From 581a5a0bd8bdbe4fe4c62cad9fca46308cdc8c38 Mon Sep 17 00:00:00 2001
From: Brendan Kellam <bshizzle1234@gmail.com>
Date: Fri, 31 Oct 2025 13:08:51 -0700
Subject: [PATCH 1/3] fix(web): Fix `/settings/connections` throwing a error
 when there is a `git` connection present (#588)

---
 CHANGELOG.md                                  |  1 +
 packages/backend/src/constants.ts             |  3 +-
 packages/backend/src/repoCompileUtils.ts      | 11 ++--
 packages/backend/src/utils.ts                 |  2 +-
 .../migration.sql                             | 14 ++++
 .../migration.sql                             | 22 +++++++
 packages/db/prisma/schema.prisma              | 31 ++++++++-
 .../[...path]/components/codePreviewPanel.tsx |  2 +-
 .../[domain]/chat/components/demoCards.tsx    |  3 +-
 .../app/[domain]/components/configEditor.tsx  |  2 +-
 .../components/importSecretDialog.tsx         |  7 +-
 .../navigationMenu/progressIndicator.tsx      | 23 ++-----
 .../app/[domain]/components/pathHeader.tsx    | 22 +++----
 .../components/repositoryCarousel.tsx         | 20 ++----
 .../web/src/app/[domain]/repos/[id]/page.tsx  |  2 +-
 .../repos/components/repoBranchesTable.tsx    |  7 +-
 .../[domain]/repos/components/reposTable.tsx  | 11 ++--
 .../settings/connections/[id]/page.tsx        | 21 +++---
 .../components/connectionsTable.tsx           |  9 +--
 .../[domain]/settings/connections/page.tsx    |  4 +-
 .../secrets/components/importSecretCard.tsx   |  3 +-
 .../referencedFileSourceListItem.tsx          |  3 +-
 .../chat/components/searchScopeIcon.tsx       |  3 +-
 packages/web/src/features/fileTree/actions.ts |  2 +-
 packages/web/src/features/search/schemas.ts   |  5 +-
 packages/web/src/lib/schemas.ts               |  3 +-
 packages/web/src/lib/utils.ts                 | 66 ++++++++-----------
 27 files changed, 175 insertions(+), 127 deletions(-)
 create mode 100644 packages/db/prisma/migrations/20251031012851_change_connection_type_to_enum/migration.sql
 create mode 100644 packages/db/prisma/migrations/20251031014307_change_repo_code_host_type_to_enum/migration.sql

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d4cc114c..a0bf5e9e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - [ask sb] Fixed issue where reasoning tokens would appear in `text` content for openai compatible models. [#582](https://github.com/sourcebot-dev/sourcebot/pull/582)
 - Fixed issue with GitHub app token tracking and refreshing. [#583](https://github.com/sourcebot-dev/sourcebot/pull/583)
 - Fixed "The account is already associated with another user" errors with GitLab oauth provider. [#584](https://github.com/sourcebot-dev/sourcebot/pull/584)
+- Fixed error when viewing a generic git connection in `/settings/connections`. [#588](https://github.com/sourcebot-dev/sourcebot/pull/588)
 
 ## [4.8.1] - 2025-10-29
 
diff --git a/packages/backend/src/constants.ts b/packages/backend/src/constants.ts
index 9ba858de..f073bac5 100644
--- a/packages/backend/src/constants.ts
+++ b/packages/backend/src/constants.ts
@@ -1,9 +1,10 @@
+import { CodeHostType } from "@sourcebot/db";
 import { env } from "./env.js";
 import path from "path";
 
 export const SINGLE_TENANT_ORG_ID = 1;
 
-export const PERMISSION_SYNC_SUPPORTED_CODE_HOST_TYPES = [
+export const PERMISSION_SYNC_SUPPORTED_CODE_HOST_TYPES: CodeHostType[] = [
     'github',
     'gitlab',
 ];
diff --git a/packages/backend/src/repoCompileUtils.ts b/packages/backend/src/repoCompileUtils.ts
index 8e8b1f26..d3172543 100644
--- a/packages/backend/src/repoCompileUtils.ts
+++ b/packages/backend/src/repoCompileUtils.ts
@@ -7,7 +7,7 @@ import { BitbucketRepository, getBitbucketReposFromConfig } from "./bitbucket.js
 import { getAzureDevOpsReposFromConfig } from "./azuredevops.js";
 import { SchemaRestRepository as BitbucketServerRepository } from "@coderabbitai/bitbucket/server/openapi";
 import { SchemaRepository as BitbucketCloudRepository } from "@coderabbitai/bitbucket/cloud/openapi";
-import { Prisma, PrismaClient } from '@sourcebot/db';
+import { CodeHostType, Prisma, PrismaClient } from '@sourcebot/db';
 import { WithRequired } from "./types.js"
 import { marshalBool } from "./utils.js";
 import { createLogger } from '@sourcebot/logger';
@@ -392,7 +392,7 @@ export const compileBitbucketConfig = async (
 
     const repos = bitbucketRepos.map((repo) => {
         const isServer = config.deploymentType === 'server';
-        const codeHostType = isServer ? 'bitbucket-server' : 'bitbucket-cloud'; // zoekt expects bitbucket-server
+        const codeHostType: CodeHostType = isServer ? 'bitbucketServer' : 'bitbucketCloud';
         const displayName = isServer ? (repo as BitbucketServerRepository).name! : (repo as BitbucketCloudRepository).full_name!;
         const externalId = isServer ? (repo as BitbucketServerRepository).id!.toString() : (repo as BitbucketCloudRepository).uuid!;
         const isPublic = isServer ? (repo as BitbucketServerRepository).public : (repo as BitbucketCloudRepository).is_private === false;
@@ -425,7 +425,8 @@ export const compileBitbucketConfig = async (
             },
             metadata: {
                 gitConfig: {
-                    'zoekt.web-url-type': codeHostType,
+                    // zoekt expects bitbucket-server and bitbucket-cloud
+                    'zoekt.web-url-type': codeHostType === 'bitbucketServer' ? 'bitbucket-server' : 'bitbucket-cloud',
                     'zoekt.web-url': webUrl,
                     'zoekt.name': repoName,
                     'zoekt.archived': marshalBool(isArchived),
@@ -507,7 +508,7 @@ export const compileGenericGitHostConfig_file = async (
         const repoName = path.join(remoteUrl.host, remoteUrl.pathname.replace(/\.git$/, ''));
 
         const repo: RepoData = {
-            external_codeHostType: 'generic-git-host',
+            external_codeHostType: 'genericGitHost',
             external_codeHostUrl: remoteUrl.resource,
             external_id: remoteUrl.toString(),
             cloneUrl: `file://${repoPath}`,
@@ -571,7 +572,7 @@ export const compileGenericGitHostConfig_url = async (
     const repoName = path.join(remoteUrl.host, remoteUrl.pathname.replace(/\.git$/, ''));
 
     const repo: RepoData = {
-        external_codeHostType: 'generic-git-host',
+        external_codeHostType: 'genericGitHost',
         external_codeHostUrl: remoteUrl.origin,
         external_id: remoteUrl.toString(),
         cloneUrl: remoteUrl.toString(),
diff --git a/packages/backend/src/utils.ts b/packages/backend/src/utils.ts
index 4bb18549..0fe98098 100644
--- a/packages/backend/src/utils.ts
+++ b/packages/backend/src/utils.ts
@@ -59,7 +59,7 @@ export const getRepoPath = (repo: Repo): { path: string, isReadOnly: boolean } =
     // If we are dealing with a local repository, then use that as the path.
     // Mark as read-only since we aren't guaranteed to have write access to the local filesystem.
     const cloneUrl = new URL(repo.cloneUrl);
-    if (repo.external_codeHostType === 'generic-git-host' && cloneUrl.protocol === 'file:') {
+    if (repo.external_codeHostType === 'genericGitHost' && cloneUrl.protocol === 'file:') {
         return {
             path: cloneUrl.pathname,
             isReadOnly: true,
diff --git a/packages/db/prisma/migrations/20251031012851_change_connection_type_to_enum/migration.sql b/packages/db/prisma/migrations/20251031012851_change_connection_type_to_enum/migration.sql
new file mode 100644
index 00000000..6580b522
--- /dev/null
+++ b/packages/db/prisma/migrations/20251031012851_change_connection_type_to_enum/migration.sql
@@ -0,0 +1,14 @@
+/*
+  Migrates the `connectionType` column from text to a enum. The values in this field are known to
+  be one of the following: github, gitlab, gitea, gerrit, bitbucket, azuredevops, git.
+
+  This is occording to what we would expect to be in a valid config file for the schema version at commit 4899c9fbc755851af2ddcce99f4a4200f2faa4f6.
+  See: https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/schemas/src/v3/connection.type.ts#L3
+*/
+-- CreateEnum
+CREATE TYPE "ConnectionType" AS ENUM ('github', 'gitlab', 'gitea', 'gerrit', 'bitbucket', 'azuredevops', 'git');
+
+-- AlterTable - Convert existing column to enum type without dropping data
+ALTER TABLE "Connection" 
+  ALTER COLUMN "connectionType" TYPE "ConnectionType" 
+  USING "connectionType"::text::"ConnectionType";
diff --git a/packages/db/prisma/migrations/20251031014307_change_repo_code_host_type_to_enum/migration.sql b/packages/db/prisma/migrations/20251031014307_change_repo_code_host_type_to_enum/migration.sql
new file mode 100644
index 00000000..1d3fb23b
--- /dev/null
+++ b/packages/db/prisma/migrations/20251031014307_change_repo_code_host_type_to_enum/migration.sql
@@ -0,0 +1,22 @@
+/*
+  Migrates the `external_codeHostType` column from text to a enum. The values in this field are known to
+  be one of the following: github, gitlab, gitea, gerrit, bitbucket-server, bitbucket-cloud, generic-git-host, azuredevops.
+
+  This is occording to what we would expect to be in the database written as of commit 4899c9fbc755851af2ddcce99f4a4200f2faa4f6.
+  See:
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L57
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L135
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L208
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L291
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L407
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L510
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L574
+    - https://github.com/sourcebot-dev/sourcebot/blob/4899c9fbc755851af2ddcce99f4a4200f2faa4f6/packages/backend/src/repoCompileUtils.ts#L642
+*/
+-- CreateEnum
+CREATE TYPE "CodeHostType" AS ENUM ('github', 'gitlab', 'gitea', 'gerrit', 'bitbucket-server', 'bitbucket-cloud', 'generic-git-host', 'azuredevops');
+
+-- AlterTable - Convert existing column to enum type without dropping data
+ALTER TABLE "Repo" 
+  ALTER COLUMN "external_codeHostType" TYPE "CodeHostType" 
+  USING "external_codeHostType"::text::"CodeHostType";
diff --git a/packages/db/prisma/schema.prisma b/packages/db/prisma/schema.prisma
index 93adb717..313de621 100644
--- a/packages/db/prisma/schema.prisma
+++ b/packages/db/prisma/schema.prisma
@@ -29,6 +29,21 @@ enum ChatVisibility {
   PUBLIC
 }
 
+/// @note: The @map annotation is required to maintain backwards compatibility
+/// with the existing database.
+/// @note: In the generated client, these mapped values will be in pascalCase.
+/// This behaviour will change in prisma v7. See: https://github.com/prisma/prisma/issues/8446#issuecomment-3356119713
+enum CodeHostType {
+  github
+  gitlab
+  gitea
+  gerrit
+  bitbucketServer         @map("bitbucket-server")
+  bitbucketCloud          @map("bitbucket-cloud")
+  genericGitHost          @map("generic-git-host")
+  azuredevops
+}
+
 model Repo {
   id                 Int                    @id @default(autoincrement())
   name               String /// Full repo name, including the vcs hostname (ex. github.com/sourcebot-dev/sourcebot)
@@ -53,7 +68,7 @@ model Repo {
   indexedCommitHash  String? /// The commit hash of the last indexed commit (on HEAD).
 
   external_id           String /// The id of the repo in the external service
-  external_codeHostType String /// The type of the external service (e.g., github, gitlab, etc.)
+  external_codeHostType CodeHostType /// The type of the external service (e.g., github, gitlab, etc.)
   external_codeHostUrl  String /// The base url of the external service (e.g., https://github.com)
 
   org   Org @relation(fields: [orgId], references: [id], onDelete: Cascade)
@@ -125,6 +140,18 @@ model SearchContext {
   @@unique([name, orgId])
 }
 
+/// Matches the union of `type` fields in the schema.
+/// @see: schemas/v3/connection.type.ts
+enum ConnectionType {
+  github
+  gitlab
+  gitea
+  gerrit
+  bitbucket
+  azuredevops
+  git
+}
+
 model Connection {
   id                 Int                  @id @default(autoincrement())
   name               String
@@ -135,7 +162,7 @@ model Connection {
   repos              RepoToConnection[]
 
   // The type of connection (e.g., github, gitlab, etc.)
-  connectionType String
+  connectionType ConnectionType
 
   syncJobs ConnectionSyncJob[]
   /// When the connection was last synced successfully.
diff --git a/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx b/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx
index 01a84447..b38d140b 100644
--- a/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx
+++ b/packages/web/src/app/[domain]/browse/[...path]/components/codePreviewPanel.tsx
@@ -52,7 +52,7 @@ export const CodePreviewPanel = async ({ path, repoName, revisionName }: CodePre
                     branchDisplayName={revisionName}
                 />
 
-                {(fileWebUrl && codeHostInfo) && (
+                {fileWebUrl && (
 
                     <a
                         href={fileWebUrl}
diff --git a/packages/web/src/app/[domain]/chat/components/demoCards.tsx b/packages/web/src/app/[domain]/chat/components/demoCards.tsx
index 5c8d4e5c..7c4fe316 100644
--- a/packages/web/src/app/[domain]/chat/components/demoCards.tsx
+++ b/packages/web/src/app/[domain]/chat/components/demoCards.tsx
@@ -7,9 +7,10 @@ import { Badge } from "@/components/ui/badge";
 import { Card } from "@/components/ui/card";
 import { CardContent } from "@/components/ui/card";
 import { DemoExamples, DemoSearchExample, DemoSearchScope } from "@/types";
-import { cn, CodeHostType, getCodeHostIcon } from "@/lib/utils";
+import { cn, getCodeHostIcon } from "@/lib/utils";
 import useCaptureEvent from "@/hooks/useCaptureEvent";
 import { SearchScopeInfoCard } from "@/features/chat/components/chatBox/searchScopeInfoCard";
+import { CodeHostType } from "@sourcebot/db";
 
 interface DemoCards {
     demoExamples: DemoExamples;
diff --git a/packages/web/src/app/[domain]/components/configEditor.tsx b/packages/web/src/app/[domain]/components/configEditor.tsx
index 772350d9..63ba1acd 100644
--- a/packages/web/src/app/[domain]/components/configEditor.tsx
+++ b/packages/web/src/app/[domain]/components/configEditor.tsx
@@ -12,8 +12,8 @@ import { Separator } from "@/components/ui/separator";
 import { Schema } from "ajv";
 import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@/components/ui/tooltip";
 import useCaptureEvent from "@/hooks/useCaptureEvent";
-import { CodeHostType } from "@/lib/utils";
 import { useCodeMirrorTheme } from "@/hooks/useCodeMirrorTheme";
+import { CodeHostType } from "@sourcebot/db";
 
 export type QuickActionFn<T> = (previous: T) => T;
 export type QuickAction<T> = {
diff --git a/packages/web/src/app/[domain]/components/importSecretDialog.tsx b/packages/web/src/app/[domain]/components/importSecretDialog.tsx
index b67fea7a..23d8aefe 100644
--- a/packages/web/src/app/[domain]/components/importSecretDialog.tsx
+++ b/packages/web/src/app/[domain]/components/importSecretDialog.tsx
@@ -9,10 +9,11 @@ import { Input } from "@/components/ui/input";
 import { Separator } from "@/components/ui/separator";
 import useCaptureEvent from "@/hooks/useCaptureEvent";
 import { useDomain } from "@/hooks/useDomain";
-import { CodeHostType, isServiceError } from "@/lib/utils";
+import { isServiceError } from "@/lib/utils";
 import githubPatCreation from "@/public/github_pat_creation.png";
 import gitlabPatCreation from "@/public/gitlab_pat_creation.png";
 import giteaPatCreation from "@/public/gitea_pat_creation.png";
+import { CodeHostType } from "@sourcebot/db";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Eye, EyeOff, Loader2 } from "lucide-react";
 import Image from "next/image";
@@ -88,9 +89,9 @@ export const ImportSecretDialog = ({ open, onOpenChange, onSecretCreated, codeHo
                 return <GitHubPATCreationStep step={1} />;
             case 'gitlab':
                 return <GitLabPATCreationStep step={1} />;
-            case 'bitbucket-cloud':
+            case 'bitbucketCloud':
                 return <BitbucketCloudPATCreationStep step={1} />;
-            case 'bitbucket-server':
+            case 'bitbucketServer':
                 return <BitbucketServerPATCreationStep step={1} />;
             case 'gitea':
                 return <GiteaPATCreationStep step={1} />;
diff --git a/packages/web/src/app/[domain]/components/navigationMenu/progressIndicator.tsx b/packages/web/src/app/[domain]/components/navigationMenu/progressIndicator.tsx
index 2584f11c..71e8285a 100644
--- a/packages/web/src/app/[domain]/components/navigationMenu/progressIndicator.tsx
+++ b/packages/web/src/app/[domain]/components/navigationMenu/progressIndicator.tsx
@@ -10,7 +10,7 @@ import { SINGLE_TENANT_ORG_DOMAIN } from "@/lib/constants";
 import { RepositoryQuery } from "@/lib/types";
 import { getCodeHostInfoForRepo, getShortenedNumberDisplayString } from "@/lib/utils";
 import clsx from "clsx";
-import { FileIcon, Loader2Icon, RefreshCwIcon } from "lucide-react";
+import { Loader2Icon, RefreshCwIcon } from "lucide-react";
 import Image from "next/image";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
@@ -90,23 +90,14 @@ const RepoItem = ({ repo }: { repo: RepositoryQuery }) => {
             webUrl: repo.webUrl,
         });
 
-        if (info) {
-            return {
-                repoIcon: <Image
-                    src={info.icon}
-                    alt={info.codeHostName}
-                    className={`w-4 h-4 ${info.iconClassName}`}
-                />,
-                displayName: info.displayName,
-            }
-        }
-
         return {
-            repoIcon: <FileIcon className="w-4 h-4" />,
-            displayName: repo.repoName,
+            repoIcon: <Image
+                src={info.icon}
+                alt={info.codeHostName}
+                className={`w-4 h-4 ${info.iconClassName}`}
+            />,
+            displayName: info.displayName,
         }
-
-
     }, [repo.repoName, repo.codeHostType, repo.repoDisplayName, repo.webUrl]);
 
 
diff --git a/packages/web/src/app/[domain]/components/pathHeader.tsx b/packages/web/src/app/[domain]/components/pathHeader.tsx
index 11b5bf1d..d65d2c35 100644
--- a/packages/web/src/app/[domain]/components/pathHeader.tsx
+++ b/packages/web/src/app/[domain]/components/pathHeader.tsx
@@ -1,7 +1,6 @@
 'use client';
 
 import { cn, getCodeHostInfoForRepo } from "@/lib/utils";
-import { LaptopIcon } from "@radix-ui/react-icons";
 import Image from "next/image";
 import { getBrowsePath } from "../browse/hooks/utils";
 import { ChevronRight, MoreHorizontal } from "lucide-react";
@@ -17,6 +16,7 @@ import { VscodeFileIcon } from "@/app/components/vscodeFileIcon";
 import { CopyIconButton } from "./copyIconButton";
 import Link from "next/link";
 import { useDomain } from "@/hooks/useDomain";
+import { CodeHostType } from "@sourcebot/db";
 
 interface FileHeaderProps {
     path: string;
@@ -27,7 +27,7 @@ interface FileHeaderProps {
     pathType?: 'blob' | 'tree';
     repo: {
         name: string;
-        codeHostType: string;
+        codeHostType: CodeHostType;
         displayName?: string;
         webUrl?: string;
     },
@@ -202,17 +202,13 @@ export const PathHeader = ({
         <div className="flex flex-row gap-2 items-center w-full overflow-hidden">
             {isCodeHostIconVisible && (
                 <>
-                    {info?.icon ? (
-                        <a href={info.repoLink} target="_blank" rel="noopener noreferrer">
-                            <Image
-                                src={info.icon}
-                                alt={info.codeHostName}
-                                className={`w-4 h-4 ${info.iconClassName}`}
-                            />
-                        </a>
-                    ) : (
-                        <LaptopIcon className="w-4 h-4" />
-                    )}
+                    <a href={info.repoLink} target="_blank" rel="noopener noreferrer">
+                        <Image
+                            src={info.icon}
+                            alt={info.codeHostName}
+                            className={`w-4 h-4 ${info.iconClassName}`}
+                        />
+                    </a>
                 </>
             )}
 
diff --git a/packages/web/src/app/[domain]/components/repositoryCarousel.tsx b/packages/web/src/app/[domain]/components/repositoryCarousel.tsx
index a9d1239f..f5576aba 100644
--- a/packages/web/src/app/[domain]/components/repositoryCarousel.tsx
+++ b/packages/web/src/app/[domain]/components/repositoryCarousel.tsx
@@ -8,7 +8,6 @@ import {
 import { captureEvent } from "@/hooks/useCaptureEvent";
 import { RepositoryQuery } from "@/lib/types";
 import { getCodeHostInfoForRepo } from "@/lib/utils";
-import { FileIcon } from "@radix-ui/react-icons";
 import clsx from "clsx";
 import Autoscroll from "embla-carousel-auto-scroll";
 import Image from "next/image";
@@ -121,20 +120,13 @@ const RepositoryBadge = ({
             webUrl: repo.webUrl,
         });
 
-        if (info) {
-            return {
-                repoIcon: <Image
-                    src={info.icon}
-                    alt={info.codeHostName}
-                    className={`w-4 h-4 ${info.iconClassName}`}
-                />,
-                displayName: info.displayName,
-            }
-        }
-
         return {
-            repoIcon: <FileIcon className="w-4 h-4" />,
-            displayName: repo.repoName,
+            repoIcon: <Image
+                src={info.icon}
+                alt={info.codeHostName}
+                className={`w-4 h-4 ${info.iconClassName}`}
+            />,
+            displayName: info.displayName,
         }
     })();
 
diff --git a/packages/web/src/app/[domain]/repos/[id]/page.tsx b/packages/web/src/app/[domain]/repos/[id]/page.tsx
index db14e50c..a3255c04 100644
--- a/packages/web/src/app/[domain]/repos/[id]/page.tsx
+++ b/packages/web/src/app/[domain]/repos/[id]/page.tsx
@@ -65,7 +65,7 @@ export default async function RepoDetailPage({ params }: { params: Promise<{ id:
                         <h1 className="text-3xl font-semibold">{repo.displayName || repo.name}</h1>
                         <p className="text-muted-foreground mt-2">{repo.name}</p>
                     </div>
-                    {(codeHostInfo && codeHostInfo.repoLink) && (
+                    {codeHostInfo.repoLink && (
                         <Button variant="outline" asChild>
                             <Link href={codeHostInfo.repoLink} target="_blank" rel="noopener noreferrer" className="flex items-center">
                                 <Image
diff --git a/packages/web/src/app/[domain]/repos/components/repoBranchesTable.tsx b/packages/web/src/app/[domain]/repos/components/repoBranchesTable.tsx
index bc186acd..eea5e102 100644
--- a/packages/web/src/app/[domain]/repos/components/repoBranchesTable.tsx
+++ b/packages/web/src/app/[domain]/repos/components/repoBranchesTable.tsx
@@ -15,13 +15,14 @@ import {
 import { Button } from "@/components/ui/button"
 import { Input } from "@/components/ui/input"
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table"
-import { CodeHostType, getCodeHostBrowseAtBranchUrl } from "@/lib/utils"
+import { getCodeHostBrowseAtBranchUrl } from "@/lib/utils"
 import Link from "next/link"
+import { CodeHostType } from "@sourcebot/db";
 
 type RepoBranchesTableProps = {
     indexRevisions: string[];
     repoWebUrl: string | null;
-    repoCodeHostType: string;
+    repoCodeHostType: CodeHostType;
 }
 
 export const RepoBranchesTable = ({ indexRevisions, repoWebUrl, repoCodeHostType }: RepoBranchesTableProps) => {
@@ -39,7 +40,7 @@ export const RepoBranchesTable = ({ indexRevisions, repoWebUrl, repoCodeHostType
 
                     const branchUrl = getCodeHostBrowseAtBranchUrl({
                         webUrl: repoWebUrl,
-                        codeHostType: repoCodeHostType as CodeHostType,
+                        codeHostType: repoCodeHostType,
                         branchName: refName,
                     });
 
diff --git a/packages/web/src/app/[domain]/repos/components/reposTable.tsx b/packages/web/src/app/[domain]/repos/components/reposTable.tsx
index c767acbc..1dec5c97 100644
--- a/packages/web/src/app/[domain]/repos/components/reposTable.tsx
+++ b/packages/web/src/app/[domain]/repos/components/reposTable.tsx
@@ -14,7 +14,7 @@ import { Input } from "@/components/ui/input"
 import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select"
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table"
 import { SINGLE_TENANT_ORG_DOMAIN } from "@/lib/constants"
-import { cn, CodeHostType, getCodeHostCommitUrl, getCodeHostIcon, getCodeHostInfoForRepo, getRepoImageSrc } from "@/lib/utils"
+import { cn, getCodeHostCommitUrl, getCodeHostIcon, getCodeHostInfoForRepo, getRepoImageSrc } from "@/lib/utils"
 import {
     type ColumnDef,
     type ColumnFiltersState,
@@ -38,6 +38,7 @@ import { useToast } from "@/components/hooks/use-toast";
 import { DisplayDate } from "../../components/DisplayDate"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
 import { NotificationDot } from "../../components/notificationDot"
+import { CodeHostType } from "@sourcebot/db"
 
 // @see: https://v0.app/chat/repo-indexing-status-uhjdDim8OUS
 
@@ -50,7 +51,7 @@ export type Repo = {
     indexedAt: Date | null
     createdAt: Date
     webUrl: string | null
-    codeHostType: string
+    codeHostType: CodeHostType
     imageUrl: string | null
     indexedCommitHash: string | null
     latestJobStatus: "PENDING" | "IN_PROGRESS" | "COMPLETED" | "FAILED" | null
@@ -97,7 +98,7 @@ export const columns: ColumnDef<Repo>[] = [
         },
         cell: ({ row }) => {
             const repo = row.original;
-            const codeHostIcon = getCodeHostIcon(repo.codeHostType as CodeHostType);
+            const codeHostIcon = getCodeHostIcon(repo.codeHostType);
             const repoImageSrc = repo.imageUrl ? getRepoImageSrc(repo.imageUrl, repo.id) : undefined;
 
             return (
@@ -192,7 +193,7 @@ export const columns: ColumnDef<Repo>[] = [
 
             const smallHash = hash.slice(0, 7);
             const repo = row.original;
-            const codeHostType = repo.codeHostType as CodeHostType;
+            const codeHostType = repo.codeHostType;
             const webUrl = repo.webUrl;
 
             const commitUrl = getCodeHostCommitUrl({
@@ -252,7 +253,7 @@ export const columns: ColumnDef<Repo>[] = [
                         <DropdownMenuItem asChild>
                             <Link href={`/${SINGLE_TENANT_ORG_DOMAIN}/repos/${repo.id}`}>View details</Link>
                         </DropdownMenuItem>
-                        {(repo.webUrl && codeHostInfo) && (
+                        {repo.webUrl && (
                             <>
                                 <DropdownMenuSeparator />
                                 <DropdownMenuItem asChild>
diff --git a/packages/web/src/app/[domain]/settings/connections/[id]/page.tsx b/packages/web/src/app/[domain]/settings/connections/[id]/page.tsx
index 5db0d28c..c36a3342 100644
--- a/packages/web/src/app/[domain]/settings/connections/[id]/page.tsx
+++ b/packages/web/src/app/[domain]/settings/connections/[id]/page.tsx
@@ -7,7 +7,7 @@ import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip
 import { env } from "@/env.mjs";
 import { SINGLE_TENANT_ORG_DOMAIN } from "@/lib/constants";
 import { notFound, ServiceErrorException } from "@/lib/serviceError";
-import { CodeHostType, isServiceError } from "@/lib/utils";
+import { isServiceError } from "@/lib/utils";
 import { withAuthV2 } from "@/withAuthV2";
 import { AzureDevOpsConnectionConfig, BitbucketConnectionConfig, GenericGitHostConnectionConfig, GerritConnectionConfig, GiteaConnectionConfig, GithubConnectionConfig, GitlabConnectionConfig } from "@sourcebot/schemas/v3/index.type";
 import { getConfigSettings } from "@sourcebot/shared";
@@ -47,8 +47,9 @@ export default async function ConnectionDetailPage(props: ConnectionDetailPagePr
         return undefined;
     })();
 
-    const codeHostUrl = (() => {
-        const connectionType = connection.connectionType as CodeHostType;
+    // Extracts the code host URL from the connection config.
+    const codeHostUrl: string = (() => {
+        const connectionType = connection.connectionType;
         switch (connectionType) {
             case 'github': {
                 const config = connection.config as unknown as GithubConnectionConfig;
@@ -66,19 +67,19 @@ export default async function ConnectionDetailPage(props: ConnectionDetailPagePr
                 const config = connection.config as unknown as GerritConnectionConfig;
                 return config.url;
             }
-            case 'bitbucket-server': {
+            case 'bitbucket': {
                 const config = connection.config as unknown as BitbucketConnectionConfig;
-                return config.url!;
-            }
-            case 'bitbucket-cloud': {
-                const config = connection.config as unknown as BitbucketConnectionConfig;
-                return config.url ?? 'https://bitbucket.org';
+                if (config.deploymentType === 'cloud') {
+                    return config.url ?? 'https://bitbucket.org';
+                } else {
+                    return config.url!;
+                }
             }
             case 'azuredevops': {
                 const config = connection.config as unknown as AzureDevOpsConnectionConfig;
                 return config.url ?? 'https://dev.azure.com';
             }
-            case 'generic-git-host': {
+            case 'git': {
                 const config = connection.config as unknown as GenericGitHostConnectionConfig;
                 return config.url;
             }
diff --git a/packages/web/src/app/[domain]/settings/connections/components/connectionsTable.tsx b/packages/web/src/app/[domain]/settings/connections/components/connectionsTable.tsx
index 42897659..3285c71f 100644
--- a/packages/web/src/app/[domain]/settings/connections/components/connectionsTable.tsx
+++ b/packages/web/src/app/[domain]/settings/connections/components/connectionsTable.tsx
@@ -10,7 +10,8 @@ import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@
 import { Table, TableBody, TableCell, TableHead, TableHeader, TableRow } from "@/components/ui/table"
 import { Tooltip, TooltipContent, TooltipTrigger } from "@/components/ui/tooltip"
 import { SINGLE_TENANT_ORG_DOMAIN } from "@/lib/constants"
-import { CodeHostType, getCodeHostIcon } from "@/lib/utils"
+import { getCodeHostIcon } from "@/lib/utils"
+import { ConnectionType } from "@sourcebot/db"
 import {
     type ColumnDef,
     type ColumnFiltersState,
@@ -35,7 +36,7 @@ export type Connection = {
     id: number
     name: string
     syncedAt: Date | null
-    codeHostType: CodeHostType
+    connectionType: ConnectionType
     latestJobStatus: "PENDING" | "IN_PROGRESS" | "COMPLETED" | "FAILED" | null
     isFirstTimeSync: boolean
 }
@@ -80,13 +81,13 @@ export const columns: ColumnDef<Connection>[] = [
         },
         cell: ({ row }) => {
             const connection = row.original;
-            const codeHostIcon = getCodeHostIcon(connection.codeHostType);
+            const codeHostIcon = getCodeHostIcon(connection.connectionType);
 
             return (
                 <div className="flex flex-row gap-2 items-center">
                     <Image
                         src={codeHostIcon.src}
-                        alt={`${connection.codeHostType} logo`}
+                        alt={`${connection.connectionType} logo`}
                         className={codeHostIcon.className}
                         width={20}
                         height={20}
diff --git a/packages/web/src/app/[domain]/settings/connections/page.tsx b/packages/web/src/app/[domain]/settings/connections/page.tsx
index ccac5284..62b0fddd 100644
--- a/packages/web/src/app/[domain]/settings/connections/page.tsx
+++ b/packages/web/src/app/[domain]/settings/connections/page.tsx
@@ -1,6 +1,6 @@
 import { sew } from "@/actions";
 import { ServiceErrorException } from "@/lib/serviceError";
-import { CodeHostType, isServiceError } from "@/lib/utils";
+import { isServiceError } from "@/lib/utils";
 import { withAuthV2 } from "@/withAuthV2";
 import Link from "next/link";
 import { ConnectionsTable } from "./components/connectionsTable";
@@ -40,7 +40,7 @@ export default async function ConnectionsPage() {
             <ConnectionsTable data={connections.map((connection) => ({
                 id: connection.id,
                 name: connection.name,
-                codeHostType: connection.connectionType as CodeHostType,
+                connectionType: connection.connectionType,
                 syncedAt: connection.syncedAt,
                 latestJobStatus: connection.latestJobStatus,
                 isFirstTimeSync: connection.isFirstTimeSync,
diff --git a/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx b/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
index f92e2712..4d9a5666 100644
--- a/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
+++ b/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
@@ -3,7 +3,8 @@
 import { CodeHostIconButton } from "@/app/[domain]/components/codeHostIconButton";
 import { Card, CardTitle, CardDescription, CardHeader, CardContent } from "@/components/ui/card";
 import { getCodeHostIcon } from "@/lib/utils";
-import { cn, CodeHostType } from "@/lib/utils";
+import { cn } from "@/lib/utils";
+import { CodeHostType } from "@sourcebot/db";
 import { useState } from "react";
 import { ImportSecretDialog } from "@/app/[domain]/components/importSecretDialog";
 import { useRouter } from "next/navigation";
diff --git a/packages/web/src/features/chat/components/chatThread/referencedFileSourceListItem.tsx b/packages/web/src/features/chat/components/chatThread/referencedFileSourceListItem.tsx
index 355e86e5..0e608479 100644
--- a/packages/web/src/features/chat/components/chatThread/referencedFileSourceListItem.tsx
+++ b/packages/web/src/features/chat/components/chatThread/referencedFileSourceListItem.tsx
@@ -20,6 +20,7 @@ import { createCodeFoldingExtension } from "./codeFoldingExtension";
 import useCaptureEvent from "@/hooks/useCaptureEvent";
 import { createAuditAction } from "@/ee/features/audit/actions";
 import { useDomain } from "@/hooks/useDomain";
+import { CodeHostType } from "@sourcebot/db";
 
 const lineDecoration = Decoration.line({
     attributes: { class: "cm-range-border-radius chat-lineHighlight" },
@@ -40,7 +41,7 @@ interface ReferencedFileSourceListItemProps {
     language: string;
     revision: string;
     repoName: string;
-    repoCodeHostType: string;
+    repoCodeHostType: CodeHostType;
     repoDisplayName?: string;
     repoWebUrl?: string;
     fileName: string;
diff --git a/packages/web/src/features/chat/components/searchScopeIcon.tsx b/packages/web/src/features/chat/components/searchScopeIcon.tsx
index 67170dca..b134f8d4 100644
--- a/packages/web/src/features/chat/components/searchScopeIcon.tsx
+++ b/packages/web/src/features/chat/components/searchScopeIcon.tsx
@@ -1,4 +1,5 @@
-import { cn, CodeHostType, getCodeHostIcon } from "@/lib/utils";
+import { cn, getCodeHostIcon } from "@/lib/utils";
+import { CodeHostType } from "@sourcebot/db";
 import { LibraryBigIcon } from "lucide-react";
 import Image from "next/image";
 import { SearchScope } from "../types";
diff --git a/packages/web/src/features/fileTree/actions.ts b/packages/web/src/features/fileTree/actions.ts
index 003b82b2..6111ea70 100644
--- a/packages/web/src/features/fileTree/actions.ts
+++ b/packages/web/src/features/fileTree/actions.ts
@@ -263,7 +263,7 @@ const getRepoPath = (repo: Repo): { path: string, isReadOnly: boolean } => {
     // If we are dealing with a local repository, then use that as the path.
     // Mark as read-only since we aren't guaranteed to have write access to the local filesystem.
     const cloneUrl = new URL(repo.cloneUrl);
-    if (repo.external_codeHostType === 'generic-git-host' && cloneUrl.protocol === 'file:') {
+    if (repo.external_codeHostType === 'genericGitHost' && cloneUrl.protocol === 'file:') {
         return {
             path: cloneUrl.pathname,
             isReadOnly: true,
diff --git a/packages/web/src/features/search/schemas.ts b/packages/web/src/features/search/schemas.ts
index 1867d849..50a4ee03 100644
--- a/packages/web/src/features/search/schemas.ts
+++ b/packages/web/src/features/search/schemas.ts
@@ -1,4 +1,5 @@
 // @NOTE : Please keep this file in sync with @sourcebot/mcp/src/schemas.ts
+import { CodeHostType } from "@sourcebot/db";
 import { z } from "zod";
 
 export const locationSchema = z.object({
@@ -33,7 +34,7 @@ export const searchRequestSchema = z.object({
 
 export const repositoryInfoSchema = z.object({
     id: z.number(),
-    codeHostType: z.string(),
+    codeHostType: z.nativeEnum(CodeHostType),
     name: z.string(),
     displayName: z.string().optional(),
     webUrl: z.string().optional(),
@@ -153,7 +154,7 @@ export const fileSourceResponseSchema = z.object({
     language: z.string(),
     path: z.string(),
     repository: z.string(),
-    repositoryCodeHostType: z.string(),
+    repositoryCodeHostType: z.nativeEnum(CodeHostType),
     repositoryDisplayName: z.string().optional(),
     repositoryWebUrl: z.string().optional(),
     branch: z.string().optional(),
diff --git a/packages/web/src/lib/schemas.ts b/packages/web/src/lib/schemas.ts
index fa8fbc7a..a12eaf2f 100644
--- a/packages/web/src/lib/schemas.ts
+++ b/packages/web/src/lib/schemas.ts
@@ -2,6 +2,7 @@ import { checkIfOrgDomainExists } from "@/actions";
 import { z } from "zod";
 import { isServiceError } from "./utils";
 import { serviceErrorSchema } from "./serviceError";
+import { CodeHostType } from "@sourcebot/db";
 
 export const secretCreateRequestSchema = z.object({
     key: z.string(),
@@ -13,7 +14,7 @@ export const secreteDeleteRequestSchema = z.object({
 });
 
 export const repositoryQuerySchema = z.object({
-    codeHostType: z.string(),
+    codeHostType: z.nativeEnum(CodeHostType),
     repoId: z.number(),
     repoName: z.string(),
     repoDisplayName: z.string().optional(),
diff --git a/packages/web/src/lib/utils.ts b/packages/web/src/lib/utils.ts
index d3b450a0..0d76eb3b 100644
--- a/packages/web/src/lib/utils.ts
+++ b/packages/web/src/lib/utils.ts
@@ -15,9 +15,10 @@ import { ServiceError } from "./serviceError";
 import { StatusCodes } from "http-status-codes";
 import { ErrorCode } from "./errorCodes";
 import { NextRequest } from "next/server";
-import { Org } from "@sourcebot/db";
+import { ConnectionType, Org } from "@sourcebot/db";
 import { OrgMetadata, orgMetadataSchema } from "@/types";
 import { SINGLE_TENANT_ORG_DOMAIN } from "./constants";
+import { CodeHostType } from "@sourcebot/db";
 
 export function cn(...inputs: ClassValue[]) {
     return twMerge(clsx(inputs))
@@ -64,16 +65,6 @@ export const createPathWithQueryParams = (path: string, ...queryParams: [string,
     return `${path}?${queryString}`;
 }
 
-export type CodeHostType =
-    "github" |
-    "gitlab" |
-    "gitea" |
-    "gerrit" |
-    "bitbucket-cloud" |
-    "bitbucket-server" |
-    "azuredevops" |
-    "generic-git-host";
-
 export type AuthProviderType =
     "github" |
     "gitlab" |
@@ -183,11 +174,11 @@ type CodeHostInfo = {
 }
 
 export const getCodeHostInfoForRepo = (repo: {
-    codeHostType: string,
+    codeHostType: CodeHostType,
     name: string,
     displayName?: string,
     webUrl?: string,
-}): CodeHostInfo | undefined => {
+}): CodeHostInfo => {
     const { codeHostType, name, displayName, webUrl } = repo;
 
     switch (codeHostType) {
@@ -235,8 +226,7 @@ export const getCodeHostInfoForRepo = (repo: {
                 iconClassName: className,
             }
         }
-        case 'gerrit':
-        case 'gitiles': {
+        case 'gerrit': {
             const { src, className } = getCodeHostIcon('gerrit')!;
             return {
                 type: "gerrit",
@@ -247,10 +237,10 @@ export const getCodeHostInfoForRepo = (repo: {
                 iconClassName: className,
             }
         }
-        case "bitbucket-server": {
-            const { src, className } = getCodeHostIcon('bitbucket-server')!;
+        case "bitbucketServer": {
+            const { src, className } = getCodeHostIcon('bitbucketServer')!;
             return {
-                type: "bitbucket-server",
+                type: "bitbucketServer",
                 displayName: displayName ?? name,
                 codeHostName: "Bitbucket",
                 repoLink: webUrl,
@@ -258,10 +248,10 @@ export const getCodeHostInfoForRepo = (repo: {
                 iconClassName: className,
             }
         }
-        case "bitbucket-cloud": {
-            const { src, className } = getCodeHostIcon('bitbucket-cloud')!;
+        case "bitbucketCloud": {
+            const { src, className } = getCodeHostIcon('bitbucketCloud')!;
             return {
-                type: "bitbucket-cloud",
+                type: "bitbucketCloud",
                 displayName: displayName ?? name,
                 codeHostName: "Bitbucket",
                 repoLink: webUrl,
@@ -269,10 +259,10 @@ export const getCodeHostInfoForRepo = (repo: {
                 iconClassName: className,
             }
         }
-        case "generic-git-host": {
-            const { src, className } = getCodeHostIcon('generic-git-host')!;
+        case "genericGitHost": {
+            const { src, className } = getCodeHostIcon('genericGitHost')!;
             return {
-                type: "generic-git-host",
+                type: "genericGitHost",
                 displayName: displayName ?? name,
                 codeHostName: "Git Host",
                 repoLink: webUrl,
@@ -283,7 +273,7 @@ export const getCodeHostInfoForRepo = (repo: {
     }
 }
 
-export const getCodeHostIcon = (codeHostType: CodeHostType): { src: string, className?: string } => {
+export const getCodeHostIcon = (codeHostType: CodeHostType | ConnectionType): { src: string, className?: string } => {
     switch (codeHostType) {
         case "github":
             return {
@@ -302,8 +292,9 @@ export const getCodeHostIcon = (codeHostType: CodeHostType): { src: string, clas
             return {
                 src: gerritLogo,
             }
-        case "bitbucket-cloud":
-        case "bitbucket-server":
+        case "bitbucket":
+        case "bitbucketCloud":
+        case "bitbucketServer":
             return {
                 src: bitbucketLogo,
             }
@@ -311,7 +302,8 @@ export const getCodeHostIcon = (codeHostType: CodeHostType): { src: string, clas
             return {
                 src: azuredevopsLogo,
             }
-        case "generic-git-host":
+        case "git":
+        case "genericGitHost":
             return {
                 src: gitLogo,
             }
@@ -340,13 +332,13 @@ export const getCodeHostCommitUrl = ({
             return `${webUrl}/commit/${commitHash}`;
         case 'azuredevops':
             return `${webUrl}/commit/${commitHash}`;
-        case 'bitbucket-cloud':
+        case 'bitbucketCloud':
             return `${webUrl}/commits/${commitHash}`;
-        case 'bitbucket-server':
+        case 'bitbucketServer':
             return `${webUrl}/commits/${commitHash}`;
         case 'gerrit':
             return `${webUrl}/+/${commitHash}`;
-        case 'generic-git-host':
+        case 'genericGitHost':
             return undefined;
     }
 }
@@ -373,13 +365,13 @@ export const getCodeHostBrowseAtBranchUrl = ({
             return `${webUrl}/src/branch/${branchName}`;
         case 'azuredevops':
             return `${webUrl}?branch=${branchName}`;
-        case 'bitbucket-cloud':
+        case 'bitbucketCloud':
             return `${webUrl}?at=${branchName}`;
-        case 'bitbucket-server':
+        case 'bitbucketServer':
             return `${webUrl}?at=${branchName}`;
         case 'gerrit':
             return `${webUrl}/+/${branchName}`;
-        case 'generic-git-host':
+        case 'genericGitHost':
             return undefined;
     }
 }
@@ -389,11 +381,11 @@ export const isAuthSupportedForCodeHost = (codeHostType: CodeHostType): boolean
         case "github":
         case "gitlab":
         case "gitea":
-        case "bitbucket-cloud":
-        case "bitbucket-server":
+        case "bitbucketCloud":
+        case "bitbucketServer":
         case "azuredevops":
             return true;
-        case "generic-git-host":
+        case "genericGitHost":
         case "gerrit":
             return false;
     }

From c6dbe075e31dd7a4cd1248619f7f901ddce34e60 Mon Sep 17 00:00:00 2001
From: msukkari <michael.sukkarieh@mail.mcgill.ca>
Date: Fri, 31 Oct 2025 13:46:05 -0700
Subject: [PATCH 2/3] remove built-in secret manager

---
 docs/docs/connections/ado-cloud.mdx           |  24 +-
 docs/docs/connections/ado-server.mdx          |  24 +-
 docs/docs/connections/gitea.mdx               |  23 +-
 docs/docs/connections/github.mdx              |  23 +-
 docs/docs/connections/gitlab.mdx              |  23 +-
 docs/snippets/bitbucket-app-password.mdx      |  23 -
 docs/snippets/bitbucket-token.mdx             |  21 -
 docs/snippets/schemas/v2/index.schema.mdx     |   9 -
 docs/snippets/schemas/v3/app.schema.mdx       |  26 -
 .../schemas/v3/azuredevops.schema.mdx         |  18 -
 docs/snippets/schemas/v3/bitbucket.schema.mdx |  18 -
 .../snippets/schemas/v3/connection.schema.mdx |  90 --
 docs/snippets/schemas/v3/gitea.schema.mdx     |  18 -
 docs/snippets/schemas/v3/github.schema.mdx    |  18 -
 docs/snippets/schemas/v3/githubApp.schema.mdx |  76 --
 docs/snippets/schemas/v3/gitlab.schema.mdx    |  18 -
 docs/snippets/schemas/v3/index.schema.mdx     | 818 ------------------
 .../schemas/v3/languageModel.schema.mdx       | 702 ---------------
 docs/snippets/schemas/v3/shared.schema.mdx    |  39 -
 packages/backend/src/azuredevops.ts           |   5 +-
 packages/backend/src/bitbucket.ts             |   5 +-
 packages/backend/src/connectionManager.ts     |  14 +-
 packages/backend/src/ee/githubAppManager.ts   |   6 +-
 .../backend/src/ee/repoPermissionSyncer.ts    |   2 +-
 packages/backend/src/gitea.ts                 |   7 +-
 packages/backend/src/github.ts                |   5 +-
 packages/backend/src/gitlab.ts                |   5 +-
 packages/backend/src/repoCompileUtils.ts      |  67 +-
 packages/backend/src/repoIndexManager.ts      |   2 +-
 packages/backend/src/utils.ts                 |  14 +-
 packages/crypto/src/tokenUtils.ts             |  23 +-
 .../migration.sql                             |  11 +
 packages/db/prisma/schema.prisma              |  14 -
 packages/schemas/src/v2/index.schema.ts       |   9 -
 packages/schemas/src/v3/app.schema.ts         |  26 -
 packages/schemas/src/v3/app.type.ts           |  19 +-
 packages/schemas/src/v3/azuredevops.schema.ts |  18 -
 packages/schemas/src/v3/azuredevops.type.ts   |  19 +-
 packages/schemas/src/v3/bitbucket.schema.ts   |  18 -
 packages/schemas/src/v3/bitbucket.type.ts     |  19 +-
 packages/schemas/src/v3/connection.schema.ts  |  90 --
 packages/schemas/src/v3/connection.type.ts    |  95 +-
 packages/schemas/src/v3/gitea.schema.ts       |  18 -
 packages/schemas/src/v3/gitea.type.ts         |  19 +-
 packages/schemas/src/v3/github.schema.ts      |  18 -
 packages/schemas/src/v3/github.type.ts        |  19 +-
 packages/schemas/src/v3/gitlab.schema.ts      |  18 -
 packages/schemas/src/v3/gitlab.type.ts        |  19 +-
 packages/schemas/src/v3/index.schema.ts       | 818 ------------------
 packages/schemas/src/v3/index.type.ts         | 420 +++------
 .../schemas/src/v3/languageModel.schema.ts    | 702 ---------------
 packages/schemas/src/v3/languageModel.type.ts | 306 ++-----
 packages/schemas/src/v3/shared.schema.ts      |  39 -
 packages/schemas/src/v3/shared.type.ts        |  19 +-
 packages/web/src/actions.ts                   |  89 +-
 .../components/importSecretDialog.tsx         | 314 -------
 .../web/src/app/[domain]/settings/layout.tsx  |   4 -
 .../secrets/components/importSecretCard.tsx   |  66 --
 .../secrets/components/secretsList.tsx        | 158 ----
 .../app/[domain]/settings/secrets/page.tsx    |  36 -
 .../web/src/app/api/(server)/chat/route.ts    |   2 +-
 packages/web/src/features/chat/actions.ts     |  66 +-
 packages/web/src/lib/strings.ts               |   7 -
 schemas/v2/index.json                         |   3 -
 schemas/v3/azuredevops.json                   |   7 +-
 schemas/v3/bitbucket.json                     |   7 +-
 schemas/v3/gitea.json                         |   7 +-
 schemas/v3/github.json                        |   7 +-
 schemas/v3/gitlab.json                        |   7 +-
 schemas/v3/shared.json                        |  13 -
 70 files changed, 413 insertions(+), 5299 deletions(-)
 delete mode 100644 docs/snippets/schemas/v3/githubApp.schema.mdx
 create mode 100644 packages/db/prisma/migrations/20251031191203_remove_secret_table/migration.sql
 delete mode 100644 packages/web/src/app/[domain]/components/importSecretDialog.tsx
 delete mode 100644 packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
 delete mode 100644 packages/web/src/app/[domain]/settings/secrets/components/secretsList.tsx
 delete mode 100644 packages/web/src/app/[domain]/settings/secrets/page.tsx
 delete mode 100644 packages/web/src/lib/strings.ts

diff --git a/docs/docs/connections/ado-cloud.mdx b/docs/docs/connections/ado-cloud.mdx
index cc20c745..7071afb1 100644
--- a/docs/docs/connections/ado-cloud.mdx
+++ b/docs/docs/connections/ado-cloud.mdx
@@ -86,7 +86,7 @@ If you're not familiar with Sourcebot [connections](/docs/connections/overview),
 Azure Devops Cloud requires you to provide a PAT in order to index your repositories. To learn how to create PAT, check out the [Azure Devops docs](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows).
 Sourcebot needs the `Read` access for the `Code` scope in order to find and clone your repos.
 
-Next, provide the access token via the `token` property, either as an environment variable or a secret:
+Next, provide the access token via an environment variable which is referenced in the `token` property:
 
 <Tabs>
     <Tab title="Environment Variable">
@@ -113,28 +113,6 @@ Next, provide the access token via the `token` property, either as an environmen
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "azuredevops",
-            "deploymentType": "cloud",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
 
 ## Schema reference
diff --git a/docs/docs/connections/ado-server.mdx b/docs/docs/connections/ado-server.mdx
index 1cfc0252..a62d94c2 100644
--- a/docs/docs/connections/ado-server.mdx
+++ b/docs/docs/connections/ado-server.mdx
@@ -100,7 +100,7 @@ If you're not familiar with Sourcebot [connections](/docs/connections/overview),
 Azure Devops Server requires you to provide a PAT in order to index your repositories. To learn how to create PAT, check out the [Azure Devops docs](https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/use-personal-access-tokens-to-authenticate?view=azure-devops&tabs=Windows).
 Sourcebot needs the `Read` access for the `Code` scope in order to find and clone your repos.
 
-Next, provide the access token via the `token` property, either as an environment variable or a secret:
+Next, provide the access token via an environment variable which is referenced in the `token` property:
 
 <Tabs>
     <Tab title="Environment Variable">
@@ -127,28 +127,6 @@ Next, provide the access token via the `token` property, either as an environmen
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "azuredevops",
-            "deploymentType": "server",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
 
 ## Schema reference
diff --git a/docs/docs/connections/gitea.mdx b/docs/docs/connections/gitea.mdx
index 1d439c76..0f8505cb 100644
--- a/docs/docs/connections/gitea.mdx
+++ b/docs/docs/connections/gitea.mdx
@@ -81,7 +81,7 @@ In order to index private repositories, you'll need to generate a Gitea access t
 
 ![Gitea Access token creation](/images/gitea_pat_creation.png)
 
-Next, provide the access token via the `token` property, either as an environment variable or a secret:
+Next, provide the access token via an environment variable which is referenced in the `token` property:
 
 <Tabs>
     <Tab title="Environment Variable">
@@ -107,27 +107,6 @@ Next, provide the access token via the `token` property, either as an environmen
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "gitea",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
 
 ## Connecting to a custom Gitea
diff --git a/docs/docs/connections/github.mdx b/docs/docs/connections/github.mdx
index 98fc5b50..e87a1f6d 100644
--- a/docs/docs/connections/github.mdx
+++ b/docs/docs/connections/github.mdx
@@ -128,7 +128,7 @@ In order to index private repositories, you'll need to generate a access token a
     </Accordion>
 </AccordionGroup>
 
-Next, provide the access token via the `token` property, either as an environment variable or a secret:
+Next, provide the access token via an environment variable which is referenced in the `token` property:
 
 <Tabs>
     <Tab title="Environment Variable">
@@ -154,27 +154,6 @@ Next, provide the access token via the `token` property, either as an environmen
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "github",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
 
 ## Connecting to a custom GitHub host
diff --git a/docs/docs/connections/gitlab.mdx b/docs/docs/connections/gitlab.mdx
index 2680064b..1b71b7ae 100644
--- a/docs/docs/connections/gitlab.mdx
+++ b/docs/docs/connections/gitlab.mdx
@@ -116,7 +116,7 @@ In order to index private projects, you'll need to generate a GitLab Personal Ac
 
 ![GitLab PAT Scope](/images/gitlab_pat_scopes.png)
 
-Next, provide the PAT via the `token` property, either as an environment variable or a secret:
+Next, provide the PAT via an environment variable which is referenced in the `token` property:
 
 <Tabs>
     <Tab title="Environment Variable">
@@ -142,27 +142,6 @@ Next, provide the PAT via the `token` property, either as an environment variabl
                 ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "gitlab",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
 
 ## Connecting to a custom GitLab host
diff --git a/docs/snippets/bitbucket-app-password.mdx b/docs/snippets/bitbucket-app-password.mdx
index 0a5fdac3..2d4511c3 100644
--- a/docs/snippets/bitbucket-app-password.mdx
+++ b/docs/snippets/bitbucket-app-password.mdx
@@ -24,27 +24,4 @@
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your access token:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` and `user` (username associated with the app password you created) properties to your connection config:
-
-        ```json
-        {
-            "type": "bitbucket",
-            "deploymentType": "cloud",
-            "user": "myusername",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
\ No newline at end of file
diff --git a/docs/snippets/bitbucket-token.mdx b/docs/snippets/bitbucket-token.mdx
index 94197e01..26efe248 100644
--- a/docs/snippets/bitbucket-token.mdx
+++ b/docs/snippets/bitbucket-token.mdx
@@ -22,25 +22,4 @@
             ghcr.io/sourcebot-dev/sourcebot:latest
         ```
     </Tab>
-
-    <Tab title="Secret">
-        <Note>Secrets are only supported when [authentication](/docs/configuration/auth/overview) is enabled.</Note>
-
-        1. Navigate to **Secrets** in settings and create a new secret with your PAT:
-
-        ![](/images/secrets_list.png)
-
-        2. Add the `token` property to your connection config:
-
-        ```json
-        {
-            "type": "bitbucket",
-            "token": {
-                "secret": "mysecret"
-            }
-            // .. rest of config ..
-        }
-        ```
-
-    </Tab>
 </Tabs>
\ No newline at end of file
diff --git a/docs/snippets/schemas/v2/index.schema.mdx b/docs/snippets/schemas/v2/index.schema.mdx
index df78084a..f061d3b3 100644
--- a/docs/snippets/schemas/v2/index.schema.mdx
+++ b/docs/snippets/schemas/v2/index.schema.mdx
@@ -77,7 +77,6 @@
         "token": {
           "description": "A Personal Access Token (PAT).",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -274,7 +273,6 @@
         "token": {
           "description": "An authentication token.",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -465,7 +463,6 @@
         "token": {
           "description": "An access token.",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -779,7 +776,6 @@
             "token": {
               "description": "A Personal Access Token (PAT).",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -976,7 +972,6 @@
             "token": {
               "description": "An authentication token.",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -1167,7 +1162,6 @@
             "token": {
               "description": "An access token.",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -1563,7 +1557,6 @@
               "token": {
                 "description": "A Personal Access Token (PAT).",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
@@ -1760,7 +1753,6 @@
               "token": {
                 "description": "An authentication token.",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
@@ -1951,7 +1943,6 @@
               "token": {
                 "description": "An access token.",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
diff --git a/docs/snippets/schemas/v3/app.schema.mdx b/docs/snippets/schemas/v3/app.schema.mdx
index 6d5e5a21..1e95a482 100644
--- a/docs/snippets/schemas/v3/app.schema.mdx
+++ b/docs/snippets/schemas/v3/app.schema.mdx
@@ -28,19 +28,6 @@
         "privateKey": {
           "description": "The private key of the GitHub App.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -90,19 +77,6 @@
         "privateKey": {
           "description": "The private key of the GitHub App.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
diff --git a/docs/snippets/schemas/v3/azuredevops.schema.mdx b/docs/snippets/schemas/v3/azuredevops.schema.mdx
index fab796de..e187f276 100644
--- a/docs/snippets/schemas/v3/azuredevops.schema.mdx
+++ b/docs/snippets/schemas/v3/azuredevops.schema.mdx
@@ -11,25 +11,7 @@
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/docs/snippets/schemas/v3/bitbucket.schema.mdx b/docs/snippets/schemas/v3/bitbucket.schema.mdx
index 829d0254..85202242 100644
--- a/docs/snippets/schemas/v3/bitbucket.schema.mdx
+++ b/docs/snippets/schemas/v3/bitbucket.schema.mdx
@@ -15,25 +15,7 @@
     },
     "token": {
       "description": "An authentication token.",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/docs/snippets/schemas/v3/connection.schema.mdx b/docs/snippets/schemas/v3/connection.schema.mdx
index 48750ae1..10311eba 100644
--- a/docs/snippets/schemas/v3/connection.schema.mdx
+++ b/docs/snippets/schemas/v3/connection.schema.mdx
@@ -15,25 +15,7 @@
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -228,25 +210,7 @@
         },
         "token": {
           "description": "An authentication token.",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -435,25 +399,7 @@
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -707,25 +653,7 @@
         },
         "token": {
           "description": "An authentication token.",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -880,25 +808,7 @@
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
diff --git a/docs/snippets/schemas/v3/gitea.schema.mdx b/docs/snippets/schemas/v3/gitea.schema.mdx
index f236e3fe..f663ba47 100644
--- a/docs/snippets/schemas/v3/gitea.schema.mdx
+++ b/docs/snippets/schemas/v3/gitea.schema.mdx
@@ -11,25 +11,7 @@
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/docs/snippets/schemas/v3/github.schema.mdx b/docs/snippets/schemas/v3/github.schema.mdx
index 1858eee8..49ea2ce6 100644
--- a/docs/snippets/schemas/v3/github.schema.mdx
+++ b/docs/snippets/schemas/v3/github.schema.mdx
@@ -11,25 +11,7 @@
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/docs/snippets/schemas/v3/githubApp.schema.mdx b/docs/snippets/schemas/v3/githubApp.schema.mdx
deleted file mode 100644
index 2d1aea88..00000000
--- a/docs/snippets/schemas/v3/githubApp.schema.mdx
+++ /dev/null
@@ -1,76 +0,0 @@
-{/* THIS IS A AUTO-GENERATED FILE. DO NOT MODIFY MANUALLY! */}
-```json
-{
-  "$schema": "http://json-schema.org/draft-07/schema#",
-  "type": "object",
-  "title": "GithubAppConfig",
-  "properties": {
-    "type": {
-      "const": "githubApp",
-      "description": "GitHub App Configuration"
-    },
-    "deploymentHostname": {
-      "type": "string",
-      "format": "hostname",
-      "default": "github.com",
-      "description": "The hostname of the GitHub App deployment.",
-      "examples": [
-        "github.com",
-        "github.example.com"
-      ]
-    },
-    "id": {
-      "type": "string",
-      "description": "The ID of the GitHub App."
-    },
-    "privateKey": {
-      "description": "The private key of the GitHub App.",
-      "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
-        {
-          "type": "object",
-          "properties": {
-            "env": {
-              "type": "string",
-              "description": "The name of the environment variable that contains the token. Only supported in declarative connection configs."
-            }
-          },
-          "required": [
-            "env"
-          ],
-          "additionalProperties": false
-        }
-      ]
-    }
-  },
-  "required": [
-    "type",
-    "id"
-  ],
-  "oneOf": [
-    {
-      "required": [
-        "privateKey"
-      ]
-    },
-    {
-      "required": [
-        "privateKeyPath"
-      ]
-    }
-  ],
-  "additionalProperties": false
-}
-```
diff --git a/docs/snippets/schemas/v3/gitlab.schema.mdx b/docs/snippets/schemas/v3/gitlab.schema.mdx
index 1d322f44..4783aee6 100644
--- a/docs/snippets/schemas/v3/gitlab.schema.mdx
+++ b/docs/snippets/schemas/v3/gitlab.schema.mdx
@@ -11,25 +11,7 @@
     },
     "token": {
       "description": "An authentication token.",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/docs/snippets/schemas/v3/index.schema.mdx b/docs/snippets/schemas/v3/index.schema.mdx
index 89ed6be2..38351682 100644
--- a/docs/snippets/schemas/v3/index.schema.mdx
+++ b/docs/snippets/schemas/v3/index.schema.mdx
@@ -298,25 +298,7 @@
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -511,25 +493,7 @@
                 },
                 "token": {
                   "description": "An authentication token.",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -718,25 +682,7 @@
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -990,25 +936,7 @@
                 },
                 "token": {
                   "description": "An authentication token.",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1163,25 +1091,7 @@
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1453,19 +1363,6 @@
               "accessKeyId": {
                 "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1484,19 +1381,6 @@
               "accessKeySecret": {
                 "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1515,19 +1399,6 @@
               "sessionToken": {
                 "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1569,19 +1440,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1626,19 +1484,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1672,19 +1517,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1733,19 +1565,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1783,19 +1602,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1840,19 +1646,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1886,19 +1679,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1943,19 +1723,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1989,19 +1756,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2062,19 +1816,6 @@
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2108,19 +1849,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2183,19 +1911,6 @@
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2229,19 +1944,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2286,19 +1988,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2332,19 +2021,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2395,19 +2071,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2451,19 +2114,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2508,19 +2158,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2557,19 +2194,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2601,19 +2225,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2669,19 +2280,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2715,19 +2313,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2776,19 +2361,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2822,19 +2394,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2882,19 +2441,6 @@
               "accessKeyId": {
                 "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2913,19 +2459,6 @@
               "accessKeySecret": {
                 "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2944,19 +2477,6 @@
               "sessionToken": {
                 "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2998,19 +2518,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3055,19 +2562,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3101,19 +2595,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3162,19 +2643,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3212,19 +2680,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3269,19 +2724,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3315,19 +2757,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3372,19 +2801,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3418,19 +2834,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3491,19 +2894,6 @@
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3537,19 +2927,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3612,19 +2989,6 @@
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3658,19 +3022,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3715,19 +3066,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3761,19 +3099,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3824,19 +3149,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3880,19 +3192,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3937,19 +3236,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3986,19 +3272,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4030,19 +3303,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4098,19 +3358,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4144,19 +3391,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4205,19 +3439,6 @@
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4251,19 +3472,6 @@
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4324,19 +3532,6 @@
               },
               "privateKey": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4386,19 +3581,6 @@
               },
               "privateKey": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
diff --git a/docs/snippets/schemas/v3/languageModel.schema.mdx b/docs/snippets/schemas/v3/languageModel.schema.mdx
index accfc95c..ebc1bc92 100644
--- a/docs/snippets/schemas/v3/languageModel.schema.mdx
+++ b/docs/snippets/schemas/v3/languageModel.schema.mdx
@@ -22,19 +22,6 @@
         "accessKeyId": {
           "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -53,19 +40,6 @@
         "accessKeySecret": {
           "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -84,19 +58,6 @@
         "sessionToken": {
           "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -138,19 +99,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -195,19 +143,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -241,19 +176,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -302,19 +224,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -352,19 +261,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -409,19 +305,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -455,19 +338,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -512,19 +382,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -558,19 +415,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -631,19 +475,6 @@
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -677,19 +508,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -752,19 +570,6 @@
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -798,19 +603,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -855,19 +647,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -901,19 +680,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -964,19 +730,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1020,19 +773,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1077,19 +817,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1126,19 +853,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1170,19 +884,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1238,19 +939,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1284,19 +972,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1345,19 +1020,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1391,19 +1053,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1451,19 +1100,6 @@
         "accessKeyId": {
           "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1482,19 +1118,6 @@
         "accessKeySecret": {
           "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1513,19 +1136,6 @@
         "sessionToken": {
           "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1567,19 +1177,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1624,19 +1221,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1670,19 +1254,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1731,19 +1302,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1781,19 +1339,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1838,19 +1383,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1884,19 +1416,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1941,19 +1460,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1987,19 +1493,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2060,19 +1553,6 @@
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2106,19 +1586,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2181,19 +1648,6 @@
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2227,19 +1681,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2284,19 +1725,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2330,19 +1758,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2393,19 +1808,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2449,19 +1851,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2506,19 +1895,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2555,19 +1931,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2599,19 +1962,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2667,19 +2017,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2713,19 +2050,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2774,19 +2098,6 @@
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2820,19 +2131,6 @@
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
diff --git a/docs/snippets/schemas/v3/shared.schema.mdx b/docs/snippets/schemas/v3/shared.schema.mdx
index 82ca9195..4087a944 100644
--- a/docs/snippets/schemas/v3/shared.schema.mdx
+++ b/docs/snippets/schemas/v3/shared.schema.mdx
@@ -6,19 +6,6 @@
   "definitions": {
     "Token": {
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
@@ -86,19 +73,6 @@
             },
             {
               "anyOf": [
-                {
-                  "type": "object",
-                  "properties": {
-                    "secret": {
-                      "type": "string",
-                      "description": "The name of the secret that contains the token."
-                    }
-                  },
-                  "required": [
-                    "secret"
-                  ],
-                  "additionalProperties": false
-                },
                 {
                   "type": "object",
                   "properties": {
@@ -130,19 +104,6 @@
             },
             {
               "anyOf": [
-                {
-                  "type": "object",
-                  "properties": {
-                    "secret": {
-                      "type": "string",
-                      "description": "The name of the secret that contains the token."
-                    }
-                  },
-                  "required": [
-                    "secret"
-                  ],
-                  "additionalProperties": false
-                },
                 {
                   "type": "object",
                   "properties": {
diff --git a/packages/backend/src/azuredevops.ts b/packages/backend/src/azuredevops.ts
index de587935..aa0fbf55 100644
--- a/packages/backend/src/azuredevops.ts
+++ b/packages/backend/src/azuredevops.ts
@@ -2,7 +2,6 @@ import { AzureDevOpsConnectionConfig } from "@sourcebot/schemas/v3/azuredevops.t
 import { createLogger } from "@sourcebot/logger";
 import { measure, fetchWithRetry } from "./utils.js";
 import micromatch from "micromatch";
-import { PrismaClient } from "@sourcebot/db";
 import { BackendException, BackendError } from "@sourcebot/error";
 import { processPromiseResults, throwIfAnyFailed } from "./connectionUtils.js";
 import * as Sentry from "@sentry/node";
@@ -29,13 +28,11 @@ function createAzureDevOpsConnection(
 
 export const getAzureDevOpsReposFromConfig = async (
     config: AzureDevOpsConnectionConfig, 
-    orgId: number, 
-    db: PrismaClient
 ) => {
     const baseUrl = config.url || `https://${AZUREDEVOPS_CLOUD_HOSTNAME}`;
 
     const token = config.token ?
-        await getTokenFromConfig(config.token, orgId, db) :
+        await getTokenFromConfig(config.token) :
         undefined;
 
     if (!token) {
diff --git a/packages/backend/src/bitbucket.ts b/packages/backend/src/bitbucket.ts
index 75adc311..c6fa87ff 100644
--- a/packages/backend/src/bitbucket.ts
+++ b/packages/backend/src/bitbucket.ts
@@ -3,7 +3,6 @@ import { createBitbucketServerClient } from "@coderabbitai/bitbucket/server";
 import { BitbucketConnectionConfig } from "@sourcebot/schemas/v3/bitbucket.type";
 import type { ClientOptions, ClientPathsWithMethod } from "openapi-fetch";
 import { createLogger } from "@sourcebot/logger";
-import { PrismaClient } from "@sourcebot/db";
 import { measure, fetchWithRetry } from "./utils.js";
 import * as Sentry from "@sentry/node";
 import {
@@ -58,9 +57,9 @@ type ServerPaginatedResponse<T> = {
     readonly nextPageStart: number;
 }
 
-export const getBitbucketReposFromConfig = async (config: BitbucketConnectionConfig, orgId: number, db: PrismaClient) => {
+export const getBitbucketReposFromConfig = async (config: BitbucketConnectionConfig) => {
     const token = config.token ?
-        await getTokenFromConfig(config.token, orgId, db) :
+        await getTokenFromConfig(config.token) :
         undefined;
 
     if (config.deploymentType === 'server' && !config.url) {
diff --git a/packages/backend/src/connectionManager.ts b/packages/backend/src/connectionManager.ts
index 40637ff0..006a3bf2 100644
--- a/packages/backend/src/connectionManager.ts
+++ b/packages/backend/src/connectionManager.ts
@@ -179,25 +179,25 @@ export class ConnectionManager {
         const result = await (async () => {
             switch (config.type) {
                 case 'github': {
-                    return await compileGithubConfig(config, job.data.connectionId, orgId, this.db, abortController);
+                    return await compileGithubConfig(config, job.data.connectionId, abortController);
                 }
                 case 'gitlab': {
-                    return await compileGitlabConfig(config, job.data.connectionId, orgId, this.db);
+                    return await compileGitlabConfig(config, job.data.connectionId);
                 }
                 case 'gitea': {
-                    return await compileGiteaConfig(config, job.data.connectionId, orgId, this.db);
+                    return await compileGiteaConfig(config, job.data.connectionId);
                 }
                 case 'gerrit': {
-                    return await compileGerritConfig(config, job.data.connectionId, orgId);
+                    return await compileGerritConfig(config, job.data.connectionId);
                 }
                 case 'bitbucket': {
-                    return await compileBitbucketConfig(config, job.data.connectionId, orgId, this.db);
+                    return await compileBitbucketConfig(config, job.data.connectionId);
                 }
                 case 'azuredevops': {
-                    return await compileAzureDevOpsConfig(config, job.data.connectionId, orgId, this.db);
+                    return await compileAzureDevOpsConfig(config, job.data.connectionId);
                 }
                 case 'git': {
-                    return await compileGenericGitHostConfig(config, job.data.connectionId, orgId);
+                    return await compileGenericGitHostConfig(config, job.data.connectionId);
                 }
             }
         })();
diff --git a/packages/backend/src/ee/githubAppManager.ts b/packages/backend/src/ee/githubAppManager.ts
index ffe5f529..d8a72dff 100644
--- a/packages/backend/src/ee/githubAppManager.ts
+++ b/packages/backend/src/ee/githubAppManager.ts
@@ -55,11 +55,7 @@ export class GithubAppManager {
 
         for (const app of githubApps) {
             const deploymentHostname = app.deploymentHostname as string || GITHUB_DEFAULT_DEPLOYMENT_HOSTNAME;
-            
-            // @todo: we should move SINGLE_TENANT_ORG_ID to shared package or just remove the need to pass this in 
-            // when resolving tokens
-            const SINGLE_TENANT_ORG_ID = 1;
-            const privateKey = await getTokenFromConfig(app.privateKey, SINGLE_TENANT_ORG_ID, this.db);
+            const privateKey = await getTokenFromConfig(app.privateKey);
 
             const octokitApp = new App({
                 appId: Number(app.id),
diff --git a/packages/backend/src/ee/repoPermissionSyncer.ts b/packages/backend/src/ee/repoPermissionSyncer.ts
index 4353c34e..9a1593d6 100644
--- a/packages/backend/src/ee/repoPermissionSyncer.ts
+++ b/packages/backend/src/ee/repoPermissionSyncer.ts
@@ -163,7 +163,7 @@ export class RepoPermissionSyncer {
 
         logger.info(`Syncing permissions for repo ${repo.displayName}...`);
 
-        const credentials = await getAuthCredentialsForRepo(repo, this.db, logger);
+        const credentials = await getAuthCredentialsForRepo(repo, logger);
         if (!credentials) {
             throw new Error(`No credentials found for repo ${id}`);
         }
diff --git a/packages/backend/src/gitea.ts b/packages/backend/src/gitea.ts
index ab3eee3f..91493b0f 100644
--- a/packages/backend/src/gitea.ts
+++ b/packages/backend/src/gitea.ts
@@ -4,7 +4,6 @@ import { measure } from './utils.js';
 import fetch from 'cross-fetch';
 import { createLogger } from '@sourcebot/logger';
 import micromatch from 'micromatch';
-import { PrismaClient } from '@sourcebot/db';
 import { processPromiseResults, throwIfAnyFailed } from './connectionUtils.js';
 import * as Sentry from "@sentry/node";
 import { env } from './env.js';
@@ -13,13 +12,13 @@ import { getTokenFromConfig } from "@sourcebot/crypto";
 const logger = createLogger('gitea');
 const GITEA_CLOUD_HOSTNAME = "gitea.com";
 
-export const getGiteaReposFromConfig = async (config: GiteaConnectionConfig, orgId: number, db: PrismaClient) => {
+export const getGiteaReposFromConfig = async (config: GiteaConnectionConfig) => {
     const hostname = config.url ?
         new URL(config.url).hostname :
         GITEA_CLOUD_HOSTNAME;
 
     const token = config.token ?
-        await getTokenFromConfig(config.token, orgId, db) :
+        await getTokenFromConfig(config.token) :
         hostname === GITEA_CLOUD_HOSTNAME ?
         env.FALLBACK_GITEA_CLOUD_TOKEN :
         undefined;
@@ -53,7 +52,7 @@ export const getGiteaReposFromConfig = async (config: GiteaConnectionConfig, org
     allRepos = allRepos.filter(repo => repo.full_name !== undefined);
     allRepos = allRepos.filter(repo => {
         if (repo.full_name === undefined) {
-            logger.warn(`Repository with undefined full_name found: orgId=${orgId}, repoId=${repo.id}`);
+            logger.warn(`Repository with undefined full_name found: repoId=${repo.id}`);
             return false;
         }
         return true;
diff --git a/packages/backend/src/github.ts b/packages/backend/src/github.ts
index 550d259d..7d4d617f 100644
--- a/packages/backend/src/github.ts
+++ b/packages/backend/src/github.ts
@@ -1,6 +1,5 @@
 import { Octokit } from "@octokit/rest";
 import * as Sentry from "@sentry/node";
-import { PrismaClient } from "@sourcebot/db";
 import { createLogger } from "@sourcebot/logger";
 import { GithubConnectionConfig } from "@sourcebot/schemas/v3/github.type";
 import { hasEntitlement } from "@sourcebot/shared";
@@ -92,13 +91,13 @@ const getOctokitWithGithubApp = async (
     }
 }
 
-export const getGitHubReposFromConfig = async (config: GithubConnectionConfig, orgId: number, db: PrismaClient, signal: AbortSignal): Promise<{ repos: OctokitRepository[], warnings: string[] }> => {
+export const getGitHubReposFromConfig = async (config: GithubConnectionConfig, signal: AbortSignal): Promise<{ repos: OctokitRepository[], warnings: string[] }> => {
     const hostname = config.url ?
         new URL(config.url).hostname :
         GITHUB_CLOUD_HOSTNAME;
 
     const token = config.token ?
-        await getTokenFromConfig(config.token, orgId, db) :
+        await getTokenFromConfig(config.token) :
         hostname === GITHUB_CLOUD_HOSTNAME ?
             env.FALLBACK_GITHUB_CLOUD_TOKEN :
             undefined;
diff --git a/packages/backend/src/gitlab.ts b/packages/backend/src/gitlab.ts
index 55bae70c..6063f7bd 100644
--- a/packages/backend/src/gitlab.ts
+++ b/packages/backend/src/gitlab.ts
@@ -3,7 +3,6 @@ import micromatch from "micromatch";
 import { createLogger } from "@sourcebot/logger";
 import { GitlabConnectionConfig } from "@sourcebot/schemas/v3/gitlab.type"
 import { measure, fetchWithRetry } from "./utils.js";
-import { PrismaClient } from "@sourcebot/db";
 import { processPromiseResults, throwIfAnyFailed } from "./connectionUtils.js";
 import * as Sentry from "@sentry/node";
 import { env } from "./env.js";
@@ -34,13 +33,13 @@ export const createGitLabFromOAuthToken = async ({ oauthToken, url }: { oauthTok
     });
 }
 
-export const getGitLabReposFromConfig = async (config: GitlabConnectionConfig, orgId: number, db: PrismaClient) => {
+export const getGitLabReposFromConfig = async (config: GitlabConnectionConfig) => {
     const hostname = config.url ?
         new URL(config.url).hostname :
         GITLAB_CLOUD_HOSTNAME;
 
     const token = config.token ?
-        await getTokenFromConfig(config.token, orgId, db) :
+        await getTokenFromConfig(config.token) :
         hostname === GITLAB_CLOUD_HOSTNAME ?
         env.FALLBACK_GITLAB_CLOUD_TOKEN :
         undefined;
diff --git a/packages/backend/src/repoCompileUtils.ts b/packages/backend/src/repoCompileUtils.ts
index 8e8b1f26..8ecd7912 100644
--- a/packages/backend/src/repoCompileUtils.ts
+++ b/packages/backend/src/repoCompileUtils.ts
@@ -7,7 +7,7 @@ import { BitbucketRepository, getBitbucketReposFromConfig } from "./bitbucket.js
 import { getAzureDevOpsReposFromConfig } from "./azuredevops.js";
 import { SchemaRestRepository as BitbucketServerRepository } from "@coderabbitai/bitbucket/server/openapi";
 import { SchemaRepository as BitbucketCloudRepository } from "@coderabbitai/bitbucket/cloud/openapi";
-import { Prisma, PrismaClient } from '@sourcebot/db';
+import { Prisma } from '@sourcebot/db';
 import { WithRequired } from "./types.js"
 import { marshalBool } from "./utils.js";
 import { createLogger } from '@sourcebot/logger';
@@ -19,6 +19,7 @@ import { getOriginUrl, isPathAValidGitRepoRoot, isUrlAValidGitRepo } from './git
 import assert from 'assert';
 import GitUrlParse from 'git-url-parse';
 import { RepoMetadata } from '@sourcebot/shared';
+import { SINGLE_TENANT_ORG_ID } from './constants.js';
 
 export type RepoData = WithRequired<Prisma.RepoCreateInput, 'connections'>;
 
@@ -32,10 +33,8 @@ type CompileResult = {
 export const compileGithubConfig = async (
     config: GithubConnectionConfig,
     connectionId: number,
-    orgId: number,
-    db: PrismaClient,
     abortController: AbortController): Promise<CompileResult> => {
-    const gitHubReposResult = await getGitHubReposFromConfig(config, orgId, db, abortController.signal);
+    const gitHubReposResult = await getGitHubReposFromConfig(config, abortController.signal);
     const gitHubRepos = gitHubReposResult.repos;
     const warnings = gitHubReposResult.warnings;
 
@@ -66,7 +65,7 @@ export const compileGithubConfig = async (
             isPublic: isPublic,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -104,11 +103,9 @@ export const compileGithubConfig = async (
 
 export const compileGitlabConfig = async (
     config: GitlabConnectionConfig,
-    connectionId: number,
-    orgId: number,
-    db: PrismaClient): Promise<CompileResult> => {
+    connectionId: number): Promise<CompileResult> => {
 
-    const gitlabReposResult = await getGitLabReposFromConfig(config, orgId, db);
+    const gitlabReposResult = await getGitLabReposFromConfig(config);
     const gitlabRepos = gitlabReposResult.repos;
     const warnings = gitlabReposResult.warnings;
 
@@ -144,7 +141,7 @@ export const compileGitlabConfig = async (
             isArchived: !!project.archived,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -180,11 +177,9 @@ export const compileGitlabConfig = async (
 
 export const compileGiteaConfig = async (
     config: GiteaConnectionConfig,
-    connectionId: number,
-    orgId: number,
-    db: PrismaClient): Promise<CompileResult> => {
+    connectionId: number): Promise<CompileResult> => {
 
-    const giteaReposResult = await getGiteaReposFromConfig(config, orgId, db);
+    const giteaReposResult = await getGiteaReposFromConfig(config);
     const giteaRepos = giteaReposResult.repos;
     const warnings = giteaReposResult.warnings;
 
@@ -217,7 +212,7 @@ export const compileGiteaConfig = async (
             isArchived: !!repo.archived,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -251,8 +246,7 @@ export const compileGiteaConfig = async (
 
 export const compileGerritConfig = async (
     config: GerritConnectionConfig,
-    connectionId: number,
-    orgId: number): Promise<CompileResult> => {
+    connectionId: number): Promise<CompileResult> => {
 
     const gerritRepos = await getGerritReposFromConfig(config);
     const hostUrl = config.url;
@@ -298,7 +292,7 @@ export const compileGerritConfig = async (
             isArchived: false,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -332,11 +326,9 @@ export const compileGerritConfig = async (
 
 export const compileBitbucketConfig = async (
     config: BitbucketConnectionConfig,
-    connectionId: number,
-    orgId: number,
-    db: PrismaClient): Promise<CompileResult> => {
+    connectionId: number): Promise<CompileResult> => {
 
-    const bitbucketReposResult = await getBitbucketReposFromConfig(config, orgId, db);
+    const bitbucketReposResult = await getBitbucketReposFromConfig(config);
     const bitbucketRepos = bitbucketReposResult.repos;
     const warnings = bitbucketReposResult.warnings;
 
@@ -415,7 +407,7 @@ export const compileBitbucketConfig = async (
             isArchived: isArchived,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -449,15 +441,14 @@ export const compileBitbucketConfig = async (
 
 export const compileGenericGitHostConfig = async (
     config: GenericGitHostConnectionConfig,
-    connectionId: number,
-    orgId: number,
+    connectionId: number
 ): Promise<CompileResult> => {
     const configUrl = new URL(config.url);
     if (configUrl.protocol === 'file:') {
-        return compileGenericGitHostConfig_file(config, orgId, connectionId);
+        return compileGenericGitHostConfig_file(config, connectionId);
     }
     else if (configUrl.protocol === 'http:' || configUrl.protocol === 'https:') {
-        return compileGenericGitHostConfig_url(config, orgId, connectionId);
+        return compileGenericGitHostConfig_url(config, connectionId);
     }
     else {
         // Schema should prevent this, but throw an error just in case.
@@ -467,7 +458,6 @@ export const compileGenericGitHostConfig = async (
 
 export const compileGenericGitHostConfig_file = async (
     config: GenericGitHostConnectionConfig,
-    orgId: number,
     connectionId: number,
 ): Promise<CompileResult> => {
     const configUrl = new URL(config.url);
@@ -480,7 +470,7 @@ export const compileGenericGitHostConfig_file = async (
 
     const repos: RepoData[] = [];
     const warnings: string[] = [];
-    
+
     await Promise.all(repoPaths.map(async (repoPath) => {
         const isGitRepo = await isPathAValidGitRepoRoot({
             path: repoPath,
@@ -517,7 +507,7 @@ export const compileGenericGitHostConfig_file = async (
             isArchived: false,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
@@ -546,7 +536,6 @@ export const compileGenericGitHostConfig_file = async (
 
 export const compileGenericGitHostConfig_url = async (
     config: GenericGitHostConnectionConfig,
-    orgId: number,
     connectionId: number,
 ): Promise<CompileResult> => {
     const remoteUrl = new URL(config.url);
@@ -581,7 +570,7 @@ export const compileGenericGitHostConfig_url = async (
         isArchived: false,
         org: {
             connect: {
-                id: orgId,
+                id: SINGLE_TENANT_ORG_ID,
             },
         },
         connections: {
@@ -603,11 +592,9 @@ export const compileGenericGitHostConfig_url = async (
 
 export const compileAzureDevOpsConfig = async (
     config: AzureDevOpsConnectionConfig,
-    connectionId: number,
-    orgId: number,
-    db: PrismaClient): Promise<CompileResult> => {
+    connectionId: number): Promise<CompileResult> => {
 
-    const azureDevOpsReposResult = await getAzureDevOpsReposFromConfig(config, orgId, db);
+    const azureDevOpsReposResult = await getAzureDevOpsReposFromConfig(config);
     const azureDevOpsRepos = azureDevOpsReposResult.repos;
     const warnings = azureDevOpsReposResult.warnings;
 
@@ -620,18 +607,18 @@ export const compileAzureDevOpsConfig = async (
         if (!repo.project) {
             throw new Error(`No project found for repository ${repo.name}`);
         }
-        
+
         const repoDisplayName = `${repo.project.name}/${repo.name}`;
         const repoName = path.join(repoNameRoot, repoDisplayName);
         const isPublic = repo.project.visibility === ProjectVisibility.Public;
-        
+
         if (!repo.remoteUrl) {
             throw new Error(`No remoteUrl found for repository ${repoDisplayName}`);
         }
         if (!repo.id) {
             throw new Error(`No id found for repository ${repoDisplayName}`);
         }
-        
+
         // Construct web URL for the repository
         const webUrl = repo.webUrl || `${hostUrl}/${repo.project.name}/_git/${repo.name}`;
 
@@ -651,7 +638,7 @@ export const compileAzureDevOpsConfig = async (
             isPublic: isPublic,
             org: {
                 connect: {
-                    id: orgId,
+                    id: SINGLE_TENANT_ORG_ID,
                 },
             },
             connections: {
diff --git a/packages/backend/src/repoIndexManager.ts b/packages/backend/src/repoIndexManager.ts
index 042ba8c7..3b98e0e0 100644
--- a/packages/backend/src/repoIndexManager.ts
+++ b/packages/backend/src/repoIndexManager.ts
@@ -290,7 +290,7 @@ export class RepoIndexManager {
 
         const metadata = repoMetadataSchema.parse(repo.metadata);
 
-        const credentials = await getAuthCredentialsForRepo(repo, this.db);
+        const credentials = await getAuthCredentialsForRepo(repo);
         const cloneUrlMaybeWithToken = credentials?.cloneUrlWithToken ?? repo.cloneUrl;
         const authHeader = credentials?.authHeader ?? undefined;
 
diff --git a/packages/backend/src/utils.ts b/packages/backend/src/utils.ts
index 4bb18549..3a9bace4 100644
--- a/packages/backend/src/utils.ts
+++ b/packages/backend/src/utils.ts
@@ -1,7 +1,7 @@
 import { Logger } from "winston";
 import { RepoAuthCredentials, RepoWithConnections } from "./types.js";
 import path from 'path';
-import { PrismaClient, Repo } from "@sourcebot/db";
+import { Repo } from "@sourcebot/db";
 import { getTokenFromConfig } from "@sourcebot/crypto";
 import * as Sentry from "@sentry/node";
 import { GithubConnectionConfig, GitlabConnectionConfig, GiteaConnectionConfig, BitbucketConnectionConfig, AzureDevOpsConnectionConfig } from '@sourcebot/schemas/v3/connection.type';
@@ -110,7 +110,7 @@ export const fetchWithRetry = async <T>(
 // fetch the token here using the connections from the repo. Multiple connections could be referencing this repo, and each
 // may have their own token. This method will just pick the first connection that has a token (if one exists) and uses that. This
 // may technically cause syncing to fail if that connection's token just so happens to not have access to the repo it's referencing.
-export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: PrismaClient, logger?: Logger): Promise<RepoAuthCredentials | undefined> => {
+export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, logger?: Logger): Promise<RepoAuthCredentials | undefined> => {
     // If we have github apps configured we assume that we must use them for github service auth
     if (repo.external_codeHostType === 'github' && hasEntitlement('github-app') && GithubAppManager.getInstance().appsConfigured()) {
         logger?.debug(`Using GitHub App for service auth for repo ${repo.displayName} hosted at ${repo.external_codeHostUrl}`);
@@ -139,7 +139,7 @@ export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: P
         if (connection.connectionType === 'github') {
             const config = connection.config as unknown as GithubConnectionConfig;
             if (config.token) {
-                const token = await getTokenFromConfig(config.token, connection.orgId, db);
+                const token = await getTokenFromConfig(config.token);
                 return {
                     hostUrl: config.url,
                     token,
@@ -154,7 +154,7 @@ export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: P
         } else if (connection.connectionType === 'gitlab') {
             const config = connection.config as unknown as GitlabConnectionConfig;
             if (config.token) {
-                const token = await getTokenFromConfig(config.token, connection.orgId, db);
+                const token = await getTokenFromConfig(config.token);
                 return {
                     hostUrl: config.url,
                     token,
@@ -170,7 +170,7 @@ export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: P
         } else if (connection.connectionType === 'gitea') {
             const config = connection.config as unknown as GiteaConnectionConfig;
             if (config.token) {
-                const token = await getTokenFromConfig(config.token, connection.orgId, db);
+                const token = await getTokenFromConfig(config.token);
                 return {
                     hostUrl: config.url,
                     token,
@@ -185,7 +185,7 @@ export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: P
         } else if (connection.connectionType === 'bitbucket') {
             const config = connection.config as unknown as BitbucketConnectionConfig;
             if (config.token) {
-                const token = await getTokenFromConfig(config.token, connection.orgId, db);
+                const token = await getTokenFromConfig(config.token);
                 const username = config.user ?? 'x-token-auth';
                 return {
                     hostUrl: config.url,
@@ -202,7 +202,7 @@ export const getAuthCredentialsForRepo = async (repo: RepoWithConnections, db: P
         } else if (connection.connectionType === 'azuredevops') {
             const config = connection.config as unknown as AzureDevOpsConnectionConfig;
             if (config.token) {
-                const token = await getTokenFromConfig(config.token, connection.orgId, db);
+                const token = await getTokenFromConfig(config.token);
 
                 // For ADO server, multiple auth schemes may be supported. If the ADO deployment supports NTLM, the git clone will default
                 // to this over basic auth. As a result, we cannot embed the token in the clone URL and must force basic auth by passing in the token
diff --git a/packages/crypto/src/tokenUtils.ts b/packages/crypto/src/tokenUtils.ts
index be5a064d..b474c0e0 100644
--- a/packages/crypto/src/tokenUtils.ts
+++ b/packages/crypto/src/tokenUtils.ts
@@ -1,26 +1,7 @@
-import { PrismaClient } from "@sourcebot/db";
 import { Token } from "@sourcebot/schemas/v3/shared.type";
-import { decrypt } from "./index.js";
 
-export const getTokenFromConfig = async (token: Token, orgId: number, db: PrismaClient) => {
-    if ('secret' in token) {
-        const secretKey = token.secret;
-        const secret = await db.secret.findUnique({
-            where: {
-                orgId_key: {
-                    key: secretKey,
-                    orgId
-                }
-            }
-        });
-
-        if (!secret) {
-            throw new Error(`Secret with key ${secretKey} not found for org ${orgId}`);
-        }
-
-        const decryptedToken = decrypt(secret.iv, secret.encryptedValue);
-        return decryptedToken;
-    } else if ('env' in token) {
+export const getTokenFromConfig = async (token: Token) => {
+    if ('env' in token) {
         const envToken = process.env[token.env];
         if (!envToken) {
             throw new Error(`Environment variable ${token.env} not found.`);
diff --git a/packages/db/prisma/migrations/20251031191203_remove_secret_table/migration.sql b/packages/db/prisma/migrations/20251031191203_remove_secret_table/migration.sql
new file mode 100644
index 00000000..1b2f8dc2
--- /dev/null
+++ b/packages/db/prisma/migrations/20251031191203_remove_secret_table/migration.sql
@@ -0,0 +1,11 @@
+/*
+  Warnings:
+
+  - You are about to drop the `Secret` table. If the table is not empty, all the data it contains will be lost.
+
+*/
+-- DropForeignKey
+ALTER TABLE "Secret" DROP CONSTRAINT "Secret_orgId_fkey";
+
+-- DropTable
+DROP TABLE "Secret";
diff --git a/packages/db/prisma/schema.prisma b/packages/db/prisma/schema.prisma
index 93adb717..7f2c7fae 100644
--- a/packages/db/prisma/schema.prisma
+++ b/packages/db/prisma/schema.prisma
@@ -226,7 +226,6 @@ model Org {
   members     UserToOrg[]
   connections Connection[]
   repos       Repo[]
-  secrets     Secret[]
   apiKeys     ApiKey[]
   isOnboarded Boolean      @default(false)
   imageUrl    String?
@@ -276,19 +275,6 @@ model UserToOrg {
   @@id([orgId, userId])
 }
 
-model Secret {
-  orgId          Int
-  key            String
-  encryptedValue String
-  iv             String
-
-  createdAt DateTime @default(now())
-
-  org Org @relation(fields: [orgId], references: [id], onDelete: Cascade)
-
-  @@id([orgId, key])
-}
-
 model ApiKey {
   name String
   hash String @id @unique
diff --git a/packages/schemas/src/v2/index.schema.ts b/packages/schemas/src/v2/index.schema.ts
index a37f2f3c..a4e9c304 100644
--- a/packages/schemas/src/v2/index.schema.ts
+++ b/packages/schemas/src/v2/index.schema.ts
@@ -76,7 +76,6 @@ const schema = {
         "token": {
           "description": "A Personal Access Token (PAT).",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -273,7 +272,6 @@ const schema = {
         "token": {
           "description": "An authentication token.",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -464,7 +462,6 @@ const schema = {
         "token": {
           "description": "An access token.",
           "examples": [
-            "secret-token",
             {
               "env": "ENV_VAR_CONTAINING_TOKEN"
             }
@@ -778,7 +775,6 @@ const schema = {
             "token": {
               "description": "A Personal Access Token (PAT).",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -975,7 +971,6 @@ const schema = {
             "token": {
               "description": "An authentication token.",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -1166,7 +1161,6 @@ const schema = {
             "token": {
               "description": "An access token.",
               "examples": [
-                "secret-token",
                 {
                   "env": "ENV_VAR_CONTAINING_TOKEN"
                 }
@@ -1562,7 +1556,6 @@ const schema = {
               "token": {
                 "description": "A Personal Access Token (PAT).",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
@@ -1759,7 +1752,6 @@ const schema = {
               "token": {
                 "description": "An authentication token.",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
@@ -1950,7 +1942,6 @@ const schema = {
               "token": {
                 "description": "An access token.",
                 "examples": [
-                  "secret-token",
                   {
                     "env": "ENV_VAR_CONTAINING_TOKEN"
                   }
diff --git a/packages/schemas/src/v3/app.schema.ts b/packages/schemas/src/v3/app.schema.ts
index 87a7eb27..a6d1280c 100644
--- a/packages/schemas/src/v3/app.schema.ts
+++ b/packages/schemas/src/v3/app.schema.ts
@@ -27,19 +27,6 @@ const schema = {
         "privateKey": {
           "description": "The private key of the GitHub App.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -89,19 +76,6 @@ const schema = {
         "privateKey": {
           "description": "The private key of the GitHub App.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
diff --git a/packages/schemas/src/v3/app.type.ts b/packages/schemas/src/v3/app.type.ts
index c087a759..d0a4e34e 100644
--- a/packages/schemas/src/v3/app.type.ts
+++ b/packages/schemas/src/v3/app.type.ts
@@ -18,17 +18,10 @@ export interface GitHubAppConfig {
   /**
    * The private key of the GitHub App.
    */
-  privateKey:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  privateKey: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
 }
diff --git a/packages/schemas/src/v3/azuredevops.schema.ts b/packages/schemas/src/v3/azuredevops.schema.ts
index 3b36fbed..f0d56085 100644
--- a/packages/schemas/src/v3/azuredevops.schema.ts
+++ b/packages/schemas/src/v3/azuredevops.schema.ts
@@ -10,25 +10,7 @@ const schema = {
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/packages/schemas/src/v3/azuredevops.type.ts b/packages/schemas/src/v3/azuredevops.type.ts
index b6ef68da..9c6c96f1 100644
--- a/packages/schemas/src/v3/azuredevops.type.ts
+++ b/packages/schemas/src/v3/azuredevops.type.ts
@@ -8,19 +8,12 @@ export interface AzureDevOpsConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Azure DevOps host. For Azure DevOps Cloud, use https://dev.azure.com. For Azure DevOps Server, use your server URL.
    */
diff --git a/packages/schemas/src/v3/bitbucket.schema.ts b/packages/schemas/src/v3/bitbucket.schema.ts
index a7c857ce..a5de1b91 100644
--- a/packages/schemas/src/v3/bitbucket.schema.ts
+++ b/packages/schemas/src/v3/bitbucket.schema.ts
@@ -14,25 +14,7 @@ const schema = {
     },
     "token": {
       "description": "An authentication token.",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/packages/schemas/src/v3/bitbucket.type.ts b/packages/schemas/src/v3/bitbucket.type.ts
index 260d949d..cbd8d9d8 100644
--- a/packages/schemas/src/v3/bitbucket.type.ts
+++ b/packages/schemas/src/v3/bitbucket.type.ts
@@ -12,19 +12,12 @@ export interface BitbucketConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Bitbucket URL
    */
diff --git a/packages/schemas/src/v3/connection.schema.ts b/packages/schemas/src/v3/connection.schema.ts
index e0bcbc48..64872ab1 100644
--- a/packages/schemas/src/v3/connection.schema.ts
+++ b/packages/schemas/src/v3/connection.schema.ts
@@ -14,25 +14,7 @@ const schema = {
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -227,25 +209,7 @@ const schema = {
         },
         "token": {
           "description": "An authentication token.",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -434,25 +398,7 @@ const schema = {
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -706,25 +652,7 @@ const schema = {
         },
         "token": {
           "description": "An authentication token.",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -879,25 +807,7 @@ const schema = {
         },
         "token": {
           "description": "A Personal Access Token (PAT).",
-          "examples": [
-            {
-              "secret": "SECRET_KEY"
-            }
-          ],
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
diff --git a/packages/schemas/src/v3/connection.type.ts b/packages/schemas/src/v3/connection.type.ts
index df31c465..0f62c980 100644
--- a/packages/schemas/src/v3/connection.type.ts
+++ b/packages/schemas/src/v3/connection.type.ts
@@ -17,19 +17,12 @@ export interface GithubConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitHub host. Defaults to https://github.com
    */
@@ -106,19 +99,12 @@ export interface GitlabConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitLab host. Defaults to https://gitlab.com
    */
@@ -177,19 +163,12 @@ export interface GiteaConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Gitea host. Defaults to https://gitea.com
    */
@@ -263,19 +242,12 @@ export interface BitbucketConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Bitbucket URL
    */
@@ -320,19 +292,12 @@ export interface AzureDevOpsConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Azure DevOps host. For Azure DevOps Cloud, use https://dev.azure.com. For Azure DevOps Server, use your server URL.
    */
diff --git a/packages/schemas/src/v3/gitea.schema.ts b/packages/schemas/src/v3/gitea.schema.ts
index 1e1283ee..2e15067e 100644
--- a/packages/schemas/src/v3/gitea.schema.ts
+++ b/packages/schemas/src/v3/gitea.schema.ts
@@ -10,25 +10,7 @@ const schema = {
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/packages/schemas/src/v3/gitea.type.ts b/packages/schemas/src/v3/gitea.type.ts
index ec9e3046..afbedaf3 100644
--- a/packages/schemas/src/v3/gitea.type.ts
+++ b/packages/schemas/src/v3/gitea.type.ts
@@ -8,19 +8,12 @@ export interface GiteaConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Gitea host. Defaults to https://gitea.com
    */
diff --git a/packages/schemas/src/v3/github.schema.ts b/packages/schemas/src/v3/github.schema.ts
index c29e1c08..d32ff6fe 100644
--- a/packages/schemas/src/v3/github.schema.ts
+++ b/packages/schemas/src/v3/github.schema.ts
@@ -10,25 +10,7 @@ const schema = {
     },
     "token": {
       "description": "A Personal Access Token (PAT).",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/packages/schemas/src/v3/github.type.ts b/packages/schemas/src/v3/github.type.ts
index 4cb73c9b..980f2f9f 100644
--- a/packages/schemas/src/v3/github.type.ts
+++ b/packages/schemas/src/v3/github.type.ts
@@ -8,19 +8,12 @@ export interface GithubConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitHub host. Defaults to https://github.com
    */
diff --git a/packages/schemas/src/v3/gitlab.schema.ts b/packages/schemas/src/v3/gitlab.schema.ts
index 72d367e1..ee0cfd56 100644
--- a/packages/schemas/src/v3/gitlab.schema.ts
+++ b/packages/schemas/src/v3/gitlab.schema.ts
@@ -10,25 +10,7 @@ const schema = {
     },
     "token": {
       "description": "An authentication token.",
-      "examples": [
-        {
-          "secret": "SECRET_KEY"
-        }
-      ],
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
diff --git a/packages/schemas/src/v3/gitlab.type.ts b/packages/schemas/src/v3/gitlab.type.ts
index f25193b8..98a8d960 100644
--- a/packages/schemas/src/v3/gitlab.type.ts
+++ b/packages/schemas/src/v3/gitlab.type.ts
@@ -8,19 +8,12 @@ export interface GitlabConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitLab host. Defaults to https://gitlab.com
    */
diff --git a/packages/schemas/src/v3/index.schema.ts b/packages/schemas/src/v3/index.schema.ts
index e49d998b..90e7c0ae 100644
--- a/packages/schemas/src/v3/index.schema.ts
+++ b/packages/schemas/src/v3/index.schema.ts
@@ -297,25 +297,7 @@ const schema = {
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -510,25 +492,7 @@ const schema = {
                 },
                 "token": {
                   "description": "An authentication token.",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -717,25 +681,7 @@ const schema = {
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -989,25 +935,7 @@ const schema = {
                 },
                 "token": {
                   "description": "An authentication token.",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1162,25 +1090,7 @@ const schema = {
                 },
                 "token": {
                   "description": "A Personal Access Token (PAT).",
-                  "examples": [
-                    {
-                      "secret": "SECRET_KEY"
-                    }
-                  ],
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1452,19 +1362,6 @@ const schema = {
               "accessKeyId": {
                 "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1483,19 +1380,6 @@ const schema = {
               "accessKeySecret": {
                 "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1514,19 +1398,6 @@ const schema = {
               "sessionToken": {
                 "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1568,19 +1439,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1625,19 +1483,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1671,19 +1516,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1732,19 +1564,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1782,19 +1601,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1839,19 +1645,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1885,19 +1678,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -1942,19 +1722,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -1988,19 +1755,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2061,19 +1815,6 @@ const schema = {
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2107,19 +1848,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2182,19 +1910,6 @@ const schema = {
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2228,19 +1943,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2285,19 +1987,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2331,19 +2020,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2394,19 +2070,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2450,19 +2113,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2507,19 +2157,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2556,19 +2193,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2600,19 +2224,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2668,19 +2279,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2714,19 +2312,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2775,19 +2360,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2821,19 +2393,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -2881,19 +2440,6 @@ const schema = {
               "accessKeyId": {
                 "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2912,19 +2458,6 @@ const schema = {
               "accessKeySecret": {
                 "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2943,19 +2476,6 @@ const schema = {
               "sessionToken": {
                 "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -2997,19 +2517,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3054,19 +2561,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3100,19 +2594,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3161,19 +2642,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3211,19 +2679,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3268,19 +2723,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3314,19 +2756,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3371,19 +2800,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3417,19 +2833,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3490,19 +2893,6 @@ const schema = {
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3536,19 +2926,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3611,19 +2988,6 @@ const schema = {
               },
               "credentials": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3657,19 +3021,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3714,19 +3065,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3760,19 +3098,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3823,19 +3148,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3879,19 +3191,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -3936,19 +3235,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -3985,19 +3271,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4029,19 +3302,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4097,19 +3357,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4143,19 +3390,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4204,19 +3438,6 @@ const schema = {
               },
               "token": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4250,19 +3471,6 @@ const schema = {
                       },
                       {
                         "anyOf": [
-                          {
-                            "type": "object",
-                            "properties": {
-                              "secret": {
-                                "type": "string",
-                                "description": "The name of the secret that contains the token."
-                              }
-                            },
-                            "required": [
-                              "secret"
-                            ],
-                            "additionalProperties": false
-                          },
                           {
                             "type": "object",
                             "properties": {
@@ -4323,19 +3531,6 @@ const schema = {
               },
               "privateKey": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
@@ -4385,19 +3580,6 @@ const schema = {
               },
               "privateKey": {
                 "anyOf": [
-                  {
-                    "type": "object",
-                    "properties": {
-                      "secret": {
-                        "type": "string",
-                        "description": "The name of the secret that contains the token."
-                      }
-                    },
-                    "required": [
-                      "secret"
-                    ],
-                    "additionalProperties": false
-                  },
                   {
                     "type": "object",
                     "properties": {
diff --git a/packages/schemas/src/v3/index.type.ts b/packages/schemas/src/v3/index.type.ts
index eb2b412c..75acc3d8 100644
--- a/packages/schemas/src/v3/index.type.ts
+++ b/packages/schemas/src/v3/index.type.ts
@@ -155,19 +155,12 @@ export interface GithubConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitHub host. Defaults to https://github.com
    */
@@ -244,19 +237,12 @@ export interface GitlabConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the GitLab host. Defaults to https://gitlab.com
    */
@@ -315,19 +301,12 @@ export interface GiteaConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Gitea host. Defaults to https://gitea.com
    */
@@ -401,19 +380,12 @@ export interface BitbucketConnectionConfig {
   /**
    * An authentication token.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Bitbucket URL
    */
@@ -458,19 +430,12 @@ export interface AzureDevOpsConnectionConfig {
   /**
    * A Personal Access Token (PAT).
    */
-  token:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The URL of the Azure DevOps host. For Azure DevOps Cloud, use https://dev.azure.com. For Azure DevOps Server, use your server URL.
    */
@@ -551,51 +516,30 @@ export interface AmazonBedrockLanguageModel {
   /**
    * Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.
    */
-  accessKeyId?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  accessKeyId?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.
    */
-  accessKeySecret?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  accessKeySecret?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.
    */
-  sessionToken?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  sessionToken?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The AWS region. Defaults to the `AWS_REGION` environment variable.
    */
@@ -616,20 +560,12 @@ export interface LanguageModelHeaders {
    */
   [k: string]:
     | string
-    | (
-        | {
-            /**
-             * The name of the secret that contains the token.
-             */
-            secret: string;
-          }
-        | {
-            /**
-             * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-             */
-            env: string;
-          }
-      );
+    | {
+        /**
+         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+         */
+        env: string;
+      };
 }
 export interface AnthropicLanguageModel {
   /**
@@ -647,19 +583,12 @@ export interface AnthropicLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `ANTHROPIC_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -686,19 +615,12 @@ export interface AzureLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `AZURE_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Sets a custom api version. Defaults to `preview`.
    */
@@ -725,19 +647,12 @@ export interface DeepSeekLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `DEEPSEEK_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -760,19 +675,12 @@ export interface GoogleGenerativeAILanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `GOOGLE_GENERATIVE_AI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -803,19 +711,12 @@ export interface GoogleVertexAnthropicLanguageModel {
   /**
    * Optional file path to service account credentials JSON. Defaults to the `GOOGLE_APPLICATION_CREDENTIALS` environment variable or application default credentials.
    */
-  credentials?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  credentials?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -846,19 +747,12 @@ export interface GoogleVertexLanguageModel {
   /**
    * Optional file path to service account credentials JSON. Defaults to the `GOOGLE_APPLICATION_CREDENTIALS` environment variable or application default credentials.
    */
-  credentials?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  credentials?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -881,19 +775,12 @@ export interface MistralLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `MISTRAL_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -916,19 +803,12 @@ export interface OpenAILanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `OPENAI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -955,19 +835,12 @@ export interface OpenAICompatibleLanguageModel {
   /**
    * Optional API key. If specified, adds an `Authorization` header to request headers with the value Bearer <token>.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Base URL of the OpenAI-compatible chat completions API endpoint.
    */
@@ -989,20 +862,12 @@ export interface LanguageModelQueryParams {
    */
   [k: string]:
     | string
-    | (
-        | {
-            /**
-             * The name of the secret that contains the token.
-             */
-            secret: string;
-          }
-        | {
-            /**
-             * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-             */
-            env: string;
-          }
-      );
+    | {
+        /**
+         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+         */
+        env: string;
+      };
 }
 export interface OpenRouterLanguageModel {
   /**
@@ -1020,19 +885,12 @@ export interface OpenRouterLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `OPENROUTER_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -1055,19 +913,12 @@ export interface XaiLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `XAI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -1090,17 +941,10 @@ export interface GitHubAppConfig {
   /**
    * The private key of the GitHub App.
    */
-  privateKey:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  privateKey: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
 }
diff --git a/packages/schemas/src/v3/languageModel.schema.ts b/packages/schemas/src/v3/languageModel.schema.ts
index 3bdb4c00..e3f72781 100644
--- a/packages/schemas/src/v3/languageModel.schema.ts
+++ b/packages/schemas/src/v3/languageModel.schema.ts
@@ -21,19 +21,6 @@ const schema = {
         "accessKeyId": {
           "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -52,19 +39,6 @@ const schema = {
         "accessKeySecret": {
           "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -83,19 +57,6 @@ const schema = {
         "sessionToken": {
           "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -137,19 +98,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -194,19 +142,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -240,19 +175,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -301,19 +223,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -351,19 +260,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -408,19 +304,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -454,19 +337,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -511,19 +381,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -557,19 +414,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -630,19 +474,6 @@ const schema = {
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -676,19 +507,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -751,19 +569,6 @@ const schema = {
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -797,19 +602,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -854,19 +646,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -900,19 +679,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -963,19 +729,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1019,19 +772,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1076,19 +816,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1125,19 +852,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1169,19 +883,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1237,19 +938,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1283,19 +971,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1344,19 +1019,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1390,19 +1052,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1450,19 +1099,6 @@ const schema = {
         "accessKeyId": {
           "description": "Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1481,19 +1117,6 @@ const schema = {
         "accessKeySecret": {
           "description": "Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1512,19 +1135,6 @@ const schema = {
         "sessionToken": {
           "description": "Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.",
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1566,19 +1176,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1623,19 +1220,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1669,19 +1253,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1730,19 +1301,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1780,19 +1338,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1837,19 +1382,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1883,19 +1415,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -1940,19 +1459,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -1986,19 +1492,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2059,19 +1552,6 @@ const schema = {
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2105,19 +1585,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2180,19 +1647,6 @@ const schema = {
         },
         "credentials": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2226,19 +1680,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2283,19 +1724,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2329,19 +1757,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2392,19 +1807,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2448,19 +1850,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2505,19 +1894,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2554,19 +1930,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2598,19 +1961,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2666,19 +2016,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2712,19 +2049,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
@@ -2773,19 +2097,6 @@ const schema = {
         },
         "token": {
           "anyOf": [
-            {
-              "type": "object",
-              "properties": {
-                "secret": {
-                  "type": "string",
-                  "description": "The name of the secret that contains the token."
-                }
-              },
-              "required": [
-                "secret"
-              ],
-              "additionalProperties": false
-            },
             {
               "type": "object",
               "properties": {
@@ -2819,19 +2130,6 @@ const schema = {
                 },
                 {
                   "anyOf": [
-                    {
-                      "type": "object",
-                      "properties": {
-                        "secret": {
-                          "type": "string",
-                          "description": "The name of the secret that contains the token."
-                        }
-                      },
-                      "required": [
-                        "secret"
-                      ],
-                      "additionalProperties": false
-                    },
                     {
                       "type": "object",
                       "properties": {
diff --git a/packages/schemas/src/v3/languageModel.type.ts b/packages/schemas/src/v3/languageModel.type.ts
index 58b9aac6..48f5b83e 100644
--- a/packages/schemas/src/v3/languageModel.type.ts
+++ b/packages/schemas/src/v3/languageModel.type.ts
@@ -30,51 +30,30 @@ export interface AmazonBedrockLanguageModel {
   /**
    * Optional access key ID to use with the model. Defaults to the `AWS_ACCESS_KEY_ID` environment variable.
    */
-  accessKeyId?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  accessKeyId?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional secret access key to use with the model. Defaults to the `AWS_SECRET_ACCESS_KEY` environment variable.
    */
-  accessKeySecret?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  accessKeySecret?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional session token to use with the model. Defaults to the `AWS_SESSION_TOKEN` environment variable.
    */
-  sessionToken?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  sessionToken?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * The AWS region. Defaults to the `AWS_REGION` environment variable.
    */
@@ -95,20 +74,12 @@ export interface LanguageModelHeaders {
    */
   [k: string]:
     | string
-    | (
-        | {
-            /**
-             * The name of the secret that contains the token.
-             */
-            secret: string;
-          }
-        | {
-            /**
-             * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-             */
-            env: string;
-          }
-      );
+    | {
+        /**
+         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+         */
+        env: string;
+      };
 }
 export interface AnthropicLanguageModel {
   /**
@@ -126,19 +97,12 @@ export interface AnthropicLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `ANTHROPIC_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -165,19 +129,12 @@ export interface AzureLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `AZURE_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Sets a custom api version. Defaults to `preview`.
    */
@@ -204,19 +161,12 @@ export interface DeepSeekLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `DEEPSEEK_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -239,19 +189,12 @@ export interface GoogleGenerativeAILanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `GOOGLE_GENERATIVE_AI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -282,19 +225,12 @@ export interface GoogleVertexAnthropicLanguageModel {
   /**
    * Optional file path to service account credentials JSON. Defaults to the `GOOGLE_APPLICATION_CREDENTIALS` environment variable or application default credentials.
    */
-  credentials?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  credentials?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -325,19 +261,12 @@ export interface GoogleVertexLanguageModel {
   /**
    * Optional file path to service account credentials JSON. Defaults to the `GOOGLE_APPLICATION_CREDENTIALS` environment variable or application default credentials.
    */
-  credentials?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  credentials?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -360,19 +289,12 @@ export interface MistralLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `MISTRAL_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -395,19 +317,12 @@ export interface OpenAILanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `OPENAI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -434,19 +349,12 @@ export interface OpenAICompatibleLanguageModel {
   /**
    * Optional API key. If specified, adds an `Authorization` header to request headers with the value Bearer <token>.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Base URL of the OpenAI-compatible chat completions API endpoint.
    */
@@ -468,20 +376,12 @@ export interface LanguageModelQueryParams {
    */
   [k: string]:
     | string
-    | (
-        | {
-            /**
-             * The name of the secret that contains the token.
-             */
-            secret: string;
-          }
-        | {
-            /**
-             * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-             */
-            env: string;
-          }
-      );
+    | {
+        /**
+         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+         */
+        env: string;
+      };
 }
 export interface OpenRouterLanguageModel {
   /**
@@ -499,19 +399,12 @@ export interface OpenRouterLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `OPENROUTER_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
@@ -534,19 +427,12 @@ export interface XaiLanguageModel {
   /**
    * Optional API key to use with the model. Defaults to the `XAI_API_KEY` environment variable.
    */
-  token?:
-    | {
-        /**
-         * The name of the secret that contains the token.
-         */
-        secret: string;
-      }
-    | {
-        /**
-         * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-         */
-        env: string;
-      };
+  token?: {
+    /**
+     * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+     */
+    env: string;
+  };
   /**
    * Optional base URL.
    */
diff --git a/packages/schemas/src/v3/shared.schema.ts b/packages/schemas/src/v3/shared.schema.ts
index 5ecacd44..44238cad 100644
--- a/packages/schemas/src/v3/shared.schema.ts
+++ b/packages/schemas/src/v3/shared.schema.ts
@@ -5,19 +5,6 @@ const schema = {
   "definitions": {
     "Token": {
       "anyOf": [
-        {
-          "type": "object",
-          "properties": {
-            "secret": {
-              "type": "string",
-              "description": "The name of the secret that contains the token."
-            }
-          },
-          "required": [
-            "secret"
-          ],
-          "additionalProperties": false
-        },
         {
           "type": "object",
           "properties": {
@@ -85,19 +72,6 @@ const schema = {
             },
             {
               "anyOf": [
-                {
-                  "type": "object",
-                  "properties": {
-                    "secret": {
-                      "type": "string",
-                      "description": "The name of the secret that contains the token."
-                    }
-                  },
-                  "required": [
-                    "secret"
-                  ],
-                  "additionalProperties": false
-                },
                 {
                   "type": "object",
                   "properties": {
@@ -129,19 +103,6 @@ const schema = {
             },
             {
               "anyOf": [
-                {
-                  "type": "object",
-                  "properties": {
-                    "secret": {
-                      "type": "string",
-                      "description": "The name of the secret that contains the token."
-                    }
-                  },
-                  "required": [
-                    "secret"
-                  ],
-                  "additionalProperties": false
-                },
                 {
                   "type": "object",
                   "properties": {
diff --git a/packages/schemas/src/v3/shared.type.ts b/packages/schemas/src/v3/shared.type.ts
index 727de2be..23113f50 100644
--- a/packages/schemas/src/v3/shared.type.ts
+++ b/packages/schemas/src/v3/shared.type.ts
@@ -4,19 +4,12 @@
  * This interface was referenced by `Shared`'s JSON-Schema
  * via the `definition` "Token".
  */
-export type Token =
-  | {
-      /**
-       * The name of the secret that contains the token.
-       */
-      secret: string;
-    }
-  | {
-      /**
-       * The name of the environment variable that contains the token. Only supported in declarative connection configs.
-       */
-      env: string;
-    };
+export type Token = {
+  /**
+   * The name of the environment variable that contains the token. Only supported in declarative connection configs.
+   */
+  env: string;
+};
 
 export interface Shared {
   [k: string]: unknown;
diff --git a/packages/web/src/actions.ts b/packages/web/src/actions.ts
index 7c3a472a..895084e0 100644
--- a/packages/web/src/actions.ts
+++ b/packages/web/src/actions.ts
@@ -255,89 +255,6 @@ export const completeOnboarding = async (domain: string): Promise<{ success: boo
         })
     ));
 
-export const getSecrets = async (domain: string): Promise<{ createdAt: Date; key: string; }[] | ServiceError> => sew(() =>
-    withAuth((userId) =>
-        withOrgMembership(userId, domain, async ({ org }) => {
-            const secrets = await prisma.secret.findMany({
-                where: {
-                    orgId: org.id,
-                },
-                select: {
-                    key: true,
-                    createdAt: true
-                }
-            });
-
-            return secrets.map((secret) => ({
-                key: secret.key,
-                createdAt: secret.createdAt,
-            }));
-        })));
-
-export const createSecret = async (key: string, value: string, domain: string): Promise<{ success: boolean } | ServiceError> => sew(() =>
-    withAuth((userId) =>
-        withOrgMembership(userId, domain, async ({ org }) => {
-            const encrypted = encrypt(value);
-            const existingSecret = await prisma.secret.findUnique({
-                where: {
-                    orgId_key: {
-                        orgId: org.id,
-                        key,
-                    }
-                }
-            });
-
-            if (existingSecret) {
-                return secretAlreadyExists();
-            }
-
-            await prisma.secret.create({
-                data: {
-                    orgId: org.id,
-                    key,
-                    encryptedValue: encrypted.encryptedData,
-                    iv: encrypted.iv,
-                }
-            });
-
-
-            return {
-                success: true,
-            }
-        })));
-
-export const checkIfSecretExists = async (key: string, domain: string): Promise<boolean | ServiceError> => sew(() =>
-    withAuth((userId) =>
-        withOrgMembership(userId, domain, async ({ org }) => {
-            const secret = await prisma.secret.findUnique({
-                where: {
-                    orgId_key: {
-                        orgId: org.id,
-                        key,
-                    }
-                }
-            });
-
-            return !!secret;
-        })));
-
-export const deleteSecret = async (key: string, domain: string): Promise<{ success: boolean } | ServiceError> => sew(() =>
-    withAuth((userId) =>
-        withOrgMembership(userId, domain, async ({ org }) => {
-            await prisma.secret.delete({
-                where: {
-                    orgId_key: {
-                        orgId: org.id,
-                        key,
-                    }
-                }
-            });
-
-            return {
-                success: true,
-            }
-        })));
-
 export const verifyApiKey = async (apiKeyPayload: ApiKeyPayload): Promise<{ apiKey: ApiKey } | ServiceError> => sew(async () => {
     const parts = apiKeyPayload.apiKey.split("-");
     if (parts.length !== 2 || parts[0] !== "sourcebot") {
@@ -1778,21 +1695,21 @@ export const getRepoImage = async (repoId: number): Promise<ArrayBuffer | Servic
                 if (connection.connectionType === 'github') {
                     const config = connection.config as unknown as GithubConnectionConfig;
                     if (config.token) {
-                        const token = await getTokenFromConfig(config.token, connection.orgId, prisma);
+                        const token = await getTokenFromConfig(config.token);
                         authHeaders['Authorization'] = `token ${token}`;
                         break;
                     }
                 } else if (connection.connectionType === 'gitlab') {
                     const config = connection.config as unknown as GitlabConnectionConfig;
                     if (config.token) {
-                        const token = await getTokenFromConfig(config.token, connection.orgId, prisma);
+                        const token = await getTokenFromConfig(config.token);
                         authHeaders['PRIVATE-TOKEN'] = token;
                         break;
                     }
                 } else if (connection.connectionType === 'gitea') {
                     const config = connection.config as unknown as GiteaConnectionConfig;
                     if (config.token) {
-                        const token = await getTokenFromConfig(config.token, connection.orgId, prisma);
+                        const token = await getTokenFromConfig(config.token);
                         authHeaders['Authorization'] = `token ${token}`;
                         break;
                     }
diff --git a/packages/web/src/app/[domain]/components/importSecretDialog.tsx b/packages/web/src/app/[domain]/components/importSecretDialog.tsx
deleted file mode 100644
index b67fea7a..00000000
--- a/packages/web/src/app/[domain]/components/importSecretDialog.tsx
+++ /dev/null
@@ -1,314 +0,0 @@
-'use client';
-
-import { checkIfSecretExists, createSecret } from "@/actions";
-import { useToast } from "@/components/hooks/use-toast";
-import { Button } from "@/components/ui/button";
-import { Dialog, DialogContent, DialogDescription, DialogHeader, DialogTitle } from "@/components/ui/dialog";
-import { Form, FormControl, FormDescription, FormField, FormItem, FormLabel, FormMessage } from "@/components/ui/form";
-import { Input } from "@/components/ui/input";
-import { Separator } from "@/components/ui/separator";
-import useCaptureEvent from "@/hooks/useCaptureEvent";
-import { useDomain } from "@/hooks/useDomain";
-import { CodeHostType, isServiceError } from "@/lib/utils";
-import githubPatCreation from "@/public/github_pat_creation.png";
-import gitlabPatCreation from "@/public/gitlab_pat_creation.png";
-import giteaPatCreation from "@/public/gitea_pat_creation.png";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { Eye, EyeOff, Loader2 } from "lucide-react";
-import Image from "next/image";
-import Link from "next/link";
-import { useCallback, useMemo, useState } from "react";
-import { useForm } from "react-hook-form";
-import { z } from "zod";
-
-
-interface ImportSecretDialogProps {
-    open: boolean;
-    onOpenChange: (open: boolean) => void;
-    onSecretCreated: (key: string) => void;
-    codeHostType: CodeHostType;
-}
-
-
-export const ImportSecretDialog = ({ open, onOpenChange, onSecretCreated, codeHostType }: ImportSecretDialogProps) => {
-    const [showValue, setShowValue] = useState(false);
-    const domain = useDomain();
-    const { toast } = useToast();
-    const captureEvent = useCaptureEvent();
-
-    const formSchema = z.object({
-        key: z.string().min(1).refine(async (key) => {
-            const doesSecretExist = await checkIfSecretExists(key, domain);
-            if(!isServiceError(doesSecretExist)) {
-                captureEvent('wa_secret_combobox_import_secret_fail', {
-                    type: codeHostType,
-                    error: "A secret with this key already exists.",
-                });
-            }
-            return isServiceError(doesSecretExist) || !doesSecretExist;
-        }, "A secret with this key already exists."),
-        value: z.string().min(1),
-    });
-
-    const form = useForm<z.infer<typeof formSchema>>({
-        resolver: zodResolver(formSchema),
-        defaultValues: {
-            key: "",
-            value: "",
-        },
-    });
-    const { isSubmitting } = form.formState;
-
-    const onSubmit = useCallback(async (data: z.infer<typeof formSchema>) => {
-        const response = await createSecret(data.key, data.value, domain);
-        if (isServiceError(response)) {
-            toast({
-                description: `❌ Failed to create secret. Reason: ${response.message}`
-            });
-            captureEvent('wa_secret_combobox_import_secret_fail', {
-                type: codeHostType,
-                error: response.message,
-            });
-        } else {
-            toast({
-                description: `✅ Secret created successfully!`
-            });
-            captureEvent('wa_secret_combobox_import_secret_success', {
-                type: codeHostType,
-            });
-            form.reset();
-            onOpenChange(false);
-            onSecretCreated(data.key);
-        }
-    }, [domain, toast, onOpenChange, onSecretCreated, form, codeHostType, captureEvent]);
-
-    const codeHostSpecificStep = useMemo(() => {
-        switch (codeHostType) {
-            case 'github':
-                return <GitHubPATCreationStep step={1} />;
-            case 'gitlab':
-                return <GitLabPATCreationStep step={1} />;
-            case 'bitbucket-cloud':
-                return <BitbucketCloudPATCreationStep step={1} />;
-            case 'bitbucket-server':
-                return <BitbucketServerPATCreationStep step={1} />;
-            case 'gitea':
-                return <GiteaPATCreationStep step={1} />;
-            case 'gerrit':
-                return null;
-        }
-    }, [codeHostType]);
-
-
-    return (
-        <Dialog
-            open={open}
-            onOpenChange={onOpenChange}
-        >
-            <DialogContent
-                className="p-16 max-w-[90vw] sm:max-w-2xl max-h-[80vh] overflow-scroll rounded-lg"
-            >
-                <DialogHeader>
-                    <DialogTitle className="text-2xl font-semibold">Import a secret</DialogTitle>
-                    <DialogDescription>
-                        Secrets are used to authenticate with a code host. They are encrypted at rest using <Link href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" target="_blank" className="underline">AES-256-CBC</Link>.
-                        Checkout our <Link href="https://sourcebot.dev/security" target="_blank" className="underline">security docs</Link> for more information.
-                    </DialogDescription>
-                </DialogHeader>
-
-                <Form
-                    {...form}
-                >
-                    <form
-                        className="space-y-4 flex flex-col mt-4 gap-4"
-                        onSubmit={(event) => {
-                            event.stopPropagation();
-                            form.handleSubmit(onSubmit)(event);
-                        }}
-                    >
-                        {codeHostSpecificStep}
-
-                        <SecretCreationStep
-                            step={2}
-                            title="Import the secret"
-                            description="Copy the generated token and paste it below."
-                        >
-                            <FormField
-                                control={form.control}
-                                name="value"
-                                render={({ field }) => (
-                                    <FormItem>
-                                        <FormLabel>Value</FormLabel>
-                                        <FormControl>
-                                            <div className="relative">
-                                                <Input
-                                                    {...field}
-                                                    type={showValue ? "text" : "password"}
-                                                    placeholder="Enter your secret value"
-                                                />
-                                                <Button
-                                                    type="button"
-                                                    variant="ghost"
-                                                    size="sm"
-                                                    className="absolute right-2 top-1/2 -translate-y-1/2"
-                                                    onClick={() => setShowValue(!showValue)}
-                                                >
-                                                    {showValue ? (
-                                                        <EyeOff className="h-4 w-4" />
-                                                    ) : (
-                                                        <Eye className="h-4 w-4" />
-                                                    )}
-                                                </Button>
-                                            </div>
-                                        </FormControl>
-                                        <FormDescription>
-                                            The secret value to store securely.
-                                        </FormDescription>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-                        </SecretCreationStep>
-
-                        <SecretCreationStep
-                            step={3}
-                            title="Name the secret"
-                            description="Give the secret a unique name so that it can be referenced in a connection config."
-                        >
-                            <FormField
-                                control={form.control}
-                                name="key"
-                                render={({ field }) => (
-                                    <FormItem>
-                                        <FormLabel>Key</FormLabel>
-                                        <FormControl>
-                                            <Input
-                                                placeholder="my-access-token"
-                                                {...field}
-                                            />
-                                        </FormControl>
-                                        <FormDescription>
-                                            A unique name to identify this secret.
-                                        </FormDescription>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-                        </SecretCreationStep>
-
-                        <div className="flex justify-end w-full">
-                            <Button
-                                type="submit"
-                                disabled={isSubmitting}
-                            >
-                                {isSubmitting && <Loader2 className="h-4 w-4 animate-spin mr-2" />}
-                                Import Secret
-                            </Button>
-                        </div>
-                    </form>
-                </Form>
-            </DialogContent>
-        </Dialog>
-    )
-}
-
-const GitHubPATCreationStep = ({ step }: { step: number }) => {
-    return (
-        <SecretCreationStep
-            step={step}
-            title="Create a Personal Access Token"
-            description=<span>Navigate <Link href="https://github.com/settings/tokens/new" target="_blank" className="underline">here on github.com</Link> (or your enterprise instance) and create a new personal access token. Sourcebot needs the <strong>repo</strong> scope in order to access private repositories:</span>
-        >
-            <Image
-                className="mx-auto rounded-sm"
-                src={githubPatCreation}
-                alt="Create a personal access token"
-                width={500}
-                height={500}
-            />
-        </SecretCreationStep>
-    )
-}
-
-const GitLabPATCreationStep = ({ step }: { step: number }) => {
-    return (
-        <SecretCreationStep
-            step={step}
-            title="Create a Personal Access Token"
-            description=<span>Navigate <Link href="https://gitlab.com/-/user_settings/personal_access_tokens" target="_blank" className="underline">here on gitlab.com</Link> (or your self-hosted instance) and create a new personal access token. Sourcebot needs the <strong>read_api</strong> scope in order to access private projects:</span>
-        >
-            <Image
-                className="mx-auto rounded-sm"
-                src={gitlabPatCreation}
-                alt="Create a personal access token"
-                width={600}
-                height={600}
-            />
-        </SecretCreationStep>
-    )
-}
-
-const GiteaPATCreationStep = ({ step }: { step: number }) => {
-    return (
-        <SecretCreationStep
-            step={step}
-            title="Create a Personal Access Token"
-            description=<span>Navigate <Link href="https://gitea.com/user/settings/applications" target="_blank" className="underline">here on gitea.com</Link> (or your self-hosted instance) and create a new access token. Sourcebot needs the <strong>read:repository</strong>, <strong>read:user</strong>, and <strong>read:organization</strong> scopes:</span>
-        >
-            <Image
-                className="mx-auto rounded-sm"
-                src={giteaPatCreation}
-                alt="Create a personal access token"
-                width={600}
-                height={600}
-            />
-        </SecretCreationStep>
-    )
-}
-
-const BitbucketCloudPATCreationStep = ({ step }: { step: number }) => {
-    return (
-        <SecretCreationStep
-            step={step}
-            title="Create an Access Token"
-            description=<span>Please check out our <Link href="https://docs.sourcebot.dev/docs/connections/bitbucket-cloud#authenticating-with-bitbucket-cloud" target="_blank" className="underline">docs</Link> for more information on how to create auth credentials for Bitbucket Cloud.</span>
-        >
-        </SecretCreationStep>
-    )
-}
-
-const BitbucketServerPATCreationStep = ({ step }: { step: number }) => {
-    return (
-        <SecretCreationStep
-            step={step}
-            title="Create an Access Token"
-            description=<span>Please check out our <Link href="https://docs.sourcebot.dev/docs/connections/bitbucket-data-center#authenticating-with-bitbucket-data-center" target="_blank" className="underline">docs</Link> for more information on how to create auth credentials for Bitbucket Data Center.</span>
-        >
-        </SecretCreationStep>
-    )
-}
-
-interface SecretCreationStepProps {
-    step: number;
-    title: string;
-    description: string | React.ReactNode;
-    children?: React.ReactNode;
-}
-
-const SecretCreationStep = ({ step, title, description, children }: SecretCreationStepProps) => {
-    return (
-        <div className="relative flex flex-col gap-2">
-            <div className="absolute -left-10 flex flex-col items-center gap-2 h-full">
-                <span className="text-md font-semibold border rounded-full px-2">{step}</span>
-                <Separator className="h-5/6" orientation="vertical" />
-            </div>
-            <h3 className="text-md font-semibold">
-                {title}
-            </h3>
-            <p className="text-sm text-muted-foreground">
-                {description}
-            </p>
-            {children}
-        </div>
-    )
-}
\ No newline at end of file
diff --git a/packages/web/src/app/[domain]/settings/layout.tsx b/packages/web/src/app/[domain]/settings/layout.tsx
index 8367a4ba..ccac2e99 100644
--- a/packages/web/src/app/[domain]/settings/layout.tsx
+++ b/packages/web/src/app/[domain]/settings/layout.tsx
@@ -106,10 +106,6 @@ export default async function SettingsLayout(
                 isNotificationDotVisible: connectionStats.numberOfConnectionsWithFirstTimeSyncJobsInProgress > 0,
             }
         ] : []),
-        {
-            title: "Secrets",
-            href: `/${domain}/settings/secrets`,
-        },
         {
             title: "API Keys",
             href: `/${domain}/settings/apiKeys`,
diff --git a/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx b/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
deleted file mode 100644
index f92e2712..00000000
--- a/packages/web/src/app/[domain]/settings/secrets/components/importSecretCard.tsx
+++ /dev/null
@@ -1,66 +0,0 @@
-'use client';
-
-import { CodeHostIconButton } from "@/app/[domain]/components/codeHostIconButton";
-import { Card, CardTitle, CardDescription, CardHeader, CardContent } from "@/components/ui/card";
-import { getCodeHostIcon } from "@/lib/utils";
-import { cn, CodeHostType } from "@/lib/utils";
-import { useState } from "react";
-import { ImportSecretDialog } from "@/app/[domain]/components/importSecretDialog";
-import { useRouter } from "next/navigation";
-
-interface ImportSecretCardProps {
-    className?: string;
-}
-
-export const ImportSecretCard = ({ className }: ImportSecretCardProps) => {
-    const [selectedCodeHost, setSelectedCodeHost] = useState<CodeHostType | null>(null);
-    const [isImportSecretDialogOpen, setIsImportSecretDialogOpen] = useState(false);
-    const router = useRouter();
-
-    return (
-        <>
-            <Card className={cn(className)}>
-                <CardHeader>
-                    <CardTitle>Import a new secret</CardTitle>
-                    <CardDescription>Import a secret from a code host to allow Sourcebot to sync private repositories.</CardDescription>
-                </CardHeader>
-                <CardContent className="flex flex-row gap-4 w-full justify-center">
-                    <CodeHostIconButton
-                        name="GitHub"
-                        logo={getCodeHostIcon("github")}
-                        onClick={() => {
-                            setSelectedCodeHost("github");
-                            setIsImportSecretDialogOpen(true);
-                        }}
-                    />
-                    <CodeHostIconButton
-                        name="GitLab"
-                        logo={getCodeHostIcon("gitlab")}
-                        onClick={() => {
-                            setSelectedCodeHost("gitlab");
-                            setIsImportSecretDialogOpen(true);
-                        }}
-                    />
-                    <CodeHostIconButton
-                        name="Gitea"
-                        logo={getCodeHostIcon("gitea")}
-                        onClick={() => {
-                            setSelectedCodeHost("gitea");
-                            setIsImportSecretDialogOpen(true);
-                        }}
-                    />
-                </CardContent>
-            </Card>
-            {selectedCodeHost && (
-                <ImportSecretDialog
-                    open={isImportSecretDialogOpen}
-                    onOpenChange={setIsImportSecretDialogOpen}
-                    onSecretCreated={() => {
-                        router.refresh();
-                    }}
-                    codeHostType={selectedCodeHost ?? "github"}
-                />
-            )}
-        </>
-    )
-}
\ No newline at end of file
diff --git a/packages/web/src/app/[domain]/settings/secrets/components/secretsList.tsx b/packages/web/src/app/[domain]/settings/secrets/components/secretsList.tsx
deleted file mode 100644
index 92ed4df7..00000000
--- a/packages/web/src/app/[domain]/settings/secrets/components/secretsList.tsx
+++ /dev/null
@@ -1,158 +0,0 @@
-'use client';
-
-import { Input } from "@/components/ui/input";
-import { LucideKeyRound, MoreVertical, Search, LucideTrash } from "lucide-react";
-import { useState, useMemo, useCallback } from "react";
-import { Select, SelectContent, SelectItem, SelectTrigger, SelectValue } from "@/components/ui/select";
-import { getFormattedDate, isServiceError } from "@/lib/utils";
-import { DropdownMenu, DropdownMenuContent, DropdownMenuItem, DropdownMenuTrigger } from "@/components/ui/dropdown-menu";
-import { Button } from "@/components/ui/button";
-import { AlertDialog, AlertDialogAction, AlertDialogCancel, AlertDialogContent, AlertDialogDescription, AlertDialogFooter, AlertDialogHeader, AlertDialogTitle } from "@/components/ui/alert-dialog";
-import { deleteSecret } from "@/actions";
-import { useDomain } from "@/hooks/useDomain";
-import { useToast } from "@/components/hooks/use-toast";
-import { useRouter } from "next/navigation";
-import { CodeSnippet } from "@/app/components/codeSnippet";
-
-interface Secret {
-    key: string;
-    createdAt: Date;
-}
-
-interface SecretsListProps {
-    secrets: Secret[];
-}
-
-export const SecretsList = ({ secrets }: SecretsListProps) => {
-    const [searchQuery, setSearchQuery] = useState("");
-    const [dateSort, setDateSort] = useState<"newest" | "oldest">("newest");
-    const [secretToDelete, setSecretToDelete] = useState<Secret | null>(null);
-    const [isDeleteDialogOpen, setIsDeleteDialogOpen] = useState(false);
-    const domain = useDomain();
-    const { toast } = useToast();
-    const router = useRouter();
-
-    const filteredSecrets = useMemo(() => {
-        return secrets
-            .filter((secret) => {
-                const searchLower = searchQuery.toLowerCase();
-                const matchesSearch = secret.key.toLowerCase().includes(searchLower);
-                return matchesSearch;
-            })
-            .sort((a, b) => {
-                return dateSort === "newest"
-                    ? b.createdAt.getTime() - a.createdAt.getTime()
-                    : a.createdAt.getTime() - b.createdAt.getTime()
-            });
-    }, [secrets, searchQuery, dateSort]);
-
-    const onDeleteSecret = useCallback(() => {
-        deleteSecret(secretToDelete?.key ?? "", domain)
-            .then((response) => {
-                if (isServiceError(response)) {
-                    toast({
-                        description: `❌ Failed to delete secret. Reason: ${response.message}`
-                    })
-                } else {
-                    toast({
-                        description: `✅ Secret deleted successfully.`
-                    });
-                    router.refresh();
-                }
-            })
-    }, [domain, secretToDelete?.key, toast, router]);
-
-    return (
-        <div className="w-full mx-auto space-y-6">
-            <div className="flex gap-4 flex-col sm:flex-row">
-                <div className="relative flex-1">
-                    <Search className="absolute left-3 top-2.5 h-4 w-4 text-muted-foreground" />
-                    <Input
-                        placeholder="Filter by secret name..."
-                        className="pl-9"
-                        value={searchQuery}
-                        onChange={(e) => setSearchQuery(e.target.value)}
-                    />
-                </div>
-
-                <Select value={dateSort} onValueChange={(value) => setDateSort(value as "newest" | "oldest")}>
-                    <SelectTrigger className="w-[140px]">
-                        <SelectValue placeholder="Date" />
-                    </SelectTrigger>
-                    <SelectContent>
-                        <SelectItem value="newest">Newest</SelectItem>
-                        <SelectItem value="oldest">Oldest</SelectItem>
-                    </SelectContent>
-                </Select>
-            </div>
-
-            <div className="border rounded-lg overflow-hidden">
-                <div className="max-h-[600px] overflow-y-auto divide-y">
-                    {secrets.length === 0 || (filteredSecrets.length === 0 && searchQuery.length > 0) ? (
-                        <div className="flex flex-col items-center justify-center h-96 p-4">
-                            <p className="font-medium text-sm">No Secrets Found</p>
-                            <p className="text-sm text-muted-foreground mt-2">
-                                {filteredSecrets.length === 0 && searchQuery.length > 0 ? "No secrets found matching your filters." : "Use the form above to create a new secret."}
-                            </p>
-                        </div>
-                    ) : (
-                        filteredSecrets.map((secret) => (
-                            <div key={secret.key} className="p-4 flex items-center justify-between bg-background">
-                                <div className="flex items-center">
-                                    <LucideKeyRound className="w-4 h-4 mr-2" />
-                                    <p className="font-mono">{secret.key}</p>
-                                </div>
-                                <div className="flex items-center gap-4">
-                                    <p className="text-sm text-muted-foreground">
-                                        Created {getFormattedDate(secret.createdAt)}
-                                    </p>
-                                    <DropdownMenu modal={false}>
-                                            <DropdownMenuTrigger asChild>
-                                                <Button variant="ghost" className="h-8 w-8 p-0">
-                                                    <MoreVertical className="h-4 w-4" />
-                                                </Button>
-                                            </DropdownMenuTrigger>
-                                            <DropdownMenuContent align="end">
-                                                <DropdownMenuItem
-                                                    className="cursor-pointer text-destructive"
-                                                    onClick={() => {
-                                                        setSecretToDelete(secret);
-                                                        setIsDeleteDialogOpen(true);
-                                                    }}
-                                                >
-                                                    <LucideTrash className="w-4 h-4 mr-2" />
-                                                    Delete secret
-                                                </DropdownMenuItem>
-                                            </DropdownMenuContent>
-                                        </DropdownMenu>
-                                </div>
-                            </div>
-                        ))
-                    )}
-                </div>
-                </div>
-            <AlertDialog
-                open={isDeleteDialogOpen}
-                onOpenChange={setIsDeleteDialogOpen}
-            >
-                <AlertDialogContent>
-                    <AlertDialogHeader>
-                        <AlertDialogTitle>Delete Secret</AlertDialogTitle>
-                        <AlertDialogDescription>
-                            Are you sure you want to delete the secret <CodeSnippet>{secretToDelete?.key}</CodeSnippet>? Any connections that use this secret will <strong>fail to sync.</strong>
-                        </AlertDialogDescription>
-                    </AlertDialogHeader>
-                    <AlertDialogFooter>
-                        <AlertDialogCancel>Cancel</AlertDialogCancel>
-                        <AlertDialogAction
-                            className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
-                            onClick={onDeleteSecret}
-                        >
-                            Delete
-                        </AlertDialogAction>
-                    </AlertDialogFooter>
-                </AlertDialogContent>
-            </AlertDialog>
-        </div>
-    )
-}
diff --git a/packages/web/src/app/[domain]/settings/secrets/page.tsx b/packages/web/src/app/[domain]/settings/secrets/page.tsx
deleted file mode 100644
index 02714f59..00000000
--- a/packages/web/src/app/[domain]/settings/secrets/page.tsx
+++ /dev/null
@@ -1,36 +0,0 @@
-import { getSecrets } from "@/actions";
-import { SecretsList } from "./components/secretsList";
-import { isServiceError } from "@/lib/utils";
-import { ImportSecretCard } from "./components/importSecretCard";
-import { ServiceErrorException } from "@/lib/serviceError";
-
-interface SecretsPageProps {
-    params: Promise<{
-        domain: string;
-    }>
-}
-
-export default async function SecretsPage(props: SecretsPageProps) {
-    const params = await props.params;
-
-    const {
-        domain
-    } = params;
-
-    const secrets = await getSecrets(domain);
-    if (isServiceError(secrets)) {
-        throw new ServiceErrorException(secrets);
-    }
-
-    return (
-        <div className="flex flex-col gap-6">
-            <div>
-                <h3 className="text-lg font-medium">Manage Secrets</h3>
-                <p className="text-sm text-muted-foreground">These secrets grant Sourcebot access to private code.</p>
-            </div>
-
-            <SecretsList secrets={secrets} />
-            <ImportSecretCard className="mt-4" />
-        </div>
-    )
-}
\ No newline at end of file
diff --git a/packages/web/src/app/api/(server)/chat/route.ts b/packages/web/src/app/api/(server)/chat/route.ts
index d7f9368b..8f045305 100644
--- a/packages/web/src/app/api/(server)/chat/route.ts
+++ b/packages/web/src/app/api/(server)/chat/route.ts
@@ -92,7 +92,7 @@ export async function POST(req: Request) {
                     });
                 }
 
-                const { model, providerOptions } = await _getAISDKLanguageModelAndOptions(languageModelConfig, org.id);
+                const { model, providerOptions } = await _getAISDKLanguageModelAndOptions(languageModelConfig);
 
                 return createMessageStreamResponse({
                     messages,
diff --git a/packages/web/src/features/chat/actions.ts b/packages/web/src/features/chat/actions.ts
index 0e9638c4..ad4e9f12 100644
--- a/packages/web/src/features/chat/actions.ts
+++ b/packages/web/src/features/chat/actions.ts
@@ -21,7 +21,7 @@ import { createXai } from '@ai-sdk/xai';
 import { fromNodeProviderChain } from '@aws-sdk/credential-providers';
 import { createOpenRouter } from '@openrouter/ai-sdk-provider';
 import { getTokenFromConfig } from "@sourcebot/crypto";
-import { ChatVisibility, OrgRole, Prisma, PrismaClient } from "@sourcebot/db";
+import { ChatVisibility, OrgRole, Prisma } from "@sourcebot/db";
 import { LanguageModel } from "@sourcebot/schemas/v3/languageModel.type";
 import { Token } from "@sourcebot/schemas/v3/shared.type";
 import { loadConfig } from "@sourcebot/shared";
@@ -204,7 +204,7 @@ export const generateAndUpdateChatNameFromMessage = async ({ chatId, languageMod
                 });
             }
 
-            const { model } = await _getAISDKLanguageModelAndOptions(languageModelConfig, org.id);
+            const { model } = await _getAISDKLanguageModelAndOptions(languageModelConfig);
 
             const prompt = `Convert this question into a short topic title (max 50 characters). 
 
@@ -374,7 +374,7 @@ export const _getConfiguredLanguageModelsFull = async (): Promise<LanguageModel[
 }
 
 
-export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, orgId: number): Promise<{
+export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel): Promise<{
     model: AISDKLanguageModelV2,
     providerOptions?: Record<string, Record<string, JSONValue>>,
 }> => {
@@ -386,16 +386,16 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
                 baseURL: config.baseUrl,
                 region: config.region ?? env.AWS_REGION,
                 accessKeyId: config.accessKeyId
-                    ? await getTokenFromConfig(config.accessKeyId, orgId, prisma)
+                    ? await getTokenFromConfig(config.accessKeyId)
                     : env.AWS_ACCESS_KEY_ID,
                 secretAccessKey: config.accessKeySecret
-                    ? await getTokenFromConfig(config.accessKeySecret, orgId, prisma)
+                    ? await getTokenFromConfig(config.accessKeySecret)
                     : env.AWS_SECRET_ACCESS_KEY,
                 sessionToken: config.sessionToken
-                    ? await getTokenFromConfig(config.sessionToken, orgId, prisma)
+                    ? await getTokenFromConfig(config.sessionToken)
                     : env.AWS_SESSION_TOKEN,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
                 // Fallback to the default Node.js credential provider chain if no credentials are provided.
                 // See: https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-credential-providers/#fromnodeproviderchain
@@ -412,10 +412,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const anthropic = createAnthropic({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.ANTHROPIC_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -434,11 +434,11 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
         case 'azure': {
             const azure = createAzure({
                 baseURL: config.baseUrl,
-                apiKey: config.token ? (await getTokenFromConfig(config.token, orgId, prisma)) : env.AZURE_API_KEY,
+                apiKey: config.token ? (await getTokenFromConfig(config.token)) : env.AZURE_API_KEY,
                 apiVersion: config.apiVersion,
                 resourceName: config.resourceName ?? env.AZURE_RESOURCE_NAME,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -449,9 +449,9 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
         case 'deepseek': {
             const deepseek = createDeepSeek({
                 baseURL: config.baseUrl,
-                apiKey: config.token ? (await getTokenFromConfig(config.token, orgId, prisma)) : env.DEEPSEEK_API_KEY,
+                apiKey: config.token ? (await getTokenFromConfig(config.token)) : env.DEEPSEEK_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -463,10 +463,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const google = createGoogleGenerativeAI({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.GOOGLE_GENERATIVE_AI_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -480,11 +480,11 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
                 location: config.region ?? env.GOOGLE_VERTEX_REGION,
                 ...(config.credentials ? {
                     googleAuthOptions: {
-                        keyFilename: await getTokenFromConfig(config.credentials, orgId, prisma),
+                        keyFilename: await getTokenFromConfig(config.credentials),
                     }
                 } : {}),
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -506,11 +506,11 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
                 location: config.region ?? env.GOOGLE_VERTEX_REGION,
                 ...(config.credentials ? {
                     googleAuthOptions: {
-                        keyFilename: await getTokenFromConfig(config.credentials, orgId, prisma),
+                        keyFilename: await getTokenFromConfig(config.credentials),
                     }
                 } : {}),
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -522,10 +522,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const mistral = createMistral({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.MISTRAL_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -537,10 +537,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const openai = createOpenAI({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.OPENAI_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -558,13 +558,13 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
                 baseURL: config.baseUrl,
                 name: config.displayName ?? modelId,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : undefined,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
                 queryParams: config.queryParams
-                    ? await extractLanguageModelKeyValuePairs(config.queryParams, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.queryParams)
                     : undefined,
             });
 
@@ -585,10 +585,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const openrouter = createOpenRouter({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.OPENROUTER_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -600,10 +600,10 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
             const xai = createXai({
                 baseURL: config.baseUrl,
                 apiKey: config.token
-                    ? await getTokenFromConfig(config.token, orgId, prisma)
+                    ? await getTokenFromConfig(config.token)
                     : env.XAI_API_KEY,
                 headers: config.headers
-                    ? await extractLanguageModelKeyValuePairs(config.headers, orgId, prisma)
+                    ? await extractLanguageModelKeyValuePairs(config.headers)
                     : undefined,
             });
 
@@ -617,9 +617,7 @@ export const _getAISDKLanguageModelAndOptions = async (config: LanguageModel, or
 const extractLanguageModelKeyValuePairs = async (
     pairs: {
         [k: string]: string | Token;
-    },
-    orgId: number,
-    db: PrismaClient,
+    }
 ): Promise<Record<string, string>> => {
     const resolvedPairs: Record<string, string> = {};
 
@@ -633,7 +631,7 @@ const extractLanguageModelKeyValuePairs = async (
             continue;
         }
 
-        const value = await getTokenFromConfig(val, orgId, db);
+        const value = await getTokenFromConfig(val);
         resolvedPairs[key] = value;
     }
 
diff --git a/packages/web/src/lib/strings.ts b/packages/web/src/lib/strings.ts
deleted file mode 100644
index 9fbcfd47..00000000
--- a/packages/web/src/lib/strings.ts
+++ /dev/null
@@ -1,7 +0,0 @@
-
-export const strings = {
-    connectionConfigDescription: "Configure what repositories, organizations, users, etc. you want to sync with Sourcebot. Use the quick actions below to help you configure your connection.",
-    createSecretDescription: "Secrets are used to authenticate with the code host, allowing Sourcebot to access private repositories.",
-}
-
-export default strings;
diff --git a/schemas/v2/index.json b/schemas/v2/index.json
index 67334c2a..0c9a79a2 100644
--- a/schemas/v2/index.json
+++ b/schemas/v2/index.json
@@ -76,7 +76,6 @@
                     "$ref": "#/definitions/Token",
                     "description": "A Personal Access Token (PAT).",
                     "examples": [
-                        "secret-token",
                         { "env": "ENV_VAR_CONTAINING_TOKEN" }
                     ]
                 },
@@ -210,7 +209,6 @@
                     "$ref": "#/definitions/Token",
                     "description": "An authentication token.",
                     "examples": [
-                        "secret-token",
                         { "env": "ENV_VAR_CONTAINING_TOKEN" }
                     ]
                 },
@@ -332,7 +330,6 @@
                     "$ref": "#/definitions/Token",
                     "description": "An access token.",
                     "examples": [
-                        "secret-token",
                         { "env": "ENV_VAR_CONTAINING_TOKEN" }
                     ]
                 },
diff --git a/schemas/v3/azuredevops.json b/schemas/v3/azuredevops.json
index 6cc27833..573a7335 100644
--- a/schemas/v3/azuredevops.json
+++ b/schemas/v3/azuredevops.json
@@ -9,12 +9,7 @@
         },
         "token": {
             "$ref": "./shared.json#/definitions/Token",
-            "description": "A Personal Access Token (PAT).",
-            "examples": [
-                {
-                    "secret": "SECRET_KEY"
-                }
-            ]
+            "description": "A Personal Access Token (PAT)."
         },
         "url": {
             "type": "string",
diff --git a/schemas/v3/bitbucket.json b/schemas/v3/bitbucket.json
index be2fdda9..a980a17c 100644
--- a/schemas/v3/bitbucket.json
+++ b/schemas/v3/bitbucket.json
@@ -13,12 +13,7 @@
         },
         "token": {
             "$ref": "./shared.json#/definitions/Token",
-            "description": "An authentication token.",
-            "examples": [
-                {
-                    "secret": "SECRET_KEY"
-                }
-            ]
+            "description": "An authentication token."
         },
         "url": {
             "type": "string",
diff --git a/schemas/v3/gitea.json b/schemas/v3/gitea.json
index d5c87665..35f38fb1 100644
--- a/schemas/v3/gitea.json
+++ b/schemas/v3/gitea.json
@@ -9,12 +9,7 @@
         },
         "token": {
             "$ref": "./shared.json#/definitions/Token",
-            "description": "A Personal Access Token (PAT).",
-            "examples": [
-                {
-                    "secret": "SECRET_KEY"
-                }
-            ]
+            "description": "A Personal Access Token (PAT)."
         },
         "url": {
             "type": "string",
diff --git a/schemas/v3/github.json b/schemas/v3/github.json
index ec4a9f4f..c2002782 100644
--- a/schemas/v3/github.json
+++ b/schemas/v3/github.json
@@ -9,12 +9,7 @@
         },
         "token": {
             "$ref": "./shared.json#/definitions/Token",
-            "description": "A Personal Access Token (PAT).",
-            "examples": [
-                {
-                    "secret": "SECRET_KEY"
-                }
-            ]
+            "description": "A Personal Access Token (PAT)."
         },
         "url": {
             "type": "string",
diff --git a/schemas/v3/gitlab.json b/schemas/v3/gitlab.json
index ab5b4e62..9d3b1ca9 100644
--- a/schemas/v3/gitlab.json
+++ b/schemas/v3/gitlab.json
@@ -9,12 +9,7 @@
         },
         "token": {
             "$ref": "./shared.json#/definitions/Token",
-            "description": "An authentication token.",
-            "examples": [
-                {
-                    "secret": "SECRET_KEY"
-                }
-            ]
+            "description": "An authentication token."
         },
         "url": {
             "type": "string",
diff --git a/schemas/v3/shared.json b/schemas/v3/shared.json
index baa6dae8..a290edd1 100644
--- a/schemas/v3/shared.json
+++ b/schemas/v3/shared.json
@@ -4,19 +4,6 @@
     "definitions": {
         "Token": {
             "anyOf": [
-                {
-                    "type": "object",
-                    "properties": {
-                        "secret": {
-                            "type": "string",
-                            "description": "The name of the secret that contains the token."
-                        }
-                    },
-                    "required": [
-                        "secret"
-                    ],
-                    "additionalProperties": false
-                },
                 {
                     "type": "object",
                     "properties": {

From 43662bc6d17f944e418e5e41f52648597e43f822 Mon Sep 17 00:00:00 2001
From: msukkari <michael.sukkarieh@mail.mcgill.ca>
Date: Fri, 31 Oct 2025 13:51:42 -0700
Subject: [PATCH 3/3] changelog

---
 CHANGELOG.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d4cc114c..aa387fdc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed issue with GitHub app token tracking and refreshing. [#583](https://github.com/sourcebot-dev/sourcebot/pull/583)
 - Fixed "The account is already associated with another user" errors with GitLab oauth provider. [#584](https://github.com/sourcebot-dev/sourcebot/pull/584)
 
+## Removed
+- Removed built-in secret manager. [#592](https://github.com/sourcebot-dev/sourcebot/pull/592)
+
 ## [4.8.1] - 2025-10-29
 
 ### Fixed