diff --git a/messages/en-US.json b/messages/en-US.json
index 30f1f8eb..f8a1f973 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2235,7 +2235,6 @@
     "endpoint": "Endpoint",
     "Id": "Id",
     "SecretKey": "Secret Key",
-    "featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it.",
     "niceId": "Nice ID",
     "niceIdUpdated": "Nice ID Updated",
     "niceIdUpdatedSuccessfully": "Nice ID Updated Successfully",
diff --git a/server/db/pg/driver.ts b/server/db/pg/driver.ts
index 35378961..e0f08ee6 100644
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -73,7 +73,7 @@ function createDb() {
 
     return withReplicas(
         DrizzlePostgres(primaryPool, {
-            logger: process.env.QUERY_LOGGING === "true"
+            logger: process.env.QUERY_LOGGING == "true"
         }),
         replicas as any
     );
diff --git a/server/routers/olm/handleOlmPingMessage.ts b/server/routers/olm/handleOlmPingMessage.ts
index 632b0f3f..42b37940 100644
--- a/server/routers/olm/handleOlmPingMessage.ts
+++ b/server/routers/olm/handleOlmPingMessage.ts
@@ -136,7 +136,7 @@ export const handleOlmPingMessage: MessageHandler = async (context) => {
         const policyCheck = await checkOrgAccessPolicy({
             orgId: client.orgId,
             userId: olm.userId,
-            session: userToken // this is the user token passed in the message
+            sessionId: userToken // this is the user token passed in the message
         });
 
         if (!policyCheck.allowed) {
diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
index 2b30cbcf..cd7a308f 100644
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -97,7 +97,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
         const policyCheck = await checkOrgAccessPolicy({
             orgId: orgId,
             userId: olm.userId,
-            session: userToken // this is the user token passed in the message
+            sessionId: userToken // this is the user token passed in the message
         });
 
         if (!policyCheck.allowed) {
diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts
index f7fda549..857080b0 100644
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -2,6 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import {
     clientSiteResources,
+    clientSiteResourcesAssociationsCache,
     db,
     newts,
     roles,
@@ -321,7 +322,6 @@ export async function updateSiteResource(
                     );
                 }
 
-                let oldDestinationStillInUseByASite = false;
                 // Only update targets on newt if destination changed
                 if (destinationChanged) {
                     const oldTargets = generateSubnetProxyTargets(
@@ -337,12 +337,28 @@ export async function updateSiteResource(
                         oldTargets: oldTargets,
                         newTargets: newTargets
                     });
+                }
 
+                const olmJobs: Promise<void>[] = [];
+                for (const client of mergedAllClients) {
+                    // does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
+                    // todo: optimize this query if needed
                     const oldDestinationStillInUseSites = await trx
                         .select()
                         .from(siteResources)
+                        .innerJoin(
+                            clientSiteResourcesAssociationsCache,
+                            eq(
+                                clientSiteResourcesAssociationsCache.siteResourceId,
+                                siteResources.siteResourceId
+                            )
+                        )
                         .where(
                             and(
+                                eq(
+                                    clientSiteResourcesAssociationsCache.clientId,
+                                    client.clientId
+                                ),
                                 eq(siteResources.siteId, site.siteId),
                                 eq(
                                     siteResources.destination,
@@ -355,12 +371,9 @@ export async function updateSiteResource(
                             )
                         );
 
-                    oldDestinationStillInUseByASite =
+                    const oldDestinationStillInUseByASite =
                         oldDestinationStillInUseSites.length > 0;
-                }
 
-                const olmJobs: Promise<void>[] = [];
-                for (const client of mergedAllClients) {
                     // we also need to update the remote subnets on the olms for each client that has access to this site
                     olmJobs.push(
                         updatePeerData(
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index 115b1bd3..1dd626a8 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -25,7 +25,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
 import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { build } from "@server/build";
-import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger
+} from "@app/components/ui/tooltip";
+import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -36,7 +42,8 @@ export default function CredentialsPage() {
     const { remoteExitNode } = useRemoteExitNodeContext();
 
     const [modalOpen, setModalOpen] = useState(false);
-    const [credentials, setCredentials] = useState<PickRemoteExitNodeDefaultsResponse | null>(null);
+    const [credentials, setCredentials] =
+        useState<PickRemoteExitNodeDefaultsResponse | null>(null);
 
     const { licenseStatus, isUnlocked } = useLicenseStatusContext();
     const subscription = useSubscriptionStatusContext();
@@ -48,12 +55,10 @@ export default function CredentialsPage() {
         return isEnterpriseNotLicensed || isSaasNotSubscribed;
     };
 
-
     const handleConfirmRegenerate = async () => {
-
-        const response = await api.get<AxiosResponse<PickRemoteExitNodeDefaultsResponse>>(
-            `/org/${orgId}/pick-remote-exit-node-defaults`
-        );
+        const response = await api.get<
+            AxiosResponse<PickRemoteExitNodeDefaultsResponse>
+        >(`/org/${orgId}/pick-remote-exit-node-defaults`);
 
         const data = response.data.data;
         setCredentials(data);
@@ -62,7 +67,7 @@ export default function CredentialsPage() {
             `/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
             {
                 remoteExitNodeId: remoteExitNode.remoteExitNodeId,
-                secret: data.secret,
+                secret: data.secret
             }
         );
 
@@ -85,40 +90,29 @@ export default function CredentialsPage() {
     };
 
     return (
-        <SettingsContainer>
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>
-                        {t("generatedcredentials")}
-                    </SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t("regenerateCredentials")}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
+        <>
+            <SettingsContainer>
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("generatedcredentials")}
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            {t("regenerateCredentials")}
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
 
-                <SettingsSectionBody>
-                    <TooltipProvider>
-                        <Tooltip>
-                            <TooltipTrigger asChild>
-                                <div className="inline-block">
-                                    <Button
-                                        onClick={() => setModalOpen(true)}
-                                        disabled={isSecurityFeatureDisabled()}
-                                    >
-                                        {t("regeneratecredentials")}
-                                    </Button>
-                                </div>
-                            </TooltipTrigger>
-
-                            {isSecurityFeatureDisabled() && (
-                                <TooltipContent side="top">
-                                    {t("featureDisabledTooltip")}
-                                </TooltipContent>
-                            )}
-                        </Tooltip>
-                    </TooltipProvider>
-                </SettingsSectionBody>
-            </SettingsSection>
+                    <SettingsSectionBody>
+                        <SecurityFeaturesAlert />
+                        <Button
+                            onClick={() => setModalOpen(true)}
+                            disabled={isSecurityFeatureDisabled()}
+                        >
+                            {t("regeneratecredentials")}
+                        </Button>
+                    </SettingsSectionBody>
+                </SettingsSection>
+            </SettingsContainer>
 
             <RegenerateCredentialsModal
                 open={modalOpen}
@@ -128,6 +122,6 @@ export default function CredentialsPage() {
                 dashboardUrl={env.app.dashboardUrl}
                 credentials={getCredentials()}
             />
-        </SettingsContainer>
+        </>
     );
-}
\ No newline at end of file
+}
diff --git a/src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx
index 42120319..d228027a 100644
--- a/src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/machine/[clientId]/credentials/page.tsx
@@ -1,6 +1,7 @@
 "use client";
 
 import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
+import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
 import {
     SettingsContainer,
     SettingsSection,
@@ -84,40 +85,29 @@ export default function CredentialsPage() {
     };
 
     return (
-        <SettingsContainer>
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>
-                        {t("generatedcredentials")}
-                    </SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t("regenerateCredentials")}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
+        <>
+            <SettingsContainer>
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("generatedcredentials")}
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            {t("regenerateCredentials")}
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
 
-                <SettingsSectionBody>
-                    <TooltipProvider>
-                        <Tooltip>
-                            <TooltipTrigger asChild>
-                                <div className="inline-block">
-                                    <Button
-                                        onClick={() => setModalOpen(true)}
-                                        disabled={isSecurityFeatureDisabled()}
-                                    >
-                                        {t("regeneratecredentials")}
-                                    </Button>
-                                </div>
-                            </TooltipTrigger>
-
-                            {isSecurityFeatureDisabled() && (
-                                <TooltipContent side="top">
-                                    {t("featureDisabledTooltip")}
-                                </TooltipContent>
-                            )}
-                        </Tooltip>
-                    </TooltipProvider>
-                </SettingsSectionBody>
-            </SettingsSection>
+                    <SettingsSectionBody>
+                        <SecurityFeaturesAlert />
+                        <Button
+                            onClick={() => setModalOpen(true)}
+                            disabled={isSecurityFeatureDisabled()}
+                        >
+                            {t("regeneratecredentials")}
+                        </Button>
+                    </SettingsSectionBody>
+                </SettingsSection>
+            </SettingsContainer>
 
             <RegenerateCredentialsModal
                 open={modalOpen}
@@ -127,6 +117,6 @@ export default function CredentialsPage() {
                 dashboardUrl={env.app.dashboardUrl}
                 credentials={getCredentials()}
             />
-        </SettingsContainer>
+        </>
     );
 }
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 6dcee413..c6bf88a5 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -22,7 +22,13 @@ import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsMod
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
 import { build } from "@server/build";
-import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger
+} from "@app/components/ui/tooltip";
+import { SecurityFeaturesAlert } from "@app/components/SecurityFeaturesAlert";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -33,7 +39,8 @@ export default function CredentialsPage() {
     const { site } = useSiteContext();
 
     const [modalOpen, setModalOpen] = useState(false);
-    const [siteDefaults, setSiteDefaults] = useState<PickSiteDefaultsResponse | null>(null);
+    const [siteDefaults, setSiteDefaults] =
+        useState<PickSiteDefaultsResponse | null>(null);
     const [wgConfig, setWgConfig] = useState("");
     const [publicKey, setPublicKey] = useState("");
 
@@ -47,7 +54,6 @@ export default function CredentialsPage() {
         return isEnterpriseNotLicensed || isSaasNotSubscribed;
     };
 
-
     const hydrateWireGuardConfig = (
         privateKey: string,
         publicKey: string,
@@ -109,11 +115,14 @@ PersistentKeepalive = 5`;
                 const data = res.data.data;
                 setSiteDefaults(data);
 
-                await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
-                    type: "newt",
-                    newtId: data.newtId,
-                    newtSecret: data.newtSecret
-                });
+                await api.post(
+                    `/re-key/${site?.siteId}/regenerate-site-secret`,
+                    {
+                        type: "newt",
+                        newtId: data.newtId,
+                        newtSecret: data.newtSecret
+                    }
+                );
             }
         }
 
@@ -145,40 +154,30 @@ PersistentKeepalive = 5`;
     };
 
     return (
-        <SettingsContainer>
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>
-                        {t("generatedcredentials")}
-                    </SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t("regenerateCredentials")}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
+        <>
+            <SettingsContainer>
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("generatedcredentials")}
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            {t("regenerateCredentials")}
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
 
-                <SettingsSectionBody>
-                    <TooltipProvider>
-                        <Tooltip>
-                            <TooltipTrigger asChild>
-                                <div className="inline-block">
-                                    <Button
-                                        onClick={() => setModalOpen(true)}
-                                        disabled={isSecurityFeatureDisabled()}
-                                    >
-                                        {t("regeneratecredentials")}
-                                    </Button>
-                                </div>
-                            </TooltipTrigger>
+                    <SecurityFeaturesAlert />
 
-                            {isSecurityFeatureDisabled() && (
-                                <TooltipContent side="top">
-                                    {t("featureDisabledTooltip")}
-                                </TooltipContent>
-                            )}
-                        </Tooltip>
-                    </TooltipProvider>
-                </SettingsSectionBody>
-            </SettingsSection>
+                    <SettingsSectionBody>
+                        <Button
+                            onClick={() => setModalOpen(true)}
+                            disabled={isSecurityFeatureDisabled()}
+                        >
+                            {t("regeneratecredentials")}
+                        </Button>
+                    </SettingsSectionBody>
+                </SettingsSection>
+            </SettingsContainer>
 
             <RegenerateCredentialsModal
                 open={modalOpen}
@@ -188,6 +187,6 @@ PersistentKeepalive = 5`;
                 dashboardUrl={env.app.dashboardUrl}
                 credentials={getCredentials()}
             />
-        </SettingsContainer>
+        </>
     );
-}
\ No newline at end of file
+}