feat: TOTP dynamic secret provider

backend/src/ee/services/dynamic-secret/providers/index.ts

@@ -13,6 +13,7 @@ import { RabbitMqProvider } from "./rabbit-mq";
 import { RedisDatabaseProvider } from "./redis";
 import { SapHanaProvider } from "./sap-hana";
 import { SqlDatabaseProvider } from "./sql-database";
+import { TotpProvider } from "./totp";
 
 export const buildDynamicSecretProviders = () => ({
   [DynamicSecretProviders.SqlDatabase]: SqlDatabaseProvider(),
@@ -27,5 +28,6 @@ export const buildDynamicSecretProviders = () => ({
   [DynamicSecretProviders.AzureEntraID]: AzureEntraIDProvider(),
   [DynamicSecretProviders.Ldap]: LdapProvider(),
   [DynamicSecretProviders.SapHana]: SapHanaProvider(),
-  [DynamicSecretProviders.Snowflake]: SnowflakeProvider()
+  [DynamicSecretProviders.Snowflake]: SnowflakeProvider(),
+  [DynamicSecretProviders.Totp]: TotpProvider()
 });

backend/src/ee/services/dynamic-secret/providers/models.ts

@@ -221,6 +221,10 @@ export const LdapSchema = z.union([
   })
 ]);
 
+export const DynamicSecretTotpSchema = z.object({
+  url: z.string().url().trim().min(1)
+});
+
 export enum DynamicSecretProviders {
   SqlDatabase = "sql-database",
   Cassandra = "cassandra",
@@ -234,7 +238,8 @@ export enum DynamicSecretProviders {
   AzureEntraID = "azure-entra-id",
   Ldap = "ldap",
   SapHana = "sap-hana",
-  Snowflake = "snowflake"
+  Snowflake = "snowflake",
+  Totp = "totp"
 }
 
 export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
@@ -250,7 +255,8 @@ export const DynamicSecretProviderSchema = z.discriminatedUnion("type", [
   z.object({ type: z.literal(DynamicSecretProviders.RabbitMq), inputs: DynamicSecretRabbitMqSchema }),
   z.object({ type: z.literal(DynamicSecretProviders.AzureEntraID), inputs: AzureEntraIDSchema }),
   z.object({ type: z.literal(DynamicSecretProviders.Ldap), inputs: LdapSchema }),
-  z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema })
+  z.object({ type: z.literal(DynamicSecretProviders.Snowflake), inputs: DynamicSecretSnowflakeSchema }),
+  z.object({ type: z.literal(DynamicSecretProviders.Totp), inputs: DynamicSecretTotpSchema })
 ]);
 
 export type TDynamicProviderFns = {

backend/src/ee/services/dynamic-secret/providers/totp.ts

@@ -0,0 +1,70 @@
+import { authenticator } from "otplib";
+import { HashAlgorithms } from "otplib/core";
+
+import { BadRequestError } from "@app/lib/errors";
+import { alphaNumericNanoId } from "@app/lib/nanoid";
+
+import { DynamicSecretTotpSchema, TDynamicProviderFns } from "./models";
+
+export const TotpProvider = (): TDynamicProviderFns => {
+  const validateProviderInputs = async (inputs: unknown) => {
+    const providerInputs = await DynamicSecretTotpSchema.parseAsync(inputs);
+
+    const urlObj = new URL(providerInputs.url);
+    const secret = urlObj.searchParams.get("secret");
+    if (!secret) {
+      throw new BadRequestError({
+        message: "TOTP secret is missing from URL"
+      });
+    }
+
+    return providerInputs;
+  };
+
+  const validateConnection = async () => {
+    return true;
+  };
+
+  const create = async (inputs: unknown) => {
+    const providerInputs = await validateProviderInputs(inputs);
+
+    const entityId = alphaNumericNanoId(32);
+    const authenticatorInstance = authenticator.clone();
+
+    const urlObj = new URL(providerInputs.url);
+    const secret = urlObj.searchParams.get("secret") as string;
+    const periodFromUrl = urlObj.searchParams.get("period");
+    const digitsFromUrl = urlObj.searchParams.get("digits");
+    const algorithm = urlObj.searchParams.get("algorithm");
+
+    if (digitsFromUrl) {
+      authenticatorInstance.options = { digits: +digitsFromUrl };
+    }
+
+    if (algorithm) {
+      authenticatorInstance.options = { algorithm: algorithm.toLowerCase() as HashAlgorithms };
+    }
+
+    if (periodFromUrl) {
+      authenticatorInstance.options = { step: +periodFromUrl };
+    }
+
+    return { entityId, data: { TOTP: authenticatorInstance.generate(secret) } };
+  };
+
+  const revoke = async (inputs: unknown, entityId: string) => {
+    return { entityId };
+  };
+
+  const renew = async (inputs: unknown, entityId: string) => {
+    return { entityId };
+  };
+
+  return {
+    validateProviderInputs,
+    validateConnection,
+    create,
+    revoke,
+    renew
+  };
+};

docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx

@@ -69,7 +69,7 @@ The Infisical AWS ElastiCache dynamic secret allows you to generate AWS ElastiCa
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -131,12 +131,12 @@ The Infisical AWS ElastiCache dynamic secret allows you to generate AWS ElastiCa
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/aws-iam.mdx

@@ -66,7 +66,7 @@ Replace **\<account id\>** with your AWS account id and **\<aws-scope-path\>** w
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -138,12 +138,12 @@ Replace **\<account id\>** with your AWS account id and **\<aws-scope-path\>** w
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the lease details  and delete the lease ahead of its expiration time.
+This will allow you to see the lease details and delete the lease ahead of its expiration time.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/azure-entra-id.mdx

@@ -98,7 +98,7 @@ Click on Add assignments. Search for the application name you created and select
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -151,12 +151,12 @@ Click on Add assignments. Search for the application name you created and select
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/cassandra.mdx

@@ -39,7 +39,7 @@ The above configuration allows user creation and granting permissions.
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -116,12 +116,12 @@ The above configuration allows user creation and granting permissions.
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the lease details  and delete the lease ahead of its expiration time.
+This will allow you to see the lease details and delete the lease ahead of its expiration time.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret lease past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/elastic-search.mdx

@@ -34,7 +34,7 @@ The Infisical Elasticsearch dynamic secret allows you to generate Elasticsearch
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -114,12 +114,12 @@ The Infisical Elasticsearch dynamic secret allows you to generate Elasticsearch
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/ldap.mdx

@@ -31,7 +31,7 @@ The Infisical LDAP dynamic secret allows you to generate user credentials on dem
         </ParamField>
 
         <ParamField path="Default TTL" type="string" required>
-          Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+          Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
         </ParamField>
 
         <ParamField path="Max TTL" type="string" required>
@@ -171,7 +171,7 @@ The Infisical LDAP dynamic secret allows you to generate user credentials on dem
         </ParamField>
 
         <ParamField path="Default TTL" type="string" required>
-          Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+          Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
         </ParamField>
 
         <ParamField path="Max TTL" type="string" required>

docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx

@@ -30,7 +30,7 @@ Create a project scopped API Key with the required permission in your Mongo Atla
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -101,12 +101,12 @@ Create a project scopped API Key with the required permission in your Mongo Atla
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/mongo-db.mdx

@@ -31,7 +31,7 @@ Create a user with the required permission in your MongoDB instance. This user w
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -103,12 +103,12 @@ Create a user with the required permission in your MongoDB instance. This user w
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/mssql.mdx

@@ -28,7 +28,7 @@ Create a user with the required permission in your SQL instance. This user will
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -105,12 +105,12 @@ Create a user with the required permission in your SQL instance. This user will
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete the lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete the lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/mysql.mdx

@@ -27,7 +27,7 @@ Create a user with the required permission in your SQL instance. This user will
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -102,12 +102,12 @@ Create a user with the required permission in your SQL instance. This user will
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>

docs/documentation/platform/dynamic-secrets/oracle.mdx

@@ -27,7 +27,7 @@ Create a user with the required permission in your SQL instance. This user will
 	</ParamField>
 
 	<ParamField path="Default TTL" type="string" required>
-		Default time-to-live for a generated secret (it is possible to modify this value when a secret is generate)
+		Default time-to-live for a generated secret (it is possible to modify this value after a secret is generated)
 	</ParamField>
 
 	<ParamField path="Max TTL" type="string" required>
@@ -102,12 +102,12 @@ Create a user with the required permission in your SQL instance. This user will
 
 ## Audit or Revoke Leases
 Once you have created one or more leases, you will be able to access them by clicking on the respective dynamic secret item on the dashboard. 
-This will allow you see the expiration time of the lease or delete a lease before it's set time to live.
+This will allow you to see the expiration time of the lease or delete a lease before it's set time to live.
 
 ![Provision Lease](/images/platform/dynamic-secrets/lease-data.png)
 
 ## Renew Leases
-To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** as illustrated below.
+To extend the life of the generated dynamic secret leases past its initial time to live, simply click on the **Renew** button as illustrated below.
 ![Provision Lease](/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png)
 
 <Warning>