphertext,
+            secretCommentIV,
+            secretCommentTag
         },
         {
             headers: {
@@ -204,31 +200,27 @@ def create_secrets():
         secret=service_token_secret,
     )
 
-    # 3. Encrypt your secret(s) with the project key
+    # 3. Encrypt your secret with the project key
     encrypted_key_data = encrypt(text=secret_key, secret=project_key)
     encrypted_value_data = encrypt(text=secret_value, secret=project_key)
     encrypted_comment_data = encrypt(text=secret_comment, secret=project_key)
 
-    secret = {
-        "type": secret_type,
-        "secretKeyCiphertext": encrypted_key_data["ciphertext"],
-        "secretKeyIV": encrypted_key_data["iv"],
-        "secretKeyTag": encrypted_key_data["tag"],
-        "secretValueCiphertext": encrypted_value_data["ciphertext"],
-        "secretValueIV": encrypted_value_data["iv"],
-        "secretValueTag": encrypted_value_data["tag"],
-        "secretCommentCiphertext": encrypted_comment_data["ciphertext"],
-        "secretCommentIV": encrypted_comment_data["iv"],
-        "secretCommentTag": encrypted_comment_data["tag"],
-    }
-
-    # 4. Send (encrypted) secret (s) to Infisical
+    # 4. Send (encrypted) secret to Infisical
     requests.post(
-        f"{BASE_URL}/api/v2/secrets",
+        f"{BASE_URL}/api/v3/secrets/{secret_key}",
         json={
             "workspaceId": service_token_data["workspace"],
             "environment": service_token_data["environment"],
-            "secrets": [secret],
+            "type": secret_type,
+            "secretKeyCiphertext": encrypted_key_data["ciphertext"],
+            "secretKeyIV": encrypted_key_data["iv"],
+            "secretKeyTag": encrypted_key_data["tag"],
+            "secretValueCiphertext": encrypted_value_data["ciphertext"],
+            "secretValueIV": encrypted_value_data["iv"],
+            "secretValueTag": encrypted_value_data["tag"],
+            "secretCommentCiphertext": encrypted_comment_data["ciphertext"],
+            "secretCommentIV": encrypted_comment_data["iv"],
+            "secretCommentTag": encrypted_comment_data["tag"]
         },
         headers={"Authorization": f"Bearer {service_token}"},
     )
@@ -238,10 +230,4 @@ create_secrets()
 
 ```
 </Tab>
-</Tabs>
-
-<Info>
-  This example uses [TweetNaCl.js](https://tweetnacl.js.org/#/), a port of
-  TweetNacl/Nacl, to perform asymmeric decryption of the project key but there
-  are ports of NaCl available in every major language.
-</Info>
+</Tabs>

docs/api-reference/overview/examples/delete-secret.mdx

@@ -0,0 +1,94 @@
+---
+title: "Delete secret"
+description: "How to delete a secret using an Infisical Token scoped to a project and environment"
+---
+
+Prerequisites:
+
+- Set up and add envars to [Infisical Cloud](https://app.infisical.com).
+- Create either an [API Key](/api-reference/overview/authentication) or [Infisical Token](../../../getting-started/dashboard/token) for your project and environment with write access enabled.
+- Grasp a basic understanding of the system and its underlying cryptography [here](/api-reference/overview/introduction).
+- [Ensure that your project is blind-indexed](../blind-indices).
+
+## Example
+
+<Tabs>
+  <Tab title="Javascript">
+```js
+const axios = require('axios'); 
+const BASE_URL = 'https://app.infisical.com';
+
+const deleteSecrets = async () => {
+  const serviceToken = 'your_service_token';
+  const secretType = 'shared' // 'shared' or 'personal'
+  const secretKey = 'some_key'
+
+  // 1. Get your Infisical Token data
+  const { data: serviceTokenData } = await axios.get(
+      `${BASE_URL}/api/v2/service-token`,
+      {
+          headers: {
+              Authorization: `Bearer ${serviceToken}`
+          }
+      }
+  );
+
+  // 2. Delete secret from Infisical
+  await axios.delete(
+    `${BASE_URL}/api/v3/secrets/${secretKey}`,
+    {
+      workspaceId: serviceTokenData.workspace,
+      environment: serviceTokenData.environment,
+      type: secretType
+    },
+    {
+      headers: {
+        Authorization: `Bearer ${serviceToken}`
+      },
+    }
+  );
+};
+
+deleteSecrets();
+```
+  </Tab>
+
+  <Tab title="Python">
+```Python
+import requests
+
+BASE_URL = "https://app.infisical.com"
+
+
+def delete_secrets():
+    service_token = "<your_service_token>"
+    secret_type = "shared" # "shared" or "personal"
+    secret_key = "some_key"
+
+    # 1. Get your Infisical Token data
+    service_token_data = requests.get(
+        f"{BASE_URL}/api/v2/service-token",
+        headers={"Authorization": f"Bearer {service_token}"},
+    ).json() 
+
+    # 2. Delete secret from Infisical
+    requests.delete(
+        f"{BASE_URL}/api/v2/secrets/{secret_key}",
+        json={
+            "workspaceId": service_token_data["workspace"],
+            "environment": service_token_data["environment"],
+            "type": secret_type
+        },
+        headers={"Authorization": f"Bearer {service_token}"},
+    )
+
+
+delete_secrets()
+
+```
+  </Tab>
+</Tabs>
+<Info>
+  If using an `API_KEY` to authenticate with the Infisical API, then you should include it in the `X_API_KEY` header.
+</Info>
+