Add environment selector to move secrets modal

[tanujbhaud]

Description

This PR adds the ability to move secrets across different environments from the overview page's move secrets modal, completing the feature request in #2937.

Previously, the move secrets modal on the overview page only allowed moving secrets between folders within the same environment. This enhancement adds an environment selector dropdown, enabling users to move secrets to different environments as well.

Changes Made

• Added environment dropdown selector to the move secrets modal
• Updated destination environment logic to support cross-environment moves
• Modified folder search to only query the selected destination environment for better performance
• Enhanced move button validation to activate when either the secret path or environment changes

How It Works

1. User selects one or more secrets from the overview page
2. Clicks the "Move" button in the selection panel
3. In the modal, user can now:
   • Select a destination environment from the dropdown (defaults to first environment)
   • Choose a destination folder path
   • Toggle overwrite option for conflicting secrets
4. The move operation executes across environments and/or folders as specified

Technical Implementation

• Introduced destinationEnvironmentSlug state to track selected environment
• Updated useGetProjectSecretsQuickSearch to fetch folders only for the selected destination environment
• Modified destinationSelected validation to consider environment changes
• Updated the moveSecrets.mutateAsync call to use the selected destination environment

Testing

Manual testing performed:

• ✅ Moving secrets within same environment to different folder
• ✅ Moving secrets across environments to root path
• ✅ Moving secrets to different environment AND different folder simultaneously
• ✅ Folder selection properly disables the move button
• ✅ Results modal displays success/error status per environment

Closes #2937

---

PR Type

• Feature
• Bug fix
• Refactoring
• Documentation

Checklist

• I have read and agreed to the contributing guidelines
• The changes don't break existing code
• Manual testing completed successfully

[maidul98]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[greptile-apps]

Greptile Summary

This PR adds an environment selector dropdown to the move secrets modal on the overview page, enabling cross-environment secret moves. The implementation successfully adds the UI component and connects it to the existing move API.

Key Changes:

• Added environment dropdown selector with state management (destinationEnvironmentSlug)
• Modified folder search query to fetch only from selected destination environment
• Updated move operation to use selected destination environment instead of source environment
• Enhanced validation logic to activate move button when environment changes

Critical Issues Found:

• The destinationSelected validation logic (line 118-121) contains a bug where environments.some((env) => env.slug !== destinationEnvironmentSlug) will always return true in multi-environment projects, causing the move button to be enabled even when only selecting the same path and environment
• Permission checking only validates DELETE permissions on source environments but doesn't verify CREATE/EDIT permissions on the destination environment, potentially allowing unauthorized cross-environment moves (the backend may handle this, but frontend validation is inconsistent)
• The folderEnvironments variable now uses data queried from the destination environment, but is used to validate whether paths exist in source environments, causing incorrect "path does not exist" warnings

Confidence Score: 2/5

• This PR has critical logic bugs that break validation and permission checking for cross-environment moves
• Score reflects three significant logic errors: (1) broken validation logic that enables the move button incorrectly, (2) missing destination environment permission checks creating potential security gaps, and (3) incorrect folder existence validation using wrong environment data. These issues need resolution before merge.
• The MoveSecretsDialog.tsx file needs immediate attention to fix the validation logic bug on lines 118-121, add destination environment permission checks, and correct the folder environment validation logic

Important Files Changed

Filename	Overview
frontend/src/pages/secret-manager/OverviewPage/components/SelectionPanel/components/MoveSecretsDialog/MoveSecretsDialog.tsx	Added environment selector dropdown for cross-environment secret moves, with logic issues in permission checking and validation

[greptile-apps]

Additional Comments (4)

1. frontend/src/pages/secret-manager/OverviewPage/components/SelectionPanel/components/MoveSecretsDialog/MoveSecretsDialog.tsx, line 118-121 (link)

   logic: logic bug: condition always evaluates to true when changing environments

   environments.some((env) => env.slug !== destinationEnvironmentSlug) will always be true in multi-environment projects (all envs except the selected one will fail the check)

   actually, track whether the selected environment differs from the original first environment:

2. frontend/src/pages/secret-manager/OverviewPage/components/SelectionPanel/components/MoveSecretsDialog/MoveSecretsDialog.tsx, line 98-116 (link)

   logic: logic bug: permission check uses source environment but should check destination environment permissions

   The moveSecretsEligibility checks DELETE permissions on the source environment (line 107), which is correct for removing secrets. However, for cross-environment moves, the code doesn't verify CREATE permissions on the destinationEnvironmentSlug.

   When moving to a different environment, users need permission to create secrets in the destination. This security gap allows users to move secrets to environments where they lack write access. Should destination environment permissions be validated separately, or does the backend API handle this check?

3. frontend/src/pages/secret-manager/OverviewPage/components/SelectionPanel/components/MoveSecretsDialog/MoveSecretsDialog.tsx, line 96 (link)

   logic: logic bug: folderEnvironments calculated before destinationEnvironmentSlug is used in query

   The folderEnvironments depends on the folders data from useGetProjectSecretsQuickSearch (line 86-92), which now queries only the destinationEnvironmentSlug. However, folderEnvironments is used to check if paths exist in the SOURCE environments (line 112), not the destination.

   This causes incorrect "Secret path does not exist" warnings for source environments when the path exists in source but not in destination.

4. frontend/src/pages/secret-manager/OverviewPage/components/SelectionPanel/components/MoveSecretsDialog/MoveSecretsDialog.tsx, line 74-76 (link)

   style: initial state could be undefined

   If environments array is empty, destinationEnvironmentSlug will be an empty string. Consider handling this edge case or validating that environments exist before rendering the modal.

_{1 file reviewed, 4 comments}

_{Edit Code Review Agent Settings | Greptile}