feat(dynamic-secrets): GCP IAM

[x032205]

Description 📣

GCP IAM support for dynamic secrets. Clients create a service account for which tokens get generated by Infisical's dynamic secrets backend.

New docs page: /docs/documentation/platform/dynamic-secrets/gcp-iam

Type ✨

• Bug fix
• New feature
• Improvement
• Breaking change
• Documentation

---

• I have read the contributing guide, agreed and acknowledged the code of conduct. 📝

Summary by CodeRabbit

• New Features

  • Added support for GCP IAM as a dynamic secret provider, enabling creation, editing, and lease management of GCP service account tokens.
  • Introduced dedicated forms for creating and editing GCP IAM dynamic secrets in the dashboard.
  • Added a new documentation page detailing setup and usage of GCP IAM dynamic secrets.

• Improvements

  • Enhanced lease renewal forms to dynamically validate TTL values based on provider-specific limits.
  • Updated error messaging for lease renewal TTLs to provide clearer guidance.
  • Improved output display for GCP IAM dynamic secrets with copy warnings.

• Documentation

  • Updated and standardized image references and formatting across multiple dynamic secrets documentation pages.
  • Reorganized documentation navigation to include GCP IAM and improve discoverability.

[coderabbitai]

Walkthrough

This change introduces support for GCP IAM as a dynamic secret provider in both backend and frontend components. On the backend, a new GCP IAM provider module is implemented, including schema validation, token generation using Google service accounts, and appropriate error handling. The provider is registered in the dynamic secret providers index and its schema is added to the models. On the frontend, the GCP IAM provider is integrated into the dynamic secret creation and editing forms, with new React components for handling user input and validation. Documentation is updated to include GCP IAM instructions and to standardize image references across dynamic secret documentation pages. The dynamic secret lease renewal form is also updated to support dynamic TTL validation based on the selected secret's configuration.

Possibly related PRs

• Feature: Secret Rotations v2 #3343: Introduces a new version 2 architecture for secret rotations with backend, frontend, API, and documentation changes, related to dynamic secret management and provider integrations.

Suggested reviewers

• sheensantoscapadngan

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd7c4fc and 05d132a.

📒 Files selected for processing (1)

• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: Check TS and Lint
• GitHub Check: Run integration test
• GitHub Check: Check Frontend Type and Lint check

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[greptile-apps]

PR Summary

This PR adds GCP IAM dynamic secrets support, enabling on-demand generation of GCP service account tokens through Infisical's backend.

Key points to address:

• The JSON parsing of GCP credentials in /backend/src/ee/services/dynamic-secret/providers/gcp-iam.ts lacks try-catch error handling, potentially exposing uncaught exceptions
• GCP API error messages are directly exposed to users in error responses, which could leak sensitive information
• Token TTL validation in GCP IAM provider should be more robust to prevent extremely short/long-lived tokens
• Documentation should explicitly mention that GCP IAM tokens cannot be revoked once issued, as noted in the revoke function
• Consider using re2 package instead of native regex for any string validation to prevent ReDoS attacks

The implementation is otherwise well-structured with proper validation, documentation, and frontend components following established patterns.

_{21 file(s) reviewed, 17 comment(s)
Edit PR Review Bot Settings | Greptile}

[coderabbitai]

Actionable comments posted: 5

🔭 Outside diff range comments (1)

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx (1)

124-133: ⚠️ Potential issue

Potential trailing-comma / double-brace typo

Lines 128-130 close the previous Totp object and add an extra closing brace
}, before the new GcpIam object. Please ensure the array now looks like:

  {
    /* …Totp… */
  },
  {
    /* …GcpIam… */
  }

A stray brace/comma will break the build.

🧹 Nitpick comments (8)

backend/src/ee/services/dynamic-secret/providers/models.ts (1)

308-310: Consider adding a description to the serviceAccountEmail field.

The schema validation for the GCP IAM service account email looks correct, but adding a description like other schema fields have would improve documentation and developer experience.

-export const DynamicSecretGcpIamSchema = z.object({
-  serviceAccountEmail: z.string().email().trim().min(1, "Service account email required")
-});
+export const DynamicSecretGcpIamSchema = z.object({
+  serviceAccountEmail: z.string().email().trim().min(1, "Service account email required").describe("Email address of the GCP service account for which tokens will be generated")
+});

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (3)

13-40: Form validation schema looks good, but consider extracting TTL validation.

The validation logic for the TTL fields is correct, enforcing values between 1 second and 1 hour. However, since you have similar validation in other files like RenewDynamicSecretLease.tsx, consider extracting this to a shared utility function.

---

80-80: Remove console.log before production.

Debug statement should be removed before merging to production.

-    console.log("handleCreateDynamicSecret called");

---

100-105: Add more specific error messages for failure cases.

The current error notification is generic. Consider catching specific error types and providing more meaningful error messages to help users troubleshoot issues.

-    } catch {
+    } catch (error) {
+      console.error("Failed to create GCP IAM dynamic secret:", error);
       createNotification({
         type: "error",
-        text: "Failed to create dynamic secret"
+        text: error.response?.data?.message || "Failed to create dynamic secret"
       });
     }

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/RenewDynamicSecretLease.tsx (1)

24-26: Remove unused optional props.

The component accepts optional TTL-related props (minTtl, maxTtl, defaultTtl) but doesn't use them anywhere in the implementation since it now uses the values from the dynamicSecret object directly.

  dynamicSecret: TDynamicSecret;
  projectSlug: string;
  environment: string;
  secretPath: string;
-  minTtl?: string; // Optional minimum TTL, defaults to 1min
-  maxTtl?: string; // Optional maximum TTL, defaults to 1day
-  defaultTtl?: string; // Optional default TTL, defaults to 1h

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx (1)

61-69: Duplicate source of default values

defaultValue is supplied in each Controller while the same values are already
passed through the values prop of useForm. React-Hook-Form logs a warning
when both are present and only one gets applied. You can remove the
defaultValue on the individual controllers to avoid the noise and potential
future confusion.

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx (1)

482-500: Consider a declarative mapping to reduce 20-way conditional rendering

The ever-growing chain of wizardStep === … && selectedProvider === …
conditions is hard to maintain and easy to forget when adding providers.
A simple mapping table keeps the JSX terse and future-proof:

const PROVIDER_FORM_MAP = {
  [DynamicSecretProviders.SqlDatabase]: SqlDatabaseInputForm,
  [DynamicSecretProviders.GcpIam]: GcpIamInputForm,
  // …
} as const;

const ProviderForm = PROVIDER_FORM_MAP[selectedProvider!];
return (
  wizardStep === WizardSteps.ProviderInputs && ProviderForm && (
    <motion.div /* … */>
      <ProviderForm {...commonProps} />
    </motion.div>
  )
);

docs/documentation/platform/dynamic-secrets/gcp-iam.mdx (1)

139-141: Minor wording – plural agreement

“Lease renewals cannot exceed the maximum TTL value set when configuring the
dynamic secret.”

Not critical, purely editorial.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 0d2b3ad and 45c84d4.

⛔ Files ignored due to path filters (10)

• docs/images/platform/dynamic-secrets/add-dynamic-secret-button.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-gcp-iam-lease.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-gcp-iam-modal.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-generate-redis.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-generate.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-lease-empty-redis.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-lease-empty.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/dynamic-secret-lease-renew.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/lease-data.png is excluded by !**/*.png
• docs/images/platform/dynamic-secrets/provision-lease.png is excluded by !**/*.png

📒 Files selected for processing (21)

• backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts (1 hunks)
• backend/src/ee/services/dynamic-secret/providers/gcp-iam.ts (1 hunks)
• backend/src/ee/services/dynamic-secret/providers/index.ts (2 hunks)
• backend/src/ee/services/dynamic-secret/providers/models.ts (3 hunks)
• docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx (3 hunks)
• docs/documentation/platform/dynamic-secrets/azure-entra-id.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/elastic-search.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/gcp-iam.mdx (1 hunks)
• docs/documentation/platform/dynamic-secrets/ldap.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/redis.mdx (3 hunks)
• docs/mint.json (1 hunks)
• frontend/src/hooks/api/dynamicSecret/types.ts (2 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/AwsIamInputForm.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/CreateDynamicSecretForm.tsx (4 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/DynamicSecretLease.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx (2 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/RenewDynamicSecretLease.tsx (3 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (4)

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx (1)

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx (1)

• EditDynamicSecretGcpIamForm (48-189)

backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts (1)

backend/src/lib/errors/index.ts (1)

• BadRequestError (88-98)

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (2)

frontend/src/hooks/api/workspace/types.ts (1)

• WorkspaceEnv (42-46)

frontend/src/components/v2/FilterableSelect/FilterableSelect.tsx (1)

• FilterableSelect (12-118)

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx (1)

frontend/src/hooks/api/dynamicSecret/types.ts (1)

• TDynamicSecret (6-17)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Check TS and Lint
• GitHub Check: Run integration test

🔇 Additional comments (22)

docs/documentation/platform/dynamic-secrets/redis.mdx (1)

64-68: Formatting and image reference updates are correct.
Removed trailing whitespace and standardized image filenames by dropping the “-redis” suffix. The updated relative and absolute image paths align with other dynamic‐secrets docs.

Also applies to: 72-77, 88-91, 95-96, 106-106

docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx (1)

102-106: Formatting and image reference standardization approved.
Trailing spaces have been removed and Redis-specific image suffixes updated to generic names. The documentation remains semantically unchanged and consistent.

Also applies to: 110-116, 126-126, 133-134, 144-144

docs/documentation/platform/dynamic-secrets/elastic-search.mdx (1)

85-89: Whitespace removal and image path corrections look good.
Consistent removal of trailing spaces and update of Redis-specific image filenames to Elasticsearch-appropriate ones. No content changes detected.

Also applies to: 93-98, 109-109, 116-116

docs/documentation/platform/dynamic-secrets/azure-entra-id.mdx (1)

126-127: Documentation formatting and image updates are accurate.
All trailing spaces have been cleaned up and image references have been standardized to provider-agnostic names.

Also applies to: 130-131, 134-136, 146-146

docs/documentation/platform/dynamic-secrets/ldap.mdx (1)

136-137: Image reference updates and whitespace cleanup approved.
Replaced Redis-specific screenshots with generic dynamic-secret images and removed trailing whitespace. No procedural changes introduced.

Also applies to: 239-240

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/AwsIamInputForm.tsx (1)

124-124: Improved placeholder text for better UI consistency

The placeholder for the Secret Name input has been updated from "dynamic-postgres" to "dynamic-secret", which provides a more generic and consistent example across different dynamic secret provider forms.

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/DynamicSecretLease.tsx (1)

255-255: Added dynamic secret configuration to lease renewal component

Passing the full dynamicSecret object to the RenewDynamicSecretLease component allows for dynamic TTL validation based on the specific secret's configuration, rather than using hardcoded validation constants.

backend/src/ee/services/dynamic-secret-lease/dynamic-secret-lease-service.ts (1)

230-233: Enhanced error message for improved user experience

The error message for exceeding maximum TTL has been improved to be more descriptive and actionable, providing clear guidance to users on how to resolve the issue.

The new message is more user-friendly and provides concrete next steps, which will improve the developer experience when working with dynamic secrets.

docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx (1)

74-74: Improved documentation formatting and image references

Fixed trailing whitespace and updated image references for consistency across documentation files. These changes align with similar adjustments made to other dynamic secrets documentation.

I noticed the image paths on lines 86-87 were updated to remove "redis" from the filenames, ensuring they correctly point to RabbitMQ-specific images.

Also applies to: 77-77, 82-83, 86-87, 98-98, 105-105

backend/src/ee/services/dynamic-secret/providers/index.ts (2)

9-9: LGTM: New GCP IAM provider import

The import for the GcpIamProvider module is correctly added.

---

42-43: LGTM: GCP IAM provider registration

The GcpIamProvider is properly registered in the dynamic secret providers registry, maintaining the alphabetical order of providers.

docs/mint.json (1)

203-218: LGTM: Documentation navigation updated with GCP IAM page

The navigation menu is correctly updated to include the new GCP IAM documentation page in an appropriate position between ElasticSearch and LDAP. The ordering of other dynamic secret pages is also improved for better organization.

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretForm.tsx (2)

12-12: LGTM: Importing GCP IAM edit form component

The import statement for the new GcpIam form component is correctly added.

---

317-333: LGTM: GCP IAM edit form integration

The GCP IAM edit form is properly integrated following the same pattern as other providers. The motion animation props, unique key, and component props all match the existing implementation style.

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/CreateDynamicSecretLease.tsx (1)

338-354: LGTM: GCP IAM credential display support

The implementation for displaying GCP IAM credentials follows the established pattern for other providers. The TOKEN and SERVICE_ACCOUNT_EMAIL values are properly displayed with appropriate labels and warning messages.

frontend/src/hooks/api/dynamicSecret/types.ts (2)

34-35: Properly added new GCP IAM provider type.

The addition of GcpIam = "gcp-iam" to the DynamicSecretProviders enum follows the existing pattern and naming convention.

---

265-271: LGTM: GCP IAM provider type definition properly implemented.

The union type definition for the GCP IAM provider correctly specifies the required serviceAccountEmail field, maintaining consistency with other provider type definitions.

backend/src/ee/services/dynamic-secret/providers/models.ts (2)

327-328: Properly added GCP IAM to providers enum.

The addition of GcpIam = "gcp-iam" to the DynamicSecretProviders enum follows the existing pattern and naming convention.

---

346-347: Properly integrated GCP IAM into the providers schema.

The GCP IAM provider is correctly integrated into the DynamicSecretProviderSchema discriminated union.

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (2)

178-190: Good job providing documentation links.

The form includes helpful links to documentation to guide users on finding the service account email, which enhances user experience.

---

109-233: Form structure and organization look good.

The form layout follows good UX practices with clear labels, validation, and organized form sections.

frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/RenewDynamicSecretLease.tsx (1)

64-64: Good job making TTL values dynamic.

The changes to use the dynamic secret's defaultTTL as the initial form value in both spots ensure consistency with the secret's configuration.

Also applies to: 100-100

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (1)

97-102: Consider logging the error in the catch block

While a previous reviewer noted that error handling is "handled elsewhere", it's still a good practice to log the caught error for debugging purposes.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 45c84d4 and bd7c4fc.

📒 Files selected for processing (16)

• docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/azure-entra-id.mdx (1 hunks)
• docs/documentation/platform/dynamic-secrets/elastic-search.mdx (1 hunks)
• docs/documentation/platform/dynamic-secrets/gcp-iam.mdx (1 hunks)
• docs/documentation/platform/dynamic-secrets/ldap.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/mongo-db.mdx (2 hunks)
• docs/documentation/platform/dynamic-secrets/mssql.mdx (3 hunks)
• docs/documentation/platform/dynamic-secrets/mysql.mdx (3 hunks)
• docs/documentation/platform/dynamic-secrets/oracle.mdx (4 hunks)
• docs/documentation/platform/dynamic-secrets/postgresql.mdx (3 hunks)
• docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx (1 hunks)
• docs/documentation/platform/dynamic-secrets/redis.mdx (2 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx (1 hunks)
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/RenewDynamicSecretLease.tsx (3 hunks)

✅ Files skipped from review due to trivial changes (11)

• docs/documentation/platform/dynamic-secrets/mysql.mdx
• docs/documentation/platform/dynamic-secrets/mongo-atlas.mdx
• docs/documentation/platform/dynamic-secrets/ldap.mdx
• docs/documentation/platform/dynamic-secrets/mssql.mdx
• docs/documentation/platform/dynamic-secrets/oracle.mdx
• docs/documentation/platform/dynamic-secrets/aws-elasticache.mdx
• docs/documentation/platform/dynamic-secrets/redis.mdx
• docs/documentation/platform/dynamic-secrets/rabbit-mq.mdx
• docs/documentation/platform/dynamic-secrets/mongo-db.mdx
• docs/documentation/platform/dynamic-secrets/elastic-search.mdx
• docs/documentation/platform/dynamic-secrets/postgresql.mdx

🚧 Files skipped from review as they are similar to previous changes (4)

• docs/documentation/platform/dynamic-secrets/azure-entra-id.mdx
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/RenewDynamicSecretLease.tsx
• frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretGcpIamForm.tsx
• docs/documentation/platform/dynamic-secrets/gcp-iam.mdx

🧰 Additional context used

🧬 Code Graph Analysis (1)

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (2)

frontend/src/hooks/api/workspace/types.ts (1)

• WorkspaceEnv (42-46)

frontend/src/components/v2/FilterableSelect/FilterableSelect.tsx (1)

• FilterableSelect (12-118)

🪛 GitHub Actions: Check Frontend Type and Lint check

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx

[error] 32-32: TypeScript error TS2769: No overload matches this call.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Check TS and Lint
• GitHub Check: Run integration test

🔇 Additional comments (5)

frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/GcpIamInputForm.tsx (5)

13-24: Good implementation of TTL validation function

The function properly validates TTL values by checking for empty values, verifying the format is valid via the ms function, and ensuring values are between 1 second and 1 hour. The early return patterns help improve readability and error handling.

---

42-49: Good props definition

The props interface is well-defined with clear types and includes an optional flag for single environment mode.

---

66-66: Environment selection is safely implemented

The code properly checks that the environments array is not empty before accessing the first element, preventing potential runtime errors.

---

175-187: Good documentation reference for service account email

The helper text with a link to documentation helps users understand where to find the service account email. This improves the user experience by providing contextual help directly in the interface.

---

195-217: Proper conditional rendering of environment selector

The environment selector is only shown when not in single environment mode. The implementation uses the FilterableSelect component correctly with appropriate props for option handling.

[maidul98]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)