diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7182481..dd1a5e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,19 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/) loos
 
 ## Unreleased
 
+## 2026.06.03.2136
+
+- Build produced from commit d9822aab7a4a.
+- **Resource CRUD expansion**: Added full Get/New/Update/Remove cmdlet families for Projects, Environments, Folders, and Tags (20 new cmdlets):
+  - Projects: `Get-InfisicalProjects`, `Get-InfisicalProject`, `New-InfisicalProject`, `Update-InfisicalProject`, `Remove-InfisicalProject`.
+  - Environments: `Get-InfisicalEnvironments`, `Get-InfisicalEnvironment`, `New-InfisicalEnvironment`, `Update-InfisicalEnvironment`, `Remove-InfisicalEnvironment`.
+  - Folders: `Get-InfisicalFolders`, `Get-InfisicalFolder`, `New-InfisicalFolder`, `Update-InfisicalFolder`, `Remove-InfisicalFolder`.
+  - Tags: `Get-InfisicalTags`, `Get-InfisicalTag`, `New-InfisicalTag`, `Update-InfisicalTag`, `Remove-InfisicalTag`.
+- **Secret mutation cmdlets**: Added `New-InfisicalSecret`, `Update-InfisicalSecret`, and `Remove-InfisicalSecret`; extended `InfisicalSecretsClient` with corresponding create/update/delete operations.
+- **Additional auth providers**: `Connect-Infisical` now supports JWT (`-Jwt -IdentityId`), OIDC (`-Jwt -IdentityId`), LDAP (`-Username -Password`), Azure (`-Jwt -IdentityId`), and GCP IAM (`-Jwt -IdentityId`) via dedicated parameter sets. Common identity-login flow is centralized in `IdentityLoginExecutor`.
+- Endpoint registry expanded with login routes (`/api/v1/auth/{jwt|oidc|ldap|azure|gcp}-auth/login`) and CRUD routes for projects (v2), environments, folders, tags, and secret mutations.
+- Test suite expanded to 139 passing tests, including mapper round-trips for projects/environments/folders/tags, secret mutation DTO shapes, and request-body validation for each new auth provider.
+
 ## 2026.06.03.0131
 
 - Build produced from commit 7be0b7b42008.
diff --git a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1 b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
index cd3acdd..3e80f15 100644
--- a/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
+++ b/Module/PSInfisicalAPI/PSInfisicalAPI.psd1
@@ -1,6 +1,6 @@
 @{
     RootModule           = 'PSInfisicalAPI.psm1'
-    ModuleVersion        = '2026.06.03.0131'
+    ModuleVersion        = '2026.06.03.2136'
     GUID                 = 'b8a2f3d4-7c51-4d2f-9e6a-1f0c8b3d4e51'
     Author               = 'Grace Solutions'
     CompanyName          = 'Grace Solutions'
@@ -14,8 +14,31 @@
         'Disconnect-Infisical',
         'Get-InfisicalSecrets',
         'Get-InfisicalSecret',
+        'New-InfisicalSecret',
+        'Update-InfisicalSecret',
+        'Remove-InfisicalSecret',
         'ConvertTo-InfisicalSecretDictionary',
-        'Export-InfisicalSecrets'
+        'Export-InfisicalSecrets',
+        'Get-InfisicalProjects',
+        'Get-InfisicalProject',
+        'New-InfisicalProject',
+        'Update-InfisicalProject',
+        'Remove-InfisicalProject',
+        'Get-InfisicalEnvironments',
+        'Get-InfisicalEnvironment',
+        'New-InfisicalEnvironment',
+        'Update-InfisicalEnvironment',
+        'Remove-InfisicalEnvironment',
+        'Get-InfisicalFolders',
+        'Get-InfisicalFolder',
+        'New-InfisicalFolder',
+        'Update-InfisicalFolder',
+        'Remove-InfisicalFolder',
+        'Get-InfisicalTags',
+        'Get-InfisicalTag',
+        'New-InfisicalTag',
+        'Update-InfisicalTag',
+        'Remove-InfisicalTag'
     )
     AliasesToExport      = @()
     VariablesToExport    = @()
@@ -27,7 +50,7 @@
             LicenseUri   = 'https://www.gnu.org/licenses/agpl-3.0.html'
             ProjectUri   = 'https://prod.git.gracesolution.info/gsadmin/PSInfisicalAPI'
             ReleaseNotes = 'See CHANGELOG.md in the project repository for release history.'
-            CommitHash   = '7be0b7b42008'
+            CommitHash   = 'd9822aab7a4a'
         }
     }
 }
\ No newline at end of file
diff --git a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll
index 0ba2ef8..72da4ed 100644
Binary files a/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll and b/Module/PSInfisicalAPI/bin/PSInfisicalAPI.dll differ
diff --git a/docs/DesignSpec.md b/docs/DesignSpec.md
index 030f81d..8b1a552 100644
--- a/docs/DesignSpec.md
+++ b/docs/DesignSpec.md
@@ -6,15 +6,38 @@
 
 The goal is to establish a strong, reusable, secure framework first, then initially implement secret retrieval and export workflows.
 
-Initial public cmdlets:
+Public cmdlets:
 
 ```powershell
 Connect-Infisical
 Disconnect-Infisical
 Get-InfisicalSecrets
 Get-InfisicalSecret
+New-InfisicalSecret
+Update-InfisicalSecret
+Remove-InfisicalSecret
 ConvertTo-InfisicalSecretDictionary
 Export-InfisicalSecrets
+Get-InfisicalProjects
+Get-InfisicalProject
+New-InfisicalProject
+Update-InfisicalProject
+Remove-InfisicalProject
+Get-InfisicalEnvironments
+Get-InfisicalEnvironment
+New-InfisicalEnvironment
+Update-InfisicalEnvironment
+Remove-InfisicalEnvironment
+Get-InfisicalFolders
+Get-InfisicalFolder
+New-InfisicalFolder
+Update-InfisicalFolder
+Remove-InfisicalFolder
+Get-InfisicalTags
+Get-InfisicalTag
+New-InfisicalTag
+Update-InfisicalTag
+Remove-InfisicalTag
 ```
 
 Infisical’s public API is REST-based and provides programmatic access for managing secrets and related resources. Current Infisical documentation shows the list-secrets endpoint under `/api/v4/secrets`, the single-secret retrieval endpoint under `/api/v4/secrets/{secretName}`, and Universal Auth login under `/api/v1/auth/universal-auth/login`. The implementation must centralize API endpoint definitions because Infisical uses different API versions across resource families. ([Infisical Blog][1])
@@ -198,8 +221,31 @@ Example shape:
         'Disconnect-Infisical',
         'Get-InfisicalSecrets',
         'Get-InfisicalSecret',
+        'New-InfisicalSecret',
+        'Update-InfisicalSecret',
+        'Remove-InfisicalSecret',
         'ConvertTo-InfisicalSecretDictionary',
-        'Export-InfisicalSecrets'
+        'Export-InfisicalSecrets',
+        'Get-InfisicalProjects',
+        'Get-InfisicalProject',
+        'New-InfisicalProject',
+        'Update-InfisicalProject',
+        'Remove-InfisicalProject',
+        'Get-InfisicalEnvironments',
+        'Get-InfisicalEnvironment',
+        'New-InfisicalEnvironment',
+        'Update-InfisicalEnvironment',
+        'Remove-InfisicalEnvironment',
+        'Get-InfisicalFolders',
+        'Get-InfisicalFolder',
+        'New-InfisicalFolder',
+        'Update-InfisicalFolder',
+        'Remove-InfisicalFolder',
+        'Get-InfisicalTags',
+        'Get-InfisicalTag',
+        'New-InfisicalTag',
+        'Update-InfisicalTag',
+        'Remove-InfisicalTag'
     )
     AliasesToExport = @()
     PrivateData = @{
@@ -698,29 +744,29 @@ Internal implementation must still use proper typed path handling.
 
 # 12. Authentication Design
 
-## 12.1 Supported Initial Auth Types
+## 12.1 Supported Auth Types
 
-Initial implementation:
+Currently implemented:
 
 ```text
 Universal Auth
 Token Auth
+JWT Auth
+OIDC Auth
+LDAP Auth
+Azure Auth
+GCP IAM Auth
 ```
 
-Infisical documents identity authentication modes such as Universal Auth and Token Auth for API access, and API interaction requires an access token. ([Infisical Blog][3])
+Each implemented provider is exposed as a dedicated `Connect-Infisical` parameter set. Identity-based providers (JWT, OIDC, Azure, GCP IAM) share a common login flow via `IdentityLoginExecutor` and POST to `/api/v1/auth/{provider}-auth/login`. Infisical documents identity authentication modes such as Universal Auth and Token Auth for API access, and API interaction requires an access token. ([Infisical Blog][3])
 
 ## 12.2 Future Auth Types
 
 Design must allow future support for:
 
 ```text
-AWS Auth
-Azure Auth
-GCP Auth
+AWS IAM Auth
 Kubernetes Auth
-OIDC Auth
-JWT Auth
-LDAP Auth
 TLS Certificate Auth
 Alibaba Cloud Auth
 OCI Auth