feat: updated types after latest rebase change

conf/example.yaml

@@ -308,9 +308,6 @@ user:
       allow_self: true
       # The duration within which a user can reset their password.
       max_token_lifetime: 6h
-    invite:
-      # The duration within which a user can accept their invite.
-      max_token_lifetime: 48h
   root:
     # Whether to enable the root user. When enabled, a root user is provisioned
     # on startup using the email and password below. The root user cannot be

deploy/docker-swarm/docker-compose.ha.yaml

@@ -190,7 +190,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.116.0
+    image: signoz/signoz:v0.115.0
     ports:
       - "8080:8080" # signoz port
     #   - "6060:6060"     # pprof port

deploy/docker-swarm/docker-compose.yaml

@@ -117,7 +117,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:v0.116.0
+    image: signoz/signoz:v0.115.0
     ports:
       - "8080:8080" # signoz port
     volumes:

deploy/docker/docker-compose.ha.yaml

@@ -181,7 +181,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.116.0}
+    image: signoz/signoz:${VERSION:-v0.115.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

deploy/docker/docker-compose.yaml

@@ -109,7 +109,7 @@ services:
       # - ../common/clickhouse/storage.xml:/etc/clickhouse-server/config.d/storage.xml
   signoz:
     !!merge <<: *db-depend
-    image: signoz/signoz:${VERSION:-v0.116.0}
+    image: signoz/signoz:${VERSION:-v0.115.0}
     container_name: signoz
     ports:
       - "8080:8080" # signoz port

frontend/package.json

@@ -136,6 +136,7 @@
     "react-full-screen": "1.1.1",
     "react-grid-layout": "^1.3.4",
     "react-helmet-async": "1.3.0",
+    "react-hook-form": "7.71.2",
     "react-i18next": "^11.16.1",
     "react-lottie": "1.2.10",
     "react-markdown": "8.0.7",

frontend/public/locales/en-GB/routes.json

@@ -15,5 +15,6 @@
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
 	"role_details": "Role Details",
-	"members": "Members"
+	"members": "Members",
+	"service_accounts": "Service Accounts"
 }

frontend/public/locales/en-GB/titles.json

@@ -50,5 +50,8 @@
 	"INFRASTRUCTURE_MONITORING_KUBERNETES": "SigNoz | Infra Monitoring",
 	"METER_EXPLORER": "SigNoz | Meter Explorer",
 	"METER_EXPLORER_VIEWS": "SigNoz | Meter Explorer Views",
-	"METER": "SigNoz | Meter"
+	"METER": "SigNoz | Meter",
+	"ROLES_SETTINGS": "SigNoz | Roles",
+	"MEMBERS_SETTINGS": "SigNoz | Members",
+	"SERVICE_ACCOUNTS_SETTINGS": "SigNoz | Service Accounts"
 }

frontend/public/locales/en/routes.json

@@ -15,5 +15,6 @@
 	"logs_to_metrics": "Logs To Metrics",
 	"roles": "Roles",
 	"role_details": "Role Details",
-	"members": "Members"
+	"members": "Members",
+	"service_accounts": "Service Accounts"
 }

frontend/public/locales/en/titles.json

@@ -75,5 +75,6 @@
 	"METER_EXPLORER_VIEWS": "SigNoz | Meter Explorer Views",
 	"METER": "SigNoz | Meter",
 	"ROLES_SETTINGS": "SigNoz | Roles",
-	"MEMBERS_SETTINGS": "SigNoz | Members"
+	"MEMBERS_SETTINGS": "SigNoz | Members",
+	"SERVICE_ACCOUNTS_SETTINGS": "SigNoz | Service Accounts"
 }

frontend/src/components/AnnouncementBanner/AnnouncementBanner.styles.scss

@@ -0,0 +1,97 @@
+.announcement-banner {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	gap: var(--spacing-4);
+	padding: var(--padding-2) var(--padding-4);
+	height: 40px;
+	font-family: var(--font-sans), sans-serif;
+	font-size: var(--label-base-500-font-size);
+	line-height: var(--label-base-500-line-height);
+	font-weight: var(--label-base-500-font-weight);
+	letter-spacing: -0.065px;
+
+	&--warning {
+		background-color: var(--callout-warning-background);
+		color: var(--callout-warning-description);
+		.announcement-banner__action,
+		.announcement-banner__dismiss {
+			background: var(--callout-warning-border);
+		}
+	}
+
+	&--info {
+		background-color: var(--callout-primary-background);
+		color: var(--callout-primary-description);
+		.announcement-banner__action,
+		.announcement-banner__dismiss {
+			background: var(--callout-primary-border);
+		}
+	}
+
+	&--error {
+		background-color: var(--callout-error-background);
+		color: var(--callout-error-description);
+		.announcement-banner__action,
+		.announcement-banner__dismiss {
+			background: var(--callout-error-border);
+		}
+	}
+
+	&--success {
+		background-color: var(--callout-success-background);
+		color: var(--callout-success-description);
+		.announcement-banner__action,
+		.announcement-banner__dismiss {
+			background: var(--callout-success-border);
+		}
+	}
+
+	&__body {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-4);
+		flex: 1;
+		min-width: 0;
+	}
+
+	&__icon {
+		display: flex;
+		align-items: center;
+		flex-shrink: 0;
+	}
+
+	&__message {
+		flex: 1;
+		min-width: 0;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		white-space: nowrap;
+		line-height: var(--line-height-normal);
+
+		strong {
+			font-weight: var(--font-weight-semibold);
+		}
+	}
+
+	&__action {
+		height: 24px;
+		font-size: var(--label-small-500-font-size);
+		color: currentColor;
+
+		&:hover {
+			opacity: 0.8;
+		}
+	}
+
+	&__dismiss {
+		width: 24px;
+		height: 24px;
+		padding: 0;
+		color: currentColor;
+
+		&:hover {
+			opacity: 0.8;
+		}
+	}
+}

frontend/src/components/AnnouncementBanner/AnnouncementBanner.test.tsx

@@ -0,0 +1,89 @@
+import { render, screen, userEvent } from 'tests/test-utils';
+
+import {
+	AnnouncementBanner,
+	AnnouncementBannerProps,
+	PersistedAnnouncementBanner,
+} from './index';
+
+const STORAGE_KEY = 'test-banner-dismissed';
+
+function renderBanner(props: Partial<AnnouncementBannerProps> = {}): void {
+	render(<AnnouncementBanner message="Test message" {...props} />);
+}
+
+afterEach(() => {
+	localStorage.removeItem(STORAGE_KEY);
+});
+
+describe('AnnouncementBanner', () => {
+	it('renders message and default warning variant', () => {
+		renderBanner({ message: <strong>Heads up</strong> });
+
+		const alert = screen.getByRole('alert');
+		expect(alert).toHaveClass('announcement-banner--warning');
+		expect(alert).toHaveTextContent('Heads up');
+	});
+
+	it.each(['warning', 'info', 'success', 'error'] as const)(
+		'renders %s variant correctly',
+		(type) => {
+			renderBanner({ type, message: 'Test message' });
+			const alert = screen.getByRole('alert');
+			expect(alert).toHaveClass(`announcement-banner--${type}`);
+		},
+	);
+
+	it('calls action onClick when action button is clicked', async () => {
+		const onClick = jest.fn() as jest.MockedFunction<() => void>;
+		renderBanner({ action: { label: 'Go to Settings', onClick } });
+
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		await user.click(screen.getByRole('button', { name: /go to settings/i }));
+
+		expect(onClick).toHaveBeenCalledTimes(1);
+	});
+
+	it('hides dismiss button when onClose is not provided and hides icon when icon is null', () => {
+		renderBanner({ onClose: undefined, icon: null });
+
+		expect(
+			screen.queryByRole('button', { name: /dismiss/i }),
+		).not.toBeInTheDocument();
+		expect(
+			screen.queryByRole('alert')?.querySelector('.announcement-banner__icon'),
+		).not.toBeInTheDocument();
+	});
+});
+
+describe('PersistedAnnouncementBanner', () => {
+	it('dismisses on click, calls onDismiss, and persists to localStorage', async () => {
+		const onDismiss = jest.fn() as jest.MockedFunction<() => void>;
+		render(
+			<PersistedAnnouncementBanner
+				message="Test message"
+				storageKey={STORAGE_KEY}
+				onDismiss={onDismiss}
+			/>,
+		);
+
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		await user.click(screen.getByRole('button', { name: /dismiss/i }));
+
+		expect(screen.queryByRole('alert')).not.toBeInTheDocument();
+		expect(onDismiss).toHaveBeenCalledTimes(1);
+		expect(localStorage.getItem(STORAGE_KEY)).toBe('true');
+	});
+
+	it('does not render when storageKey is already set in localStorage', () => {
+		localStorage.setItem(STORAGE_KEY, 'true');
+		render(
+			<PersistedAnnouncementBanner
+				message="Test message"
+				storageKey={STORAGE_KEY}
+			/>,
+		);
+
+		expect(screen.queryByRole('alert')).not.toBeInTheDocument();
+	});
+});

frontend/src/components/AnnouncementBanner/AnnouncementBanner.tsx

@@ -0,0 +1,84 @@
+import { ReactNode } from 'react';
+import { Button } from '@signozhq/button';
+import {
+	CircleAlert,
+	CircleCheckBig,
+	Info,
+	TriangleAlert,
+	X,
+} from '@signozhq/icons';
+import cx from 'classnames';
+
+import './AnnouncementBanner.styles.scss';
+
+export type AnnouncementBannerType = 'warning' | 'info' | 'error' | 'success';
+
+export interface AnnouncementBannerAction {
+	label: string;
+	onClick: () => void;
+}
+
+export interface AnnouncementBannerProps {
+	message: ReactNode;
+	type?: AnnouncementBannerType;
+	icon?: ReactNode | null;
+	action?: AnnouncementBannerAction;
+	onClose?: () => void;
+	className?: string;
+}
+
+const DEFAULT_ICONS: Record<AnnouncementBannerType, ReactNode> = {
+	warning: <TriangleAlert size={14} />,
+	info: <Info size={14} />,
+	error: <CircleAlert size={14} />,
+	success: <CircleCheckBig size={14} />,
+};
+
+export default function AnnouncementBanner({
+	message,
+	type = 'warning',
+	icon,
+	action,
+	onClose,
+	className,
+}: AnnouncementBannerProps): JSX.Element {
+	const resolvedIcon = icon === null ? null : icon ?? DEFAULT_ICONS[type];
+
+	return (
+		<div
+			role="alert"
+			className={cx(
+				'announcement-banner',
+				`announcement-banner--${type}`,
+				className,
+			)}
+		>
+			<div className="announcement-banner__body">
+				{resolvedIcon && (
+					<span className="announcement-banner__icon">{resolvedIcon}</span>
+				)}
+				<span className="announcement-banner__message">{message}</span>
+				{action && (
+					<Button
+						type="button"
+						className="announcement-banner__action"
+						onClick={action.onClick}
+					>
+						{action.label}
+					</Button>
+				)}
+			</div>
+
+			{onClose && (
+				<Button
+					type="button"
+					aria-label="Dismiss"
+					className="announcement-banner__dismiss"
+					onClick={onClose}
+				>
+					<X size={14} />
+				</Button>
+			)}
+		</div>
+	);
+}

frontend/src/components/AnnouncementBanner/PersistedAnnouncementBanner.tsx

@@ -0,0 +1,34 @@
+import { useState } from 'react';
+
+import AnnouncementBanner, {
+	AnnouncementBannerProps,
+} from './AnnouncementBanner';
+
+interface PersistedAnnouncementBannerProps extends AnnouncementBannerProps {
+	storageKey: string;
+	onDismiss?: () => void;
+}
+
+function isDismissed(storageKey: string): boolean {
+	return localStorage.getItem(storageKey) === 'true';
+}
+
+export default function PersistedAnnouncementBanner({
+	storageKey,
+	onDismiss,
+	...props
+}: PersistedAnnouncementBannerProps): JSX.Element | null {
+	const [visible, setVisible] = useState(() => !isDismissed(storageKey));
+
+	if (!visible) {
+		return null;
+	}
+
+	const handleClose = (): void => {
+		localStorage.setItem(storageKey, 'true');
+		setVisible(false);
+		onDismiss?.();
+	};
+
+	return <AnnouncementBanner {...props} onClose={handleClose} />;
+}

frontend/src/components/AnnouncementBanner/index.ts

@@ -0,0 +1,12 @@
+import AnnouncementBanner from './AnnouncementBanner';
+import PersistedAnnouncementBanner from './PersistedAnnouncementBanner';
+
+export type {
+	AnnouncementBannerAction,
+	AnnouncementBannerProps,
+	AnnouncementBannerType,
+} from './AnnouncementBanner';
+
+export { AnnouncementBanner, PersistedAnnouncementBanner };
+
+export default AnnouncementBanner;

frontend/src/components/CreateServiceAccountModal/CreateServiceAccountModal.styles.scss

@@ -0,0 +1,106 @@
+.create-sa-modal {
+	max-width: 530px;
+	background: var(--popover);
+	border: 1px solid var(--secondary);
+	border-radius: 4px;
+	box-shadow: 0 4px 9px 0 rgba(0, 0, 0, 0.04);
+
+	[data-slot='dialog-header'] {
+		padding: var(--padding-4);
+		border-bottom: 1px solid var(--secondary);
+		flex-shrink: 0;
+		background: transparent;
+		margin: 0;
+	}
+
+	[data-slot='dialog-title'] {
+		font-size: var(--label-base-400-font-size);
+		font-weight: var(--label-base-400-font-weight);
+		line-height: var(--label-base-400-line-height);
+		letter-spacing: -0.065px;
+		color: var(--bg-base-white);
+		margin: 0;
+	}
+
+	[data-slot='dialog-description'] {
+		padding: 0;
+
+		.create-sa-modal__content {
+			padding: var(--padding-4);
+		}
+	}
+}
+
+.create-sa-form {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-2);
+
+	&__item {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-1);
+		margin-bottom: var(--spacing-4);
+
+		> label {
+			font-size: var(--paragraph-base-400-font-size);
+			font-weight: var(--paragraph-base-400-font-weight);
+			color: var(--foreground);
+			letter-spacing: -0.07px;
+		}
+	}
+
+	&__input {
+		height: 32px;
+		color: var(--l1-foreground);
+		background-color: var(--l2-background);
+		border-color: var(--border);
+		font-size: var(--paragraph-base-400-font-size);
+		border-radius: 2px;
+		width: 100%;
+
+		&::placeholder {
+			color: var(--l3-foreground);
+		}
+
+		&:focus {
+			border-color: var(--primary);
+			box-shadow: none;
+		}
+	}
+
+	&__error {
+		font-size: var(--paragraph-small-400-font-size);
+		color: var(--destructive);
+		line-height: var(--paragraph-small-400-line-height);
+		margin: 0;
+	}
+
+	&__helper {
+		font-size: var(--paragraph-small-400-font-size);
+		color: var(--l3-foreground);
+		margin: calc(var(--spacing-2) * -1) 0 var(--spacing-4) 0;
+		line-height: var(--paragraph-small-400-line-height);
+	}
+}
+
+.create-sa-modal__footer {
+	display: flex;
+	flex-direction: row;
+	align-items: center;
+	justify-content: flex-end;
+	padding: 0 var(--padding-4);
+	height: 56px;
+	min-height: 56px;
+	border-top: 1px solid var(--secondary);
+	gap: var(--spacing-4);
+	flex-shrink: 0;
+}
+
+.lightMode {
+	.create-sa-modal {
+		[data-slot='dialog-title'] {
+			color: var(--bg-base-black);
+		}
+	}
+}

frontend/src/components/CreateServiceAccountModal/CreateServiceAccountModal.tsx

@@ -0,0 +1,228 @@
+import { Controller, useForm } from 'react-hook-form';
+import { useQueryClient } from 'react-query';
+import { Button } from '@signozhq/button';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { X } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import { toast } from '@signozhq/sonner';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	invalidateListServiceAccounts,
+	useCreateServiceAccount,
+} from 'api/generated/services/serviceaccount';
+import type { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import RolesSelect, { useRoles } from 'components/RolesSelect';
+import { parseAsBoolean, useQueryState } from 'nuqs';
+import { EMAIL_REGEX } from 'utils/app';
+
+import './CreateServiceAccountModal.styles.scss';
+
+interface FormValues {
+	name: string;
+	email: string;
+	roles: string[];
+}
+
+function CreateServiceAccountModal(): JSX.Element {
+	const queryClient = useQueryClient();
+	const [isOpen, setIsOpen] = useQueryState(
+		'create-sa',
+		parseAsBoolean.withDefault(false),
+	);
+
+	const {
+		control,
+		handleSubmit,
+		reset,
+		formState: { isValid, errors },
+	} = useForm<FormValues>({
+		mode: 'onChange',
+		defaultValues: {
+			name: '',
+			email: '',
+			roles: [],
+		},
+	});
+
+	const {
+		mutate: createServiceAccount,
+		isLoading: isSubmitting,
+	} = useCreateServiceAccount({
+		mutation: {
+			onSuccess: () => {
+				toast.success('Service account created successfully', {
+					richColors: true,
+				});
+				reset();
+				void setIsOpen(null);
+				void invalidateListServiceAccounts(queryClient);
+			},
+			onError: (err) => {
+				const errMessage =
+					convertToApiError(
+						err as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'An error occurred';
+				toast.error(`Failed to create service account: ${errMessage}`, {
+					richColors: true,
+				});
+			},
+		},
+	});
+	const {
+		roles,
+		isLoading: rolesLoading,
+		isError: rolesError,
+		error: rolesErrorObj,
+		refetch: refetchRoles,
+	} = useRoles();
+
+	function handleClose(): void {
+		reset();
+		void setIsOpen(null);
+	}
+
+	function handleCreate(values: FormValues): void {
+		createServiceAccount({
+			data: {
+				name: values.name.trim(),
+				email: values.email.trim(),
+				roles: values.roles,
+			},
+		});
+	}
+
+	return (
+		<DialogWrapper
+			title="New Service Account"
+			open={isOpen}
+			onOpenChange={(open): void => {
+				if (!open) {
+					handleClose();
+				}
+			}}
+			showCloseButton
+			width="narrow"
+			className="create-sa-modal"
+			disableOutsideClick={false}
+		>
+			<div className="create-sa-modal__content">
+				<form className="create-sa-form">
+					<div className="create-sa-form__item">
+						<label htmlFor="sa-name">Name</label>
+						<Controller
+							name="name"
+							control={control}
+							rules={{ required: 'Name is required' }}
+							render={({ field }): JSX.Element => (
+								<Input
+									id="sa-name"
+									placeholder="Enter a name"
+									className="create-sa-form__input"
+									value={field.value}
+									onChange={field.onChange}
+									onBlur={field.onBlur}
+								/>
+							)}
+						/>
+						{errors.name && (
+							<p className="create-sa-form__error">{errors.name.message}</p>
+						)}
+					</div>
+
+					<div className="create-sa-form__item">
+						<label htmlFor="sa-email">Email Address</label>
+						<Controller
+							name="email"
+							control={control}
+							rules={{
+								required: 'Email Address is required',
+								pattern: {
+									value: EMAIL_REGEX,
+									message: 'Please enter a valid email address',
+								},
+							}}
+							render={({ field }): JSX.Element => (
+								<Input
+									id="sa-email"
+									type="email"
+									placeholder="email@example.com"
+									className="create-sa-form__input"
+									value={field.value}
+									onChange={field.onChange}
+									onBlur={field.onBlur}
+								/>
+							)}
+						/>
+						{errors.email && (
+							<p className="create-sa-form__error">{errors.email.message}</p>
+						)}
+					</div>
+					<p className="create-sa-form__helper">
+						Used only for notifications about this service account. It is not used for
+						authentication.
+					</p>
+
+					<div className="create-sa-form__item">
+						<label htmlFor="sa-roles">Roles</label>
+						<Controller
+							name="roles"
+							control={control}
+							rules={{
+								validate: (value): string | true =>
+									value.length > 0 || 'At least one role is required',
+							}}
+							render={({ field }): JSX.Element => (
+								<RolesSelect
+									id="sa-roles"
+									mode="multiple"
+									roles={roles}
+									loading={rolesLoading}
+									isError={rolesError}
+									error={rolesErrorObj}
+									onRefetch={refetchRoles}
+									placeholder="Select roles"
+									value={field.value}
+									onChange={field.onChange}
+									getPopupContainer={(triggerNode): HTMLElement =>
+										(triggerNode?.closest('.create-sa-modal') as HTMLElement) ||
+										document.body
+									}
+								/>
+							)}
+						/>
+						{errors.roles && (
+							<p className="create-sa-form__error">{errors.roles.message}</p>
+						)}
+					</div>
+				</form>
+			</div>
+
+			<DialogFooter className="create-sa-modal__footer">
+				<Button
+					type="button"
+					variant="solid"
+					color="secondary"
+					size="sm"
+					onClick={handleClose}
+				>
+					<X size={12} />
+					Cancel
+				</Button>
+
+				<Button
+					variant="solid"
+					color="primary"
+					size="sm"
+					onClick={handleSubmit(handleCreate)}
+					loading={isSubmitting}
+					disabled={!isValid}
+				>
+					Create Service Account
+				</Button>
+			</DialogFooter>
+		</DialogWrapper>
+	);
+}
+
+export default CreateServiceAccountModal;

frontend/src/components/CreateServiceAccountModal/__tests__/CreateServiceAccountModal.test.tsx

@@ -0,0 +1,179 @@
+import { toast } from '@signozhq/sonner';
+import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import CreateServiceAccountModal from '../CreateServiceAccountModal';
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+const mockToast = jest.mocked(toast);
+
+const ROLES_ENDPOINT = '*/api/v1/roles';
+const SERVICE_ACCOUNTS_ENDPOINT = '*/api/v1/service_accounts';
+
+function renderModal(): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter searchParams={{ 'create-sa': 'true' }} hasMemory>
+			<CreateServiceAccountModal />
+		</NuqsTestingAdapter>,
+	);
+}
+
+describe('CreateServiceAccountModal', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+			rest.post(SERVICE_ACCOUNTS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(201), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('submit button is disabled when form is empty', () => {
+		renderModal();
+
+		expect(
+			screen.getByRole('button', { name: /Create Service Account/i }),
+		).toBeDisabled();
+	});
+
+	it('submit button remains disabled when email is invalid', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await user.type(screen.getByPlaceholderText('Enter a name'), 'My Bot');
+		await user.type(
+			screen.getByPlaceholderText('email@example.com'),
+			'not-an-email',
+		);
+
+		await user.click(screen.getByText('Select roles'));
+		await user.click(await screen.findByTitle('signoz-admin'));
+
+		await waitFor(() =>
+			expect(
+				screen.getByRole('button', { name: /Create Service Account/i }),
+			).toBeDisabled(),
+		);
+	});
+
+	it('successful submit shows toast.success and closes modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await user.type(screen.getByPlaceholderText('Enter a name'), 'Deploy Bot');
+		await user.type(
+			screen.getByPlaceholderText('email@example.com'),
+			'deploy@acme.io',
+		);
+
+		await user.click(screen.getByText('Select roles'));
+		await user.click(await screen.findByTitle('signoz-admin'));
+
+		const submitBtn = screen.getByRole('button', {
+			name: /Create Service Account/i,
+		});
+		await waitFor(() => expect(submitBtn).not.toBeDisabled());
+		await user.click(submitBtn);
+
+		await waitFor(() => {
+			expect(mockToast.success).toHaveBeenCalledWith(
+				'Service account created successfully',
+				expect.anything(),
+			);
+		});
+
+		await waitFor(() => {
+			expect(
+				screen.queryByRole('dialog', { name: /New Service Account/i }),
+			).not.toBeInTheDocument();
+		});
+	});
+
+	it('shows toast.error on API error and keeps modal open', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.post(SERVICE_ACCOUNTS_ENDPOINT, (_, res, ctx) =>
+				res(
+					ctx.status(500),
+					ctx.json({ status: 'error', error: 'Internal Server Error' }),
+				),
+			),
+		);
+
+		renderModal();
+
+		await user.type(screen.getByPlaceholderText('Enter a name'), 'Dupe Bot');
+		await user.type(
+			screen.getByPlaceholderText('email@example.com'),
+			'dupe@acme.io',
+		);
+
+		await user.click(screen.getByText('Select roles'));
+		await user.click(await screen.findByTitle('signoz-admin'));
+
+		const submitBtn = screen.getByRole('button', {
+			name: /Create Service Account/i,
+		});
+		await waitFor(() => expect(submitBtn).not.toBeDisabled());
+		await user.click(submitBtn);
+
+		await waitFor(() => {
+			expect(mockToast.error).toHaveBeenCalledWith(
+				expect.stringMatching(/Failed to create service account/i),
+				expect.anything(),
+			);
+		});
+
+		expect(
+			screen.getByRole('dialog', { name: /New Service Account/i }),
+		).toBeInTheDocument();
+	});
+
+	it('Cancel button closes modal without submitting', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await screen.findByRole('dialog', { name: /New Service Account/i });
+		await user.click(screen.getByRole('button', { name: /Cancel/i }));
+
+		expect(
+			screen.queryByRole('dialog', { name: /New Service Account/i }),
+		).not.toBeInTheDocument();
+	});
+
+	it('shows "Name is required" after clearing the name field', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		const nameInput = screen.getByPlaceholderText('Enter a name');
+		await user.type(nameInput, 'Bot');
+		await user.clear(nameInput);
+
+		await screen.findByText('Name is required');
+	});
+
+	it('shows "Please enter a valid email address" for a malformed email', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await user.type(
+			screen.getByPlaceholderText('email@example.com'),
+			'not-an-email',
+		);
+
+		await screen.findByText('Please enter a valid email address');
+	});
+});

frontend/src/components/InviteMembersModal/InviteMembersModal.tsx

@@ -254,6 +254,8 @@ function InviteMembersModal({
 											value={row.email}
 											onChange={(e): void => updateEmail(row.id, e.target.value)}
 											className="team-member-email-input"
+											name={`invite-email-${row.id}`}
+											autoComplete="email"
 										/>
 										{emailValidity[row.id] === false && row.email.trim() !== '' && (
 											<span className="email-error-message">Invalid email address</span>

frontend/src/components/MembersTable/MembersTable.styles.scss

@@ -162,7 +162,7 @@
 		font-weight: var(--paragraph-base-400-font-weight);
 		color: var(--foreground);
 		margin: 0;
-		line-height: var(--paragraph-base-400-font-height);
+		line-height: var(--paragraph-base-400-line-height);
 
 		strong {
 			font-weight: var(--font-weight-medium);

frontend/src/components/RolesSelect/RolesSelect.styles.scss

@@ -0,0 +1,90 @@
+.roles-select {
+	width: 100%;
+
+	// todo: styles should easeup once upgrade to select from periscope
+	.ant-select-selector {
+		min-height: 32px;
+		background-color: var(--l2-background) !important;
+		border: 1px solid var(--border) !important;
+		border-radius: 2px;
+		padding: 2px var(--padding-2) !important;
+		display: flex;
+		align-items: center;
+		flex-wrap: wrap;
+	}
+
+	.ant-select-selection-overflow {
+		display: flex;
+		flex-wrap: wrap;
+		align-items: center;
+		gap: var(--spacing-1);
+		padding: 2px 0;
+	}
+
+	.ant-select-selection-overflow-item {
+		display: flex;
+		align-items: center;
+	}
+
+	.ant-select-selection-item {
+		display: flex;
+		align-items: center;
+		height: 22px;
+		font-size: var(--font-size-sm);
+		color: var(--l1-foreground);
+		background: var(--l3-background);
+		border: 1px solid var(--border);
+		border-radius: 2px;
+		padding: 0 var(--padding-1) 0 6px;
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+		margin: 0;
+	}
+
+	.ant-select-selection-item-remove {
+		display: flex;
+		align-items: center;
+		color: var(--foreground);
+		margin-left: 2px;
+	}
+
+	.ant-select-selection-placeholder {
+		font-size: var(--font-size-sm);
+		color: var(--l3-foreground);
+	}
+
+	.ant-select-arrow {
+		color: var(--foreground);
+	}
+
+	&.ant-select-focused .ant-select-selector,
+	&:not(.ant-select-disabled):hover .ant-select-selector {
+		border-color: var(--primary) !important;
+	}
+}
+
+.roles-select-error {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	gap: var(--spacing-3);
+	padding: var(--padding-1) var(--padding-2);
+	color: var(--destructive);
+	font-size: var(--font-size-xs);
+
+	&__msg {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-3);
+	}
+
+	&__retry-btn {
+		display: flex;
+		align-items: center;
+		background: none;
+		border: none;
+		cursor: pointer;
+		padding: 2px;
+		color: var(--destructive);
+	}
+}

frontend/src/components/RolesSelect/RolesSelect.tsx

@@ -0,0 +1,172 @@
+import { CircleAlert, RefreshCw } from '@signozhq/icons';
+import { Checkbox, Select } from 'antd';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import { useListRoles } from 'api/generated/services/role';
+import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import cx from 'classnames';
+import APIError from 'types/api/error';
+
+import './RolesSelect.styles.scss';
+
+export interface RoleOption {
+	label: string;
+	value: string;
+}
+
+export function useRoles(): {
+	roles: AuthtypesRoleDTO[];
+	isLoading: boolean;
+	isError: boolean;
+	error: APIError | undefined;
+	refetch: () => void;
+} {
+	const { data, isLoading, isError, error, refetch } = useListRoles();
+	return {
+		roles: data?.data ?? [],
+		isLoading,
+		isError,
+		error: convertToApiError(error),
+		refetch,
+	};
+}
+
+export function getRoleOptions(roles: AuthtypesRoleDTO[]): RoleOption[] {
+	return roles.map((role) => ({
+		label: role.name ?? '',
+		value: role.name ?? '',
+	}));
+}
+
+function ErrorContent({
+	error,
+	onRefetch,
+}: {
+	error?: APIError;
+	onRefetch?: () => void;
+}): JSX.Element {
+	const errorMessage = error?.message || 'Failed to load roles';
+
+	return (
+		<div className="roles-select-error">
+			<span className="roles-select-error__msg">
+				<CircleAlert size={12} />
+				{errorMessage}
+			</span>
+			{onRefetch && (
+				<button
+					type="button"
+					onClick={(e): void => {
+						e.stopPropagation();
+						onRefetch();
+					}}
+					className="roles-select-error__retry-btn"
+					title="Retry"
+				>
+					<RefreshCw size={12} />
+				</button>
+			)}
+		</div>
+	);
+}
+
+interface BaseProps {
+	id?: string;
+	placeholder?: string;
+	className?: string;
+	getPopupContainer?: (trigger: HTMLElement) => HTMLElement;
+	roles?: AuthtypesRoleDTO[];
+	loading?: boolean;
+	isError?: boolean;
+	error?: APIError;
+	onRefetch?: () => void;
+}
+
+interface SingleProps extends BaseProps {
+	mode?: 'single';
+	value?: string;
+	onChange?: (role: string) => void;
+}
+
+interface MultipleProps extends BaseProps {
+	mode: 'multiple';
+	value?: string[];
+	onChange?: (roles: string[]) => void;
+}
+
+export type RolesSelectProps = SingleProps | MultipleProps;
+
+function RolesSelect(props: RolesSelectProps): JSX.Element {
+	const externalRoles = props.roles;
+
+	const {
+		data,
+		isLoading: internalLoading,
+		isError: internalError,
+		error: internalErrorObj,
+		refetch: internalRefetch,
+	} = useListRoles({
+		query: { enabled: externalRoles === undefined },
+	});
+
+	const roles = externalRoles ?? data?.data ?? [];
+	const options = getRoleOptions(roles);
+
+	const {
+		mode,
+		id,
+		placeholder = 'Select role',
+		className,
+		getPopupContainer,
+		loading = internalLoading,
+		isError = internalError,
+		error = convertToApiError(internalErrorObj),
+		onRefetch = externalRoles === undefined ? internalRefetch : undefined,
+	} = props;
+
+	const notFoundContent = isError ? (
+		<ErrorContent error={error} onRefetch={onRefetch} />
+	) : undefined;
+
+	if (mode === 'multiple') {
+		const { value = [], onChange } = props as MultipleProps;
+		return (
+			<Select
+				id={id}
+				mode="multiple"
+				value={value}
+				onChange={onChange}
+				placeholder={placeholder}
+				className={cx('roles-select', className)}
+				loading={loading}
+				notFoundContent={notFoundContent}
+				options={options}
+				optionRender={(option): JSX.Element => (
+					<Checkbox
+						checked={value.includes(option.value as string)}
+						style={{ pointerEvents: 'none' }}
+					>
+						{option.label}
+					</Checkbox>
+				)}
+				getPopupContainer={getPopupContainer}
+			/>
+		);
+	}
+
+	const { value, onChange } = props as SingleProps;
+	return (
+		<Select
+			id={id}
+			value={value}
+			onChange={onChange}
+			placeholder={placeholder}
+			className={cx('roles-select', className)}
+			loading={loading}
+			notFoundContent={notFoundContent}
+			options={options}
+			getPopupContainer={getPopupContainer}
+		/>
+	);
+}
+
+export default RolesSelect;

frontend/src/components/RolesSelect/index.ts

@@ -0,0 +1,2 @@
+export type { RoleOption, RolesSelectProps } from './RolesSelect';
+export { default, getRoleOptions, useRoles } from './RolesSelect';

frontend/src/components/ServiceAccountDrawer/AddKeyModal.styles.scss

@@ -0,0 +1,179 @@
+.add-key-modal {
+	[data-slot='dialog-description'] {
+		padding: 0;
+	}
+
+	&__form {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+		padding: var(--padding-4);
+	}
+
+	&__field {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-4);
+	}
+
+	&__label {
+		font-size: var(--font-size-sm);
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+	}
+
+	&__input {
+		height: 32px;
+		background: var(--l2-background);
+		border-color: var(--border);
+		color: var(--l1-foreground);
+		box-shadow: none;
+
+		&::placeholder {
+			color: var(--l3-foreground);
+		}
+	}
+
+	&__expiry-toggle {
+		width: 60%;
+		display: flex;
+		border: 1px solid var(--border);
+		border-radius: 2px;
+		overflow: hidden;
+		padding: 0;
+		gap: 0;
+
+		[data-slot='toggle-group'] {
+			width: 100%;
+			display: flex;
+		}
+
+		&-btn {
+			flex: 1;
+			height: 32px;
+			border-radius: 0;
+			font-size: var(--label-small-400-font-size);
+			font-weight: var(--label-small-400-font-weight);
+			line-height: var(--label-small-400-line-height);
+			justify-content: center;
+			background: transparent;
+			border: none;
+			border-right: 1px solid var(--border);
+			color: var(--foreground);
+
+			&:last-child {
+				border-right: none;
+			}
+
+			&[data-state='on'] {
+				background: var(--l2-background);
+				color: var(--l1-foreground);
+			}
+		}
+	}
+
+	&__datepicker {
+		width: 100%;
+		height: 32px;
+
+		.ant-picker {
+			background: var(--l2-background);
+			border-color: var(--border);
+			border-radius: 2px;
+			width: 100%;
+			height: 32px;
+
+			input {
+				color: var(--l1-foreground);
+				font-size: var(--font-size-sm);
+			}
+
+			.ant-picker-suffix {
+				color: var(--foreground);
+			}
+		}
+
+		.add-key-modal-datepicker-popup {
+			border-radius: 4px;
+			border: 1px solid var(--secondary);
+			background: var(--popover);
+			box-shadow: 0px -4px 16px 2px rgba(0, 0, 0, 0.2);
+		}
+	}
+
+	&__key-display {
+		display: flex;
+		align-items: center;
+		height: 32px;
+		background: var(--l2-background);
+		border: 1px solid var(--border);
+		border-radius: 2px;
+		overflow: hidden;
+	}
+
+	&__key-text {
+		flex: 1;
+		min-width: 0;
+		padding: 0 var(--padding-2);
+		font-size: var(--font-size-sm);
+		color: var(--l1-foreground);
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		font-family: monospace;
+	}
+
+	&__copy-btn {
+		flex-shrink: 0;
+		height: 32px;
+		border-radius: 0 2px 2px 0;
+		border-top: none;
+		border-right: none;
+		border-bottom: none;
+		border-left: 1px solid var(--border);
+		min-width: 40px;
+	}
+
+	&__expiry-meta {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+	}
+
+	&__expiry-label {
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-medium);
+		color: var(--foreground);
+		letter-spacing: 0.48px;
+		text-transform: uppercase;
+	}
+
+	&__footer {
+		display: flex;
+		align-items: center;
+		justify-content: flex-end;
+		padding: var(--padding-4);
+		border-top: 1px solid var(--secondary);
+	}
+
+	&__footer-right {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-4);
+	}
+
+	&__learn-more {
+		display: inline-flex;
+		align-items: center;
+		gap: var(--spacing-1);
+		color: var(--primary);
+		font-size: var(--font-size-sm);
+		text-decoration: none;
+
+		&:hover {
+			text-decoration: underline;
+		}
+	}
+}

frontend/src/components/ServiceAccountDrawer/AddKeyModal.tsx

@@ -0,0 +1,302 @@
+import { useCallback, useEffect, useState } from 'react';
+import { Controller, useForm } from 'react-hook-form';
+import { useQueryClient } from 'react-query';
+import { Badge } from '@signozhq/badge';
+import { Button } from '@signozhq/button';
+import { Callout } from '@signozhq/callout';
+import { DialogWrapper } from '@signozhq/dialog';
+import { Check, Copy } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import { toast } from '@signozhq/sonner';
+import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
+import { DatePicker } from 'antd';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	invalidateListServiceAccountKeys,
+	useCreateServiceAccountKey,
+} from 'api/generated/services/serviceaccount';
+import type {
+	RenderErrorResponseDTO,
+	ServiceaccounttypesGettableFactorAPIKeyWithKeyDTO,
+} from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import type { Dayjs } from 'dayjs';
+import { parseAsBoolean, useQueryState } from 'nuqs';
+import { popupContainer } from 'utils/selectPopupContainer';
+
+import { disabledDate } from './utils';
+
+import './AddKeyModal.styles.scss';
+
+type Phase = 'form' | 'created';
+type ExpiryMode = 'none' | 'date';
+
+interface FormValues {
+	keyName: string;
+	expiryMode: ExpiryMode;
+	expiryDate: Dayjs | null;
+}
+
+function AddKeyModal(): JSX.Element {
+	const queryClient = useQueryClient();
+	const [accountId] = useQueryState('account');
+	const [isAddKeyOpen, setIsAddKeyOpen] = useQueryState(
+		'add-key',
+		parseAsBoolean.withDefault(false),
+	);
+	const open = isAddKeyOpen && !!accountId;
+
+	const [phase, setPhase] = useState<Phase>('form');
+	const [
+		createdKey,
+		setCreatedKey,
+	] = useState<ServiceaccounttypesGettableFactorAPIKeyWithKeyDTO | null>(null);
+	const [hasCopied, setHasCopied] = useState(false);
+
+	const {
+		control,
+		register,
+		handleSubmit,
+		reset,
+		watch,
+		formState: { isValid },
+	} = useForm<FormValues>({
+		mode: 'onChange',
+		defaultValues: { keyName: '', expiryMode: 'none', expiryDate: null },
+	});
+
+	const expiryMode = watch('expiryMode');
+	const expiryDate = watch('expiryDate');
+
+	useEffect(() => {
+		if (open) {
+			setPhase('form');
+			setCreatedKey(null);
+			setHasCopied(false);
+			reset();
+		}
+	}, [open, reset]);
+
+	const {
+		mutate: createKey,
+		isLoading: isSubmitting,
+	} = useCreateServiceAccountKey({
+		mutation: {
+			onSuccess: (response) => {
+				const keyData = response?.data;
+				if (keyData) {
+					setCreatedKey(keyData);
+					setPhase('created');
+					if (accountId) {
+						void invalidateListServiceAccountKeys(queryClient, { id: accountId });
+					}
+				}
+			},
+			onError: (error) => {
+				const errMessage =
+					convertToApiError(
+						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'Failed to create key';
+				toast.error(errMessage, { richColors: true });
+			},
+		},
+	});
+
+	function handleCreate({
+		keyName,
+		expiryMode: mode,
+		expiryDate: date,
+	}: FormValues): void {
+		if (!accountId) {
+			return;
+		}
+		const expiresAt = mode === 'date' && date ? date.endOf('day').unix() : 0;
+		createKey({
+			pathParams: { id: accountId },
+			data: { name: keyName.trim(), expiresAt },
+		});
+	}
+
+	const handleCopy = useCallback(async (): Promise<void> => {
+		if (!createdKey?.key) {
+			return;
+		}
+		try {
+			await navigator.clipboard.writeText(createdKey.key);
+			setHasCopied(true);
+			setTimeout(() => setHasCopied(false), 2000);
+			toast.success('Key copied to clipboard', { richColors: true });
+		} catch {
+			toast.error('Failed to copy key', { richColors: true });
+		}
+	}, [createdKey]);
+
+	const handleClose = useCallback((): void => {
+		setIsAddKeyOpen(null);
+	}, [setIsAddKeyOpen]);
+
+	const expiryLabel = (): string => {
+		if (expiryMode === 'none' || !expiryDate) {
+			return 'Never';
+		}
+		try {
+			return expiryDate.format('MMM D, YYYY');
+		} catch {
+			return 'Never';
+		}
+	};
+
+	const title = phase === 'form' ? 'Add a New Key' : 'Key Created Successfully';
+
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					handleClose();
+				}
+			}}
+			title={title}
+			width="base"
+			className="add-key-modal"
+			showCloseButton
+			disableOutsideClick={false}
+		>
+			{phase === 'form' && (
+				<>
+					<div className="add-key-modal__form">
+						<div className="add-key-modal__field">
+							<label className="add-key-modal__label" htmlFor="key-name">
+								Name <span style={{ color: 'var(--destructive)' }}>*</span>
+							</label>
+							<Input
+								id="key-name"
+								placeholder="Enter key name e.g.: Service Owner"
+								className="add-key-modal__input"
+								{...register('keyName', {
+									required: true,
+									validate: (v) => !!v.trim(),
+								})}
+							/>
+						</div>
+
+						<div className="add-key-modal__field">
+							<span className="add-key-modal__label">Expiration</span>
+							<Controller
+								name="expiryMode"
+								control={control}
+								render={({ field }): JSX.Element => (
+									<ToggleGroup
+										type="single"
+										value={field.value}
+										onValueChange={(val): void => {
+											if (val) {
+												field.onChange(val);
+											}
+										}}
+										className="add-key-modal__expiry-toggle"
+									>
+										<ToggleGroupItem
+											value="none"
+											className="add-key-modal__expiry-toggle-btn"
+										>
+											No Expiration
+										</ToggleGroupItem>
+										<ToggleGroupItem
+											value="date"
+											className="add-key-modal__expiry-toggle-btn"
+										>
+											Set Expiration Date
+										</ToggleGroupItem>
+									</ToggleGroup>
+								)}
+							/>
+						</div>
+
+						{expiryMode === 'date' && (
+							<div className="add-key-modal__field">
+								<label className="add-key-modal__label" htmlFor="expiry-date">
+									Expiration Date
+								</label>
+								<div className="add-key-modal__datepicker">
+									<Controller
+										name="expiryDate"
+										control={control}
+										render={({ field }): JSX.Element => (
+											<DatePicker
+												id="expiry-date"
+												value={field.value}
+												onChange={field.onChange}
+												popupClassName="add-key-modal-datepicker-popup"
+												getPopupContainer={popupContainer}
+												disabledDate={disabledDate}
+											/>
+										)}
+									/>
+								</div>
+							</div>
+						)}
+					</div>
+
+					<div className="add-key-modal__footer">
+						<div className="add-key-modal__footer-right">
+							<Button
+								variant="solid"
+								color="secondary"
+								size="sm"
+								onClick={handleClose}
+							>
+								Cancel
+							</Button>
+							<Button
+								variant="solid"
+								color="primary"
+								size="sm"
+								loading={isSubmitting}
+								disabled={!isValid}
+								onClick={handleSubmit(handleCreate)}
+							>
+								Create Key
+							</Button>
+						</div>
+					</div>
+				</>
+			)}
+
+			{phase === 'created' && createdKey && (
+				<>
+					<div className="add-key-modal__form">
+						<div className="add-key-modal__field">
+							<span className="add-key-modal__label">Key</span>
+							<div className="add-key-modal__key-display">
+								<span className="add-key-modal__key-text">{createdKey.key}</span>
+								<Button
+									variant="outlined"
+									color="secondary"
+									size="sm"
+									onClick={handleCopy}
+									className="add-key-modal__copy-btn"
+								>
+									{hasCopied ? <Check size={12} /> : <Copy size={12} />}
+								</Button>
+							</div>
+						</div>
+
+						<div className="add-key-modal__expiry-meta">
+							<span className="add-key-modal__expiry-label">Expiration</span>
+							<Badge color="vanilla">{expiryLabel()}</Badge>
+						</div>
+
+						<Callout
+							type="info"
+							showIcon
+							message="Store the key securely. This is the only time it will be displayed."
+						/>
+					</div>
+				</>
+			)}
+		</DialogWrapper>
+	);
+}
+
+export default AddKeyModal;

frontend/src/components/ServiceAccountDrawer/DisableAccountModal.tsx

@@ -0,0 +1,108 @@
+import { useQueryClient } from 'react-query';
+import { Button } from '@signozhq/button';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { PowerOff, X } from '@signozhq/icons';
+import { toast } from '@signozhq/sonner';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	getGetServiceAccountQueryKey,
+	invalidateListServiceAccounts,
+	useUpdateServiceAccountStatus,
+} from 'api/generated/services/serviceaccount';
+import type {
+	RenderErrorResponseDTO,
+	ServiceaccounttypesServiceAccountDTO,
+} from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import { parseAsBoolean, useQueryState } from 'nuqs';
+
+function DisableAccountModal(): JSX.Element {
+	const queryClient = useQueryClient();
+	const [accountId, setAccountId] = useQueryState('account');
+	const [isDisableOpen, setIsDisableOpen] = useQueryState(
+		'disable-sa',
+		parseAsBoolean.withDefault(false),
+	);
+	const open = !!isDisableOpen && !!accountId;
+
+	const cachedAccount = accountId
+		? queryClient.getQueryData<{
+				data: ServiceaccounttypesServiceAccountDTO;
+		  }>(getGetServiceAccountQueryKey({ id: accountId }))
+		: null;
+	const accountName = cachedAccount?.data?.name;
+
+	const {
+		mutate: updateStatus,
+		isLoading: isDisabling,
+	} = useUpdateServiceAccountStatus({
+		mutation: {
+			onSuccess: () => {
+				toast.success('Service account disabled', { richColors: true });
+				void setIsDisableOpen(null);
+				void setAccountId(null);
+				void invalidateListServiceAccounts(queryClient);
+			},
+			onError: (error) => {
+				const errMessage =
+					convertToApiError(
+						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'Failed to disable service account';
+				toast.error(errMessage, { richColors: true });
+			},
+		},
+	});
+
+	function handleConfirm(): void {
+		if (!accountId) {
+			return;
+		}
+		updateStatus({
+			pathParams: { id: accountId },
+			data: { status: 'DISABLED' },
+		});
+	}
+
+	function handleCancel(): void {
+		void setIsDisableOpen(null);
+	}
+
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					handleCancel();
+				}
+			}}
+			title={`Disable service account ${accountName ?? ''}?`}
+			width="narrow"
+			className="alert-dialog sa-disable-dialog"
+			showCloseButton={false}
+			disableOutsideClick={false}
+		>
+			<p className="sa-disable-dialog__body">
+				Disabling this service account will revoke access for all its keys. Any
+				systems using this account will lose access immediately.
+			</p>
+			<DialogFooter className="sa-disable-dialog__footer">
+				<Button variant="solid" color="secondary" size="sm" onClick={handleCancel}>
+					<X size={12} />
+					Cancel
+				</Button>
+				<Button
+					variant="solid"
+					color="destructive"
+					size="sm"
+					loading={isDisabling}
+					onClick={handleConfirm}
+				>
+					<PowerOff size={12} />
+					Disable
+				</Button>
+			</DialogFooter>
+		</DialogWrapper>
+	);
+}
+
+export default DisableAccountModal;

frontend/src/components/ServiceAccountDrawer/EditKeyModal.styles.scss

@@ -0,0 +1,188 @@
+.edit-key-modal {
+	[data-slot='dialog-description'] {
+		padding: 0;
+	}
+
+	&__form {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+		padding: var(--padding-4);
+	}
+
+	&__field {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-4);
+	}
+
+	&__label {
+		font-size: 13px;
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+	}
+
+	&__input {
+		height: 32px;
+		background: var(--l2-background);
+		border-color: var(--border);
+		color: var(--l1-foreground);
+		box-shadow: none;
+
+		&::placeholder {
+			color: var(--l3-foreground);
+		}
+	}
+
+	&__key-display {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		height: 32px;
+		padding: 0 var(--padding-2);
+		border-radius: 2px;
+		background: var(--l2-background);
+		border: 1px solid var(--border);
+		cursor: not-allowed;
+		opacity: 0.8;
+	}
+
+	&__key-text {
+		font-size: 13px;
+		font-family: monospace;
+		color: var(--foreground);
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		flex: 1;
+		letter-spacing: 2px;
+	}
+
+	&__lock-icon {
+		color: var(--foreground);
+		flex-shrink: 0;
+		margin-left: 6px;
+		opacity: 0.6;
+	}
+
+	&__expiry-toggle {
+		width: 60%;
+		display: flex;
+		border: 1px solid var(--border);
+		border-radius: 2px;
+		overflow: hidden;
+		padding: 0;
+		gap: 0;
+
+		[data-slot='toggle-group'] {
+			width: 100%;
+			display: flex;
+		}
+
+		&-btn {
+			flex: 1;
+			height: 32px;
+			border-radius: 0;
+			font-size: var(--label-small-400-font-size);
+			font-weight: var(--label-small-400-font-weight);
+			line-height: var(--label-small-400-line-height);
+			justify-content: center;
+			background: transparent;
+			border: none;
+			border-right: 1px solid var(--border);
+			color: var(--foreground);
+			white-space: nowrap;
+
+			&:last-child {
+				border-right: none;
+			}
+
+			&[data-state='on'] {
+				background: var(--l2-background);
+				color: var(--l1-foreground);
+			}
+		}
+	}
+
+	&__datepicker {
+		width: 100%;
+		height: 32px;
+
+		.ant-picker {
+			background: var(--l2-background);
+			border-color: var(--border);
+			border-radius: 2px;
+			width: 100%;
+			height: 32px;
+
+			input {
+				color: var(--l1-foreground);
+				font-size: 13px;
+			}
+
+			.ant-picker-suffix {
+				color: var(--foreground);
+			}
+		}
+
+		.edit-key-modal-datepicker-popup {
+			border-radius: 4px;
+			border: 1px solid var(--secondary);
+			background: var(--popover);
+			box-shadow: 0px -4px 16px 2px rgba(0, 0, 0, 0.2);
+		}
+	}
+
+	&__meta {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+	}
+
+	&__meta-label {
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-medium);
+		color: var(--foreground);
+		letter-spacing: 0.48px;
+		text-transform: uppercase;
+	}
+
+	&__footer {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		padding: var(--padding-4);
+		border-top: 1px solid var(--secondary);
+	}
+
+	&__footer-right {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-4);
+	}
+
+	&__footer-danger {
+		display: inline-flex;
+		align-items: center;
+		gap: var(--spacing-2);
+		padding: 0;
+		background: transparent;
+		border: none;
+		cursor: pointer;
+		color: var(--destructive);
+		font-size: var(--label-small-400-font-size);
+		font-weight: var(--label-small-400-font-weight);
+		transition: opacity 0.15s ease;
+
+		&:hover {
+			opacity: 0.8;
+		}
+
+		&:disabled {
+			opacity: 0.5;
+			cursor: not-allowed;
+		}
+	}
+}

frontend/src/components/ServiceAccountDrawer/EditKeyModal.tsx

@@ -0,0 +1,314 @@
+import { useEffect, useState } from 'react';
+import { Controller, useForm } from 'react-hook-form';
+import { useQueryClient } from 'react-query';
+import { Badge } from '@signozhq/badge';
+import { Button } from '@signozhq/button';
+import { DialogWrapper } from '@signozhq/dialog';
+import { LockKeyhole, Trash2, X } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import { toast } from '@signozhq/sonner';
+import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
+import { DatePicker } from 'antd';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	invalidateListServiceAccountKeys,
+	useRevokeServiceAccountKey,
+	useUpdateServiceAccountKey,
+} from 'api/generated/services/serviceaccount';
+import type {
+	RenderErrorResponseDTO,
+	ServiceaccounttypesFactorAPIKeyDTO,
+} from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import type { Dayjs } from 'dayjs';
+import dayjs from 'dayjs';
+import { parseAsString, useQueryState } from 'nuqs';
+import { useTimezone } from 'providers/Timezone';
+import { popupContainer } from 'utils/selectPopupContainer';
+
+import { RevokeKeyContent } from './RevokeKeyModal';
+import { disabledDate, formatLastObservedAt } from './utils';
+
+import './EditKeyModal.styles.scss';
+
+type ExpiryMode = 'none' | 'date';
+
+interface FormValues {
+	name: string;
+	expiryMode: ExpiryMode;
+	expiresAt: Dayjs | null;
+}
+
+interface EditKeyModalProps {
+	keyItem: ServiceaccounttypesFactorAPIKeyDTO | null;
+}
+
+function EditKeyModal({ keyItem }: EditKeyModalProps): JSX.Element {
+	const queryClient = useQueryClient();
+	const [selectedAccountId] = useQueryState('account');
+	const [editKeyId, setEditKeyId] = useQueryState(
+		'edit-key',
+		parseAsString.withDefault(''),
+	);
+
+	const open = !!editKeyId && !!selectedAccountId;
+
+	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+	const [isRevokeConfirmOpen, setIsRevokeConfirmOpen] = useState(false);
+
+	const {
+		register,
+		control,
+		reset,
+		watch,
+		formState: { isDirty },
+		handleSubmit,
+	} = useForm<FormValues>({
+		defaultValues: { name: '', expiryMode: 'none', expiresAt: null },
+	});
+
+	useEffect(() => {
+		if (keyItem) {
+			reset({
+				name: keyItem.name ?? '',
+				expiryMode: keyItem.expiresAt === 0 ? 'none' : 'date',
+				expiresAt: keyItem.expiresAt === 0 ? null : dayjs.unix(keyItem.expiresAt),
+			});
+		}
+	}, [keyItem?.id, reset]); // eslint-disable-line react-hooks/exhaustive-deps
+
+	const expiryMode = watch('expiryMode');
+
+	const { mutate: updateKey, isLoading: isSaving } = useUpdateServiceAccountKey({
+		mutation: {
+			onSuccess: () => {
+				toast.success('Key updated successfully', { richColors: true });
+				void setEditKeyId(null);
+				if (selectedAccountId) {
+					void invalidateListServiceAccountKeys(queryClient, {
+						id: selectedAccountId,
+					});
+				}
+			},
+			onError: (error) => {
+				const errMessage =
+					convertToApiError(
+						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'Failed to update key';
+				toast.error(errMessage, { richColors: true });
+			},
+		},
+	});
+
+	const {
+		mutate: revokeKey,
+		isLoading: isRevoking,
+	} = useRevokeServiceAccountKey({
+		mutation: {
+			onSuccess: () => {
+				toast.success('Key revoked successfully', { richColors: true });
+				setIsRevokeConfirmOpen(false);
+				void setEditKeyId(null);
+				if (selectedAccountId) {
+					void invalidateListServiceAccountKeys(queryClient, {
+						id: selectedAccountId,
+					});
+				}
+			},
+			onError: (error) => {
+				const errMessage =
+					convertToApiError(
+						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'Failed to revoke key';
+				toast.error(errMessage, { richColors: true });
+			},
+		},
+	});
+
+	function handleClose(): void {
+		void setEditKeyId(null);
+		setIsRevokeConfirmOpen(false);
+	}
+
+	const onSubmit = handleSubmit(
+		({ name, expiryMode: mode, expiresAt }): void => {
+			if (!keyItem || !selectedAccountId) {
+				return;
+			}
+			const currentExpiresAt =
+				mode === 'none' || !expiresAt ? 0 : expiresAt.endOf('day').unix();
+			updateKey({
+				pathParams: { id: selectedAccountId, fid: keyItem.id },
+				data: { name, expiresAt: currentExpiresAt },
+			});
+		},
+	);
+
+	function handleRevoke(): void {
+		if (!keyItem || !selectedAccountId) {
+			return;
+		}
+		revokeKey({ pathParams: { id: selectedAccountId, fid: keyItem.id } });
+	}
+
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					if (isRevokeConfirmOpen) {
+						setIsRevokeConfirmOpen(false);
+					} else {
+						handleClose();
+					}
+				}
+			}}
+			title={
+				isRevokeConfirmOpen
+					? `Revoke ${keyItem?.name ?? 'key'}?`
+					: 'Edit Key Details'
+			}
+			width={isRevokeConfirmOpen ? 'narrow' : 'base'}
+			className={
+				isRevokeConfirmOpen ? 'alert-dialog delete-dialog' : 'edit-key-modal'
+			}
+			showCloseButton={!isRevokeConfirmOpen}
+			disableOutsideClick={false}
+		>
+			{isRevokeConfirmOpen ? (
+				<RevokeKeyContent
+					isRevoking={isRevoking}
+					onCancel={(): void => setIsRevokeConfirmOpen(false)}
+					onConfirm={handleRevoke}
+				/>
+			) : (
+				<>
+					<div className="edit-key-modal__form">
+						<div className="edit-key-modal__field">
+							<label className="edit-key-modal__label" htmlFor="edit-key-name">
+								Name
+							</label>
+							<Input
+								id="edit-key-name"
+								className="edit-key-modal__input"
+								placeholder="Enter key name"
+								{...register('name')}
+							/>
+						</div>
+
+						<div className="edit-key-modal__field">
+							<label className="edit-key-modal__label" htmlFor="edit-key-display">
+								Key
+							</label>
+							<div id="edit-key-display" className="edit-key-modal__key-display">
+								<span className="edit-key-modal__key-text">********************</span>
+								<LockKeyhole size={12} className="edit-key-modal__lock-icon" />
+							</div>
+						</div>
+
+						<div className="edit-key-modal__field">
+							<span className="edit-key-modal__label">Expiration</span>
+							<Controller
+								name="expiryMode"
+								control={control}
+								render={({ field }): JSX.Element => (
+									<ToggleGroup
+										type="single"
+										value={field.value}
+										onValueChange={(val): void => {
+											if (val) {
+												field.onChange(val);
+											}
+										}}
+										className="edit-key-modal__expiry-toggle"
+									>
+										<ToggleGroupItem
+											value="none"
+											className="edit-key-modal__expiry-toggle-btn"
+										>
+											No Expiration
+										</ToggleGroupItem>
+										<ToggleGroupItem
+											value="date"
+											className="edit-key-modal__expiry-toggle-btn"
+										>
+											Set Expiration Date
+										</ToggleGroupItem>
+									</ToggleGroup>
+								)}
+							/>
+						</div>
+
+						{expiryMode === 'date' && (
+							<div className="edit-key-modal__field">
+								<label className="edit-key-modal__label" htmlFor="edit-key-datepicker">
+									Expiration Date
+								</label>
+								<div className="edit-key-modal__datepicker">
+									<Controller
+										name="expiresAt"
+										control={control}
+										render={({ field }): JSX.Element => (
+											<DatePicker
+												value={field.value}
+												id="edit-key-datepicker"
+												onChange={field.onChange}
+												popupClassName="edit-key-modal-datepicker-popup"
+												getPopupContainer={popupContainer}
+												disabledDate={disabledDate}
+											/>
+										)}
+									/>
+								</div>
+							</div>
+						)}
+
+						<div className="edit-key-modal__meta">
+							<span className="edit-key-modal__meta-label">Last Observed At</span>
+							<Badge color="vanilla">
+								{formatLastObservedAt(
+									keyItem?.lastObservedAt ?? null,
+									formatTimezoneAdjustedTimestamp,
+								)}
+							</Badge>
+						</div>
+					</div>
+
+					<div className="edit-key-modal__footer">
+						<Button
+							type="button"
+							className="edit-key-modal__footer-danger"
+							onClick={(): void => setIsRevokeConfirmOpen(true)}
+						>
+							<Trash2 size={12} />
+							Revoke Key
+						</Button>
+						<div className="edit-key-modal__footer-right">
+							<Button
+								variant="solid"
+								color="secondary"
+								size="sm"
+								onClick={handleClose}
+							>
+								<X size={12} />
+								Cancel
+							</Button>
+							<Button
+								variant="solid"
+								color="primary"
+								size="sm"
+								loading={isSaving}
+								disabled={!isDirty}
+								onClick={onSubmit}
+							>
+								Save Changes
+							</Button>
+						</div>
+					</div>
+				</>
+			)}
+		</DialogWrapper>
+	);
+}
+
+export default EditKeyModal;

frontend/src/components/ServiceAccountDrawer/KeysTab.tsx

@@ -0,0 +1,238 @@
+import { useCallback, useMemo } from 'react';
+import { Button } from '@signozhq/button';
+import { X } from '@signozhq/icons';
+import { Skeleton, Table, Tooltip } from 'antd';
+import type { ColumnsType } from 'antd/es/table/interface';
+import type { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import dayjs from 'dayjs';
+import { parseAsBoolean, parseAsString, useQueryState } from 'nuqs';
+import { useTimezone } from 'providers/Timezone';
+
+import EditKeyModal from './EditKeyModal';
+import RevokeKeyModal from './RevokeKeyModal';
+import { formatLastObservedAt } from './utils';
+
+interface KeysTabProps {
+	keys: ServiceaccounttypesFactorAPIKeyDTO[];
+	isLoading: boolean;
+	isDisabled?: boolean;
+	currentPage: number;
+	pageSize: number;
+}
+
+interface BuildColumnsParams {
+	isDisabled: boolean;
+	onRevokeClick: (keyId: string) => void;
+	handleformatLastObservedAt: (
+		lastObservedAt: Date | null | undefined,
+	) => string;
+}
+
+function formatExpiry(expiresAt: number): JSX.Element {
+	if (expiresAt === 0) {
+		return <span className="keys-tab__expiry--never">Never</span>;
+	}
+	const expiryDate = dayjs.unix(expiresAt);
+	if (expiryDate.isBefore(dayjs())) {
+		return <span className="keys-tab__expiry--expired">Expired</span>;
+	}
+	return <span>{expiryDate.format('MMM D, YYYY')}</span>;
+}
+
+function buildColumns({
+	isDisabled,
+	onRevokeClick,
+	handleformatLastObservedAt,
+}: BuildColumnsParams): ColumnsType<ServiceaccounttypesFactorAPIKeyDTO> {
+	return [
+		{
+			title: 'Name',
+			dataIndex: 'name',
+			key: 'name',
+			className: 'keys-tab__name-column',
+			sorter: (a, b): number => (a.name ?? '').localeCompare(b.name ?? ''),
+			render: (_, record): JSX.Element => (
+				<span className="keys-tab__name-text">{record.name ?? '—'}</span>
+			),
+		},
+		{
+			title: 'Expiry',
+			dataIndex: 'expiresAt',
+			key: 'expiry',
+			width: 160,
+			align: 'right' as const,
+			sorter: (a, b): number => {
+				const aVal = a.expiresAt === 0 ? Infinity : a.expiresAt;
+				const bVal = b.expiresAt === 0 ? Infinity : b.expiresAt;
+				return aVal - bVal;
+			},
+			render: (expiresAt: number): JSX.Element => formatExpiry(expiresAt),
+		},
+		{
+			title: 'Last Observed At',
+			dataIndex: 'lastObservedAt',
+			key: 'lastObservedAt',
+			width: 220,
+			align: 'right' as const,
+			sorter: (a, b): number => {
+				const aVal = a.lastObservedAt
+					? new Date(a.lastObservedAt).getTime()
+					: -Infinity;
+				const bVal = b.lastObservedAt
+					? new Date(b.lastObservedAt).getTime()
+					: -Infinity;
+				return aVal - bVal;
+			},
+			render: (lastObservedAt: Date | null | undefined): string =>
+				handleformatLastObservedAt(lastObservedAt),
+		},
+		{
+			title: '',
+			key: 'action',
+			width: 48,
+			align: 'right' as const,
+			render: (_, record): JSX.Element => (
+				<Tooltip title={isDisabled ? 'Service account disabled' : 'Revoke Key'}>
+					<Button
+						variant="ghost"
+						size="xs"
+						color="destructive"
+						disabled={isDisabled}
+						onClick={(e): void => {
+							e.stopPropagation();
+							onRevokeClick(record.id);
+						}}
+						className="keys-tab__revoke-btn"
+					>
+						<X size={12} />
+					</Button>
+				</Tooltip>
+			),
+		},
+	];
+}
+
+function KeysTab({
+	keys,
+	isLoading,
+	isDisabled = false,
+	currentPage,
+	pageSize,
+}: KeysTabProps): JSX.Element {
+	const [, setIsAddKeyOpen] = useQueryState(
+		'add-key',
+		parseAsBoolean.withDefault(false),
+	);
+	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+	const [editKeyId, setEditKeyId] = useQueryState(
+		'edit-key',
+		parseAsString.withDefault(''),
+	);
+	const [, setRevokeKeyId] = useQueryState(
+		'revoke-key',
+		parseAsString.withDefault(''),
+	);
+	const editKey = keys.find((k) => k.id === editKeyId) ?? null;
+
+	const handleformatLastObservedAt = useCallback(
+		(lastObservedAt: Date | null | undefined): string =>
+			formatLastObservedAt(lastObservedAt, formatTimezoneAdjustedTimestamp),
+		[formatTimezoneAdjustedTimestamp],
+	);
+
+	const onRevokeClick = useCallback(
+		(keyId: string): void => {
+			setRevokeKeyId(keyId);
+		},
+		[setRevokeKeyId],
+	);
+
+	const columns = useMemo(
+		() => buildColumns({ isDisabled, onRevokeClick, handleformatLastObservedAt }),
+		[isDisabled, onRevokeClick, handleformatLastObservedAt],
+	);
+
+	if (isLoading) {
+		return (
+			<div className="keys-tab__loading">
+				<Skeleton active paragraph={{ rows: 4 }} />
+			</div>
+		);
+	}
+
+	if (keys.length === 0) {
+		return (
+			<div className="keys-tab__empty">
+				<span className="keys-tab__empty-emoji" role="img" aria-label="searching">
+					🧐
+				</span>
+				<p className="keys-tab__empty-text">No keys. Start by creating one.</p>
+				<Button
+					type="button"
+					className="keys-tab__learn-more"
+					onClick={(): void => {
+						void setIsAddKeyOpen(true);
+					}}
+					disabled={isDisabled}
+				>
+					+ Add your first key
+				</Button>
+			</div>
+		);
+	}
+
+	return (
+		<>
+			{/* Todo: use new table component from periscope when ready */}
+			<Table<ServiceaccounttypesFactorAPIKeyDTO>
+				columns={columns}
+				dataSource={keys}
+				rowKey="id"
+				pagination={{
+					style: { display: 'none' },
+					current: currentPage,
+					pageSize,
+				}}
+				showSorterTooltip={false}
+				className={`keys-tab__table${
+					isDisabled ? ' keys-tab__table--disabled' : ''
+				}`}
+				rowClassName={(_, index): string =>
+					index % 2 === 0 ? 'keys-tab__table-row--alt' : ''
+				}
+				onRow={(
+					record,
+				): {
+					onClick: () => void;
+					onKeyDown: (e: React.KeyboardEvent) => void;
+					role: string;
+					tabIndex: number;
+					'aria-label': string;
+				} => ({
+					onClick: (): void => {
+						if (!isDisabled) {
+							void setEditKeyId(record.id);
+						}
+					},
+					onKeyDown: (e: React.KeyboardEvent): void => {
+						if ((e.key === 'Enter' || e.key === ' ') && !isDisabled) {
+							if (e.key === ' ') {
+								e.preventDefault();
+							}
+							void setEditKeyId(record.id);
+						}
+					},
+					role: 'button',
+					tabIndex: 0,
+					'aria-label': `Edit key ${record.name || 'options'}`,
+				})}
+			/>
+
+			<EditKeyModal keyItem={editKey} />
+
+			<RevokeKeyModal />
+		</>
+	);
+}
+
+export default KeysTab;

frontend/src/components/ServiceAccountDrawer/OverviewTab.tsx

@@ -0,0 +1,153 @@
+import { useCallback } from 'react';
+import { Badge } from '@signozhq/badge';
+import { LockKeyhole } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import type { AuthtypesRoleDTO } from 'api/generated/services/sigNoz.schemas';
+import RolesSelect from 'components/RolesSelect';
+import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
+import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
+import { useTimezone } from 'providers/Timezone';
+import APIError from 'types/api/error';
+
+interface OverviewTabProps {
+	account: ServiceAccountRow;
+	localName: string;
+	onNameChange: (v: string) => void;
+	localRoles: string[];
+	onRolesChange: (v: string[]) => void;
+	isDisabled: boolean;
+	availableRoles: AuthtypesRoleDTO[];
+	rolesLoading?: boolean;
+	rolesError?: boolean;
+	rolesErrorObj?: APIError | undefined;
+	onRefetchRoles?: () => void;
+}
+
+function OverviewTab({
+	account,
+	localName,
+	onNameChange,
+	localRoles,
+	onRolesChange,
+	isDisabled,
+	availableRoles,
+	rolesLoading,
+	rolesError,
+	rolesErrorObj,
+	onRefetchRoles,
+}: OverviewTabProps): JSX.Element {
+	const { formatTimezoneAdjustedTimestamp } = useTimezone();
+
+	const formatTimestamp = useCallback(
+		(ts: string | null | undefined): string => {
+			if (!ts) {
+				return '—';
+			}
+			const d = new Date(ts);
+			if (Number.isNaN(d.getTime())) {
+				return '—';
+			}
+			return formatTimezoneAdjustedTimestamp(ts, DATE_TIME_FORMATS.DASH_DATETIME);
+		},
+		[formatTimezoneAdjustedTimestamp],
+	);
+
+	return (
+		<>
+			<div className="sa-drawer__field">
+				<label className="sa-drawer__label" htmlFor="sa-name">
+					Name
+				</label>
+				{isDisabled ? (
+					<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
+						<span className="sa-drawer__input-text">{localName || '—'}</span>
+						<LockKeyhole size={14} className="sa-drawer__lock-icon" />
+					</div>
+				) : (
+					<Input
+						id="sa-name"
+						value={localName}
+						onChange={(e): void => onNameChange(e.target.value)}
+						className="sa-drawer__input"
+						placeholder="Enter name"
+					/>
+				)}
+			</div>
+
+			<div className="sa-drawer__field">
+				<label className="sa-drawer__label" htmlFor="sa-email">
+					Email Address
+				</label>
+				<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
+					<span className="sa-drawer__input-text">{account.email || '—'}</span>
+					<LockKeyhole size={14} className="sa-drawer__lock-icon" />
+				</div>
+			</div>
+
+			<div className="sa-drawer__field">
+				<label className="sa-drawer__label" htmlFor="sa-roles">
+					Roles
+				</label>
+				{isDisabled ? (
+					<div className="sa-drawer__input-wrapper sa-drawer__input-wrapper--disabled">
+						<div className="sa-drawer__disabled-roles">
+							{localRoles.length > 0 ? (
+								localRoles.map((r) => (
+									<Badge key={r} color="vanilla">
+										{r}
+									</Badge>
+								))
+							) : (
+								<span className="sa-drawer__input-text">—</span>
+							)}
+						</div>
+						<LockKeyhole size={14} className="sa-drawer__lock-icon" />
+					</div>
+				) : (
+					<RolesSelect
+						id="sa-roles"
+						mode="multiple"
+						roles={availableRoles}
+						loading={rolesLoading}
+						isError={rolesError}
+						error={rolesErrorObj}
+						onRefetch={onRefetchRoles}
+						value={localRoles}
+						onChange={onRolesChange}
+						placeholder="Select roles"
+						getPopupContainer={(triggerNode): HTMLElement =>
+							(triggerNode?.closest('.sa-drawer') as HTMLElement) || document.body
+						}
+					/>
+				)}
+			</div>
+
+			<div className="sa-drawer__meta">
+				<div className="sa-drawer__meta-item">
+					<span className="sa-drawer__meta-label">Status</span>
+					{account.status?.toUpperCase() === 'ACTIVE' ? (
+						<Badge color="forest" variant="outline">
+							ACTIVE
+						</Badge>
+					) : (
+						<Badge color="vanilla" variant="outline" className="sa-status-badge">
+							DISABLED
+						</Badge>
+					)}
+				</div>
+
+				<div className="sa-drawer__meta-item">
+					<span className="sa-drawer__meta-label">Created At</span>
+					<Badge color="vanilla">{formatTimestamp(account.createdAt)}</Badge>
+				</div>
+
+				<div className="sa-drawer__meta-item">
+					<span className="sa-drawer__meta-label">Updated At</span>
+					<Badge color="vanilla">{formatTimestamp(account.updatedAt)}</Badge>
+				</div>
+			</div>
+		</>
+	);
+}
+
+export default OverviewTab;

frontend/src/components/ServiceAccountDrawer/RevokeKeyModal.tsx

@@ -0,0 +1,128 @@
+import { useQueryClient } from 'react-query';
+import { Button } from '@signozhq/button';
+import { DialogFooter, DialogWrapper } from '@signozhq/dialog';
+import { Trash2, X } from '@signozhq/icons';
+import { toast } from '@signozhq/sonner';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	getListServiceAccountKeysQueryKey,
+	invalidateListServiceAccountKeys,
+	useRevokeServiceAccountKey,
+} from 'api/generated/services/serviceaccount';
+import type {
+	RenderErrorResponseDTO,
+	ServiceaccounttypesFactorAPIKeyDTO,
+} from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import { parseAsString, useQueryState } from 'nuqs';
+
+export interface RevokeKeyContentProps {
+	isRevoking: boolean;
+	onCancel: () => void;
+	onConfirm: () => void;
+}
+
+export function RevokeKeyContent({
+	isRevoking,
+	onCancel,
+	onConfirm,
+}: RevokeKeyContentProps): JSX.Element {
+	return (
+		<>
+			<p className="delete-dialog__body">
+				Revoking this key will permanently invalidate it. Any systems using this key
+				will lose access immediately.
+			</p>
+			<DialogFooter className="delete-dialog__footer">
+				<Button variant="solid" color="secondary" size="sm" onClick={onCancel}>
+					<X size={12} />
+					Cancel
+				</Button>
+				<Button
+					variant="solid"
+					color="destructive"
+					size="sm"
+					loading={isRevoking}
+					onClick={onConfirm}
+				>
+					<Trash2 size={12} />
+					Revoke Key
+				</Button>
+			</DialogFooter>
+		</>
+	);
+}
+
+function RevokeKeyModal(): JSX.Element {
+	const queryClient = useQueryClient();
+	const [accountId] = useQueryState('account');
+	const [revokeKeyId, setRevokeKeyId] = useQueryState(
+		'revoke-key',
+		parseAsString.withDefault(''),
+	);
+	const open = !!revokeKeyId && !!accountId;
+
+	const cachedKeys = accountId
+		? queryClient.getQueryData<{ data: ServiceaccounttypesFactorAPIKeyDTO[] }>(
+				getListServiceAccountKeysQueryKey({ id: accountId }),
+		  )
+		: null;
+	const keyName = cachedKeys?.data?.find((k) => k.id === revokeKeyId)?.name;
+
+	const {
+		mutate: revokeKey,
+		isLoading: isRevoking,
+	} = useRevokeServiceAccountKey({
+		mutation: {
+			onSuccess: () => {
+				toast.success('Key revoked successfully', { richColors: true });
+				void setRevokeKeyId(null);
+				if (accountId) {
+					void invalidateListServiceAccountKeys(queryClient, { id: accountId });
+				}
+			},
+			onError: (error) => {
+				const errMessage =
+					convertToApiError(
+						error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+					)?.getErrorMessage() || 'Failed to revoke key';
+				toast.error(errMessage, { richColors: true });
+			},
+		},
+	});
+
+	function handleConfirm(): void {
+		if (!revokeKeyId || !accountId) {
+			return;
+		}
+		revokeKey({ pathParams: { id: accountId, fid: revokeKeyId } });
+	}
+
+	function handleCancel(): void {
+		void setRevokeKeyId(null);
+	}
+
+	return (
+		<DialogWrapper
+			open={open}
+			onOpenChange={(isOpen): void => {
+				if (!isOpen) {
+					handleCancel();
+				}
+			}}
+			title={`Revoke ${keyName ?? 'key'}?`}
+			width="narrow"
+			className="alert-dialog delete-dialog"
+			showCloseButton={false}
+			disableOutsideClick={false}
+		>
+			<RevokeKeyContent
+				isRevoking={isRevoking}
+				onCancel={handleCancel}
+				onConfirm={handleConfirm}
+			/>
+		</DialogWrapper>
+	);
+}
+
+export default RevokeKeyModal;

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.styles.scss

@@ -0,0 +1,460 @@
+.sa-drawer {
+	[data-slot='drawer-close'] + div {
+		border-left: 1px solid var(--l1-border);
+		padding-left: var(--padding-4);
+		margin-left: var(--margin-2);
+	}
+
+	&__layout {
+		display: flex;
+		flex-direction: column;
+		height: calc(100vh - 48px);
+	}
+
+	&__tabs {
+		display: flex;
+		justify-content: space-between;
+		align-items: center;
+		padding: var(--padding-3) var(--padding-4) var(--padding-2) var(--padding-4);
+		flex-shrink: 0;
+	}
+
+	&__tab-group {
+		[data-slot='toggle-group'] {
+			height: 32px;
+			border-radius: 2px;
+			border: 1px solid var(--l1-border);
+			background: var(--l2-background);
+			gap: 0;
+		}
+
+		[data-slot='toggle-group-item'] {
+			height: 32px;
+			border-radius: 0;
+			border-left: 1px solid var(--l1-border);
+			background: transparent;
+			color: var(--l2-foreground);
+			font-size: var(--font-size-xs);
+			font-weight: var(--font-weight-normal);
+			font-family: Inter, sans-serif;
+			padding: 0 var(--padding-7);
+			gap: var(--spacing-3);
+			box-shadow: none;
+
+			&:first-child {
+				border-left: none;
+				border-radius: 2px 0 0 2px;
+			}
+
+			&:last-child {
+				border-radius: 0 2px 2px 0;
+			}
+
+			&:hover {
+				background: rgba(171, 189, 255, 0.04);
+				color: var(--l1-foreground);
+			}
+
+			&[data-state='on'] {
+				background: var(--l1-border);
+				color: var(--l1-foreground);
+			}
+		}
+	}
+
+	&__tab {
+		display: inline-flex;
+		align-items: center;
+		gap: var(--spacing-2);
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-normal);
+	}
+
+	&__tab-count {
+		display: inline-flex;
+		align-items: center;
+		justify-content: center;
+		min-width: 20px;
+		padding: 0 6px;
+		border-radius: 50px;
+		background: var(--secondary);
+		font-size: var(--code-small-400-font-size);
+		font-weight: var(--font-weight-normal);
+		line-height: var(--line-height-20);
+		color: var(--foreground);
+		letter-spacing: -0.06px;
+	}
+
+	&__body {
+		flex: 1;
+		overflow-y: auto;
+		padding: var(--padding-5) var(--padding-4);
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+	}
+
+	&__footer {
+		height: 56px;
+		flex-shrink: 0;
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		padding: 0 var(--padding-4);
+		border-top: 1px solid var(--secondary);
+		background: var(--card);
+	}
+
+	&__keys-pagination {
+		display: flex;
+		align-items: center;
+		justify-content: flex-end;
+		width: 100%;
+		padding: var(--padding-2) 0;
+
+		.ant-pagination-total-text {
+			margin-right: auto;
+		}
+	}
+
+	&__pagination-range {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+		font-weight: var(--font-weight-normal);
+	}
+
+	&__pagination-total {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+		opacity: 0.5;
+	}
+
+	&__footer-btn {
+		padding-left: 0;
+		padding-right: 0;
+	}
+
+	&__footer-right {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-6);
+	}
+
+	&__field {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-4);
+	}
+
+	&__label {
+		font-size: var(--font-size-sm);
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: -0.07px;
+		cursor: default;
+	}
+
+	&__input {
+		height: 32px;
+		background: var(--l2-background);
+		border-color: var(--border);
+		color: var(--l1-foreground);
+		box-shadow: none;
+
+		&::placeholder {
+			color: var(--l3-foreground);
+		}
+	}
+
+	&__input-wrapper {
+		display: flex;
+		align-items: center;
+		justify-content: space-between;
+		height: 32px;
+		padding: 0 var(--padding-2);
+		border-radius: 2px;
+		background: var(--l2-background);
+		border: 1px solid var(--border);
+
+		&--disabled {
+			cursor: not-allowed;
+			opacity: 0.8;
+		}
+	}
+
+	&__input-text {
+		font-size: var(--font-size-sm);
+		font-weight: var(--font-weight-normal);
+		color: var(--foreground);
+		line-height: var(--line-height-18);
+		letter-spacing: -0.07px;
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		flex: 1;
+	}
+
+	&__lock-icon {
+		color: var(--foreground);
+		flex-shrink: 0;
+		margin-left: 6px;
+		opacity: 0.6;
+	}
+
+	&__disabled-roles {
+		display: flex;
+		flex-wrap: wrap;
+		gap: var(--spacing-2);
+	}
+
+	&__meta {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-8);
+		margin-top: var(--margin-1);
+	}
+
+	&__meta-item {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+
+		[data-slot='badge'] {
+			padding: var(--padding-1) var(--padding-2);
+			align-items: center;
+			font-size: var(--uppercase-small-500-font-size);
+			font-weight: var(--uppercase-small-500-font-weight);
+			line-height: 100%;
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+		}
+	}
+
+	&__meta-label {
+		font-size: var(--font-size-xs);
+		font-weight: var(--font-weight-medium);
+		color: var(--foreground);
+		line-height: var(--line-height-20);
+		letter-spacing: 0.48px;
+		text-transform: uppercase;
+	}
+}
+
+.keys-tab {
+	&__loading {
+		display: flex;
+		align-items: center;
+		justify-content: center;
+		padding: var(--padding-8) var(--padding-4);
+	}
+
+	&__empty {
+		display: flex;
+		flex-direction: column;
+		align-items: center;
+		justify-content: center;
+		padding: var(--padding-8) var(--padding-4);
+		gap: var(--spacing-4);
+		text-align: center;
+		height: 80%;
+	}
+
+	&__empty-emoji {
+		font-size: 32px;
+	}
+
+	&__empty-text {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--foreground);
+		margin: 0;
+	}
+
+	&__learn-more {
+		background: transparent;
+		border: none;
+		color: var(--primary);
+		font-size: var(--font-size-sm);
+		cursor: pointer;
+		text-decoration: none;
+
+		&:hover {
+			text-decoration: underline;
+		}
+	}
+
+	// todo: styles should easeup by upgrading the component with table component from persiscope
+	&__table {
+		.ant-table {
+			background: transparent;
+			border: 1px solid var(--l1-border);
+			border-radius: 4px;
+			overflow: hidden;
+		}
+
+		.ant-table-thead > tr > th,
+		.ant-table-thead > tr > td {
+			height: 38px;
+			padding: 0 var(--padding-4);
+			background: transparent !important;
+			border-bottom: 1px solid var(--l1-border) !important;
+			font-size: var(--uppercase-small-500-font-size);
+			font-weight: var(--uppercase-small-500-font-weight);
+			color: var(--l2-foreground);
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+
+			&::before {
+				display: none !important;
+			}
+
+			.ant-table-column-sorter {
+				color: var(--l2-foreground);
+				opacity: 0.5;
+			}
+
+			&.ant-table-column-sort {
+				background: transparent !important;
+				color: var(--l1-foreground);
+
+				.ant-table-column-sorter {
+					color: var(--l1-foreground);
+					opacity: 1;
+				}
+			}
+
+			&:hover {
+				background: transparent !important;
+				color: var(--l1-foreground);
+
+				.ant-table-column-sorter {
+					opacity: 1;
+				}
+			}
+		}
+
+		.ant-table-tbody > tr > td {
+			height: 38px;
+			padding: 0 var(--padding-4);
+			border-bottom: 1px solid var(--l1-border);
+			font-size: 13px;
+			font-weight: var(--font-weight-normal);
+			color: var(--l2-foreground);
+			letter-spacing: -0.07px;
+			cursor: pointer;
+			background: transparent;
+			transition: none;
+			font-variant-numeric: lining-nums tabular-nums stacked-fractions ordinal
+				slashed-zero;
+
+			&.ant-table-column-sort {
+				background: transparent;
+			}
+		}
+
+		.ant-table-tbody > tr:last-child > td {
+			border-bottom: none;
+		}
+
+		.ant-table-tbody > tr {
+			background: transparent;
+
+			&:hover > td {
+				background: rgba(171, 189, 255, 0.06) !important;
+			}
+
+			&.keys-tab__table-row--alt > td {
+				background: rgba(171, 189, 255, 0.02);
+
+				&:hover {
+					background: rgba(171, 189, 255, 0.06) !important;
+				}
+			}
+		}
+
+		&--disabled {
+			.ant-table-tbody > tr {
+				cursor: not-allowed;
+				opacity: 0.6;
+
+				&:hover > td {
+					background: transparent !important;
+				}
+			}
+		}
+
+		.ant-table-cell-row-hover {
+			background: transparent !important;
+		}
+	}
+
+	&__name-column {
+		.ant-table-column-sorters {
+			justify-content: flex-start;
+			gap: var(--spacing-2);
+		}
+
+		.ant-table-column-title {
+			flex: none;
+		}
+	}
+
+	&__name-text {
+		font-size: 13px;
+		font-weight: var(--font-weight-normal);
+		color: var(--l2-foreground);
+		letter-spacing: -0.07px;
+		text-transform: none;
+		white-space: nowrap;
+		overflow: hidden;
+		text-overflow: ellipsis;
+	}
+
+	&__expiry--never {
+		color: var(--l2-foreground);
+	}
+
+	&__expiry--expired {
+		color: var(--l3-foreground);
+	}
+
+	&__revoke-btn {
+		width: 32px;
+		height: 32px;
+		padding: 0;
+		display: inline-flex;
+		align-items: center;
+		justify-content: center;
+	}
+}
+
+.sa-disable-dialog {
+	background: var(--l2-background);
+	border: 1px solid var(--l2-border);
+
+	[data-slot='dialog-title'] {
+		color: var(--l1-foreground);
+	}
+
+	&__body {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l2-foreground);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.065px;
+		margin: 0;
+
+		strong {
+			font-weight: var(--font-weight-medium);
+			color: var(--l1-foreground);
+		}
+	}
+
+	&__footer {
+		display: flex;
+		justify-content: flex-end;
+		gap: var(--spacing-4);
+		margin-top: var(--margin-6);
+	}
+}

frontend/src/components/ServiceAccountDrawer/ServiceAccountDrawer.tsx

@@ -0,0 +1,366 @@
+import { useCallback, useEffect, useMemo, useState } from 'react';
+import { Button } from '@signozhq/button';
+import { DrawerWrapper } from '@signozhq/drawer';
+import { Key, LayoutGrid, Plus, PowerOff, X } from '@signozhq/icons';
+import { toast } from '@signozhq/sonner';
+import { ToggleGroup, ToggleGroupItem } from '@signozhq/toggle-group';
+import { Pagination, Skeleton } from 'antd';
+import { convertToApiError } from 'api/ErrorResponseHandlerForGeneratedAPIs';
+import {
+	useGetServiceAccount,
+	useListServiceAccountKeys,
+	useUpdateServiceAccount,
+} from 'api/generated/services/serviceaccount';
+import { RenderErrorResponseDTO } from 'api/generated/services/sigNoz.schemas';
+import { AxiosError } from 'axios';
+import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
+import { useRoles } from 'components/RolesSelect';
+import {
+	ServiceAccountRow,
+	toServiceAccountRow,
+} from 'container/ServiceAccountsSettings/utils';
+import {
+	parseAsBoolean,
+	parseAsInteger,
+	parseAsString,
+	parseAsStringEnum,
+	useQueryState,
+} from 'nuqs';
+import { toAPIError } from 'utils/errorUtils';
+
+import AddKeyModal from './AddKeyModal';
+import DisableAccountModal from './DisableAccountModal';
+import KeysTab from './KeysTab';
+import OverviewTab from './OverviewTab';
+import { ServiceAccountDrawerTab } from './utils';
+
+import './ServiceAccountDrawer.styles.scss';
+
+export interface ServiceAccountDrawerProps {
+	onSuccess: (options?: { closeDrawer?: boolean }) => void;
+}
+
+const PAGE_SIZE = 15;
+
+// eslint-disable-next-line sonarjs/cognitive-complexity
+function ServiceAccountDrawer({
+	onSuccess,
+}: ServiceAccountDrawerProps): JSX.Element {
+	const [selectedAccountId, setSelectedAccountId] = useQueryState('account');
+	const open = !!selectedAccountId;
+	const [activeTab, setActiveTab] = useQueryState(
+		'tab',
+		parseAsStringEnum<ServiceAccountDrawerTab>(
+			Object.values(ServiceAccountDrawerTab),
+		).withDefault(ServiceAccountDrawerTab.Overview),
+	);
+	const [keysPage, setKeysPage] = useQueryState(
+		'keysPage',
+		parseAsInteger.withDefault(1),
+	);
+	const [, setEditKeyId] = useQueryState(
+		'edit-key',
+		parseAsString.withDefault(''),
+	);
+	const [, setIsAddKeyOpen] = useQueryState(
+		'add-key',
+		parseAsBoolean.withDefault(false),
+	);
+	const [, setIsDisableOpen] = useQueryState(
+		'disable-sa',
+		parseAsBoolean.withDefault(false),
+	);
+	const [localName, setLocalName] = useState('');
+	const [localRoles, setLocalRoles] = useState<string[]>([]);
+
+	const {
+		data: accountData,
+		isLoading: isAccountLoading,
+		isError: isAccountError,
+		error: accountError,
+		refetch: refetchAccount,
+	} = useGetServiceAccount(
+		{ id: selectedAccountId ?? '' },
+		{ query: { enabled: !!selectedAccountId } },
+	);
+
+	const account = useMemo(
+		(): ServiceAccountRow | null =>
+			accountData?.data ? toServiceAccountRow(accountData.data) : null,
+		[accountData],
+	);
+
+	useEffect(() => {
+		if (account) {
+			setLocalName(account.name ?? '');
+			setLocalRoles(account.roles ?? []);
+			setKeysPage(1);
+		}
+		// eslint-disable-next-line react-hooks/exhaustive-deps
+	}, [account?.id]);
+
+	const isDisabled = account?.status?.toUpperCase() !== 'ACTIVE';
+
+	const isDirty =
+		account !== null &&
+		(localName !== (account.name ?? '') ||
+			JSON.stringify(localRoles) !== JSON.stringify(account.roles ?? []));
+
+	const {
+		roles: availableRoles,
+		isLoading: rolesLoading,
+		isError: rolesError,
+		error: rolesErrorObj,
+		refetch: refetchRoles,
+	} = useRoles();
+
+	const { data: keysData, isLoading: keysLoading } = useListServiceAccountKeys(
+		{ id: selectedAccountId ?? '' },
+		{ query: { enabled: !!selectedAccountId } },
+	);
+	const keys = keysData?.data ?? [];
+
+	useEffect(() => {
+		if (keysLoading) {
+			return;
+		}
+		const maxPage = Math.max(1, Math.ceil(keys.length / PAGE_SIZE));
+		if (keysPage > maxPage) {
+			setKeysPage(maxPage);
+		}
+	}, [keysLoading, keys.length, keysPage, setKeysPage]);
+
+	const { mutate: updateAccount, isLoading: isSaving } = useUpdateServiceAccount(
+		{
+			mutation: {
+				onSuccess: () => {
+					toast.success('Service account updated successfully', {
+						richColors: true,
+					});
+					refetchAccount();
+					onSuccess({ closeDrawer: false });
+				},
+				onError: (error) => {
+					const errMessage =
+						convertToApiError(
+							error as AxiosError<RenderErrorResponseDTO, unknown> | null,
+						)?.getErrorMessage() || 'Failed to update service account';
+					toast.error(errMessage, { richColors: true });
+				},
+			},
+		},
+	);
+
+	function handleSave(): void {
+		if (!account || !isDirty) {
+			return;
+		}
+		updateAccount({
+			pathParams: { id: account.id },
+			data: { name: localName, email: account.email, roles: localRoles },
+		});
+	}
+
+	const handleClose = useCallback((): void => {
+		setIsDisableOpen(null);
+		setIsAddKeyOpen(null);
+		setSelectedAccountId(null);
+		setActiveTab(null);
+		setKeysPage(null);
+		setEditKeyId(null);
+	}, [
+		setSelectedAccountId,
+		setActiveTab,
+		setKeysPage,
+		setEditKeyId,
+		setIsAddKeyOpen,
+		setIsDisableOpen,
+	]);
+
+	const drawerContent = (
+		<div className="sa-drawer__layout">
+			<div className="sa-drawer__tabs">
+				<ToggleGroup
+					type="single"
+					value={activeTab}
+					onValueChange={(val): void => {
+						if (val) {
+							setActiveTab(val as ServiceAccountDrawerTab);
+							if (val !== ServiceAccountDrawerTab.Keys) {
+								setKeysPage(null);
+								setEditKeyId(null);
+							}
+						}
+					}}
+					className="sa-drawer__tab-group"
+				>
+					<ToggleGroupItem
+						value={ServiceAccountDrawerTab.Overview}
+						className="sa-drawer__tab"
+					>
+						<LayoutGrid size={14} />
+						Overview
+					</ToggleGroupItem>
+					<ToggleGroupItem
+						value={ServiceAccountDrawerTab.Keys}
+						className="sa-drawer__tab"
+					>
+						<Key size={14} />
+						Keys
+						{keys.length > 0 && (
+							<span className="sa-drawer__tab-count">{keys.length}</span>
+						)}
+					</ToggleGroupItem>
+				</ToggleGroup>
+				{activeTab === ServiceAccountDrawerTab.Keys && (
+					<Button
+						variant="outlined"
+						size="sm"
+						color="secondary"
+						disabled={isDisabled}
+						onClick={(): void => {
+							setIsAddKeyOpen(true);
+						}}
+					>
+						<Plus size={12} />
+						Add Key
+					</Button>
+				)}
+			</div>
+
+			<div
+				className={`sa-drawer__body${
+					activeTab === ServiceAccountDrawerTab.Keys ? ' sa-drawer__body--keys' : ''
+				}`}
+			>
+				{isAccountLoading && <Skeleton active paragraph={{ rows: 6 }} />}
+				{isAccountError && (
+					<ErrorInPlace
+						error={toAPIError(
+							accountError,
+							'An unexpected error occurred while fetching service account details.',
+						)}
+					/>
+				)}
+				{!isAccountLoading && !isAccountError && (
+					<>
+						{activeTab === ServiceAccountDrawerTab.Overview && account && (
+							<OverviewTab
+								account={account}
+								localName={localName}
+								onNameChange={setLocalName}
+								localRoles={localRoles}
+								onRolesChange={setLocalRoles}
+								isDisabled={isDisabled}
+								availableRoles={availableRoles}
+								rolesLoading={rolesLoading}
+								rolesError={rolesError}
+								rolesErrorObj={rolesErrorObj}
+								onRefetchRoles={refetchRoles}
+							/>
+						)}
+						{activeTab === ServiceAccountDrawerTab.Keys && (
+							<KeysTab
+								keys={keys}
+								isLoading={keysLoading}
+								isDisabled={isDisabled}
+								currentPage={keysPage}
+								pageSize={PAGE_SIZE}
+							/>
+						)}
+					</>
+				)}
+			</div>
+
+			<div className="sa-drawer__footer">
+				{activeTab === ServiceAccountDrawerTab.Keys ? (
+					<Pagination
+						current={keysPage}
+						pageSize={PAGE_SIZE}
+						total={keys.length}
+						showTotal={(total: number, range: number[]): JSX.Element => (
+							<>
+								<span className="sa-drawer__pagination-range">
+									{range[0]} &#8212; {range[1]}
+								</span>
+								<span className="sa-drawer__pagination-total"> of {total}</span>
+							</>
+						)}
+						showSizeChanger={false}
+						hideOnSinglePage
+						onChange={(page): void => {
+							void setKeysPage(page);
+						}}
+						className="sa-drawer__keys-pagination"
+					/>
+				) : (
+					<>
+						{!isDisabled && (
+							<Button
+								variant="ghost"
+								color="destructive"
+								className="sa-drawer__footer-btn"
+								onClick={(): void => {
+									setIsDisableOpen(true);
+								}}
+							>
+								<PowerOff size={12} />
+								Disable Service Account
+							</Button>
+						)}
+						{!isDisabled && (
+							<div className="sa-drawer__footer-right">
+								<Button
+									variant="solid"
+									color="secondary"
+									size="sm"
+									onClick={handleClose}
+								>
+									<X size={14} />
+									Cancel
+								</Button>
+								<Button
+									variant="solid"
+									color="primary"
+									size="sm"
+									loading={isSaving}
+									disabled={!isDirty}
+									onClick={handleSave}
+								>
+									Save Changes
+								</Button>
+							</div>
+						)}
+					</>
+				)}
+			</div>
+		</div>
+	);
+
+	return (
+		<>
+			<DrawerWrapper
+				open={open}
+				onOpenChange={(isOpen): void => {
+					if (!isOpen) {
+						handleClose();
+					}
+				}}
+				direction="right"
+				type="panel"
+				showCloseButton
+				showOverlay={false}
+				allowOutsideClick
+				header={{ title: 'Service Account Details' }}
+				content={drawerContent}
+				className="sa-drawer"
+			/>
+
+			<DisableAccountModal />
+
+			<AddKeyModal />
+		</>
+	);
+}
+
+export default ServiceAccountDrawer;

frontend/src/components/ServiceAccountDrawer/__tests__/AddKeyModal.test.tsx

@@ -0,0 +1,139 @@
+import { toast } from '@signozhq/sonner';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import AddKeyModal from '../AddKeyModal';
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+const mockToast = jest.mocked(toast);
+
+const SA_KEYS_ENDPOINT = '*/api/v1/service_accounts/sa-1/keys';
+
+const createdKeyResponse = {
+	data: {
+		id: 'key-1',
+		name: 'Deploy Key',
+		key: 'snz_abc123xyz456secret',
+		expiresAt: 0,
+		lastObservedAt: null,
+	},
+};
+
+function renderModal(): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter
+			searchParams={{ account: 'sa-1', 'add-key': 'true' }}
+			hasMemory
+		>
+			<AddKeyModal />
+		</NuqsTestingAdapter>,
+	);
+}
+
+describe('AddKeyModal', () => {
+	beforeAll(() => {
+		Object.defineProperty(navigator, 'clipboard', {
+			value: { writeText: jest.fn().mockResolvedValue(undefined) },
+			configurable: true,
+			writable: true,
+		});
+	});
+
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.post(SA_KEYS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(201), ctx.json(createdKeyResponse)),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('"Create Key" is disabled when name is empty; enabled after typing a name', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		expect(screen.getByRole('button', { name: /Create Key/i })).toBeDisabled();
+
+		await user.type(screen.getByPlaceholderText(/Enter key name/i), 'My Key');
+
+		await waitFor(() =>
+			expect(
+				screen.getByRole('button', { name: /Create Key/i }),
+			).not.toBeDisabled(),
+		);
+	});
+
+	it('successful creation transitions to phase 2 with key displayed and security callout', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await user.type(screen.getByPlaceholderText(/Enter key name/i), 'Deploy Key');
+		await waitFor(() =>
+			expect(
+				screen.getByRole('button', { name: /Create Key/i }),
+			).not.toBeDisabled(),
+		);
+		await user.click(screen.getByRole('button', { name: /Create Key/i }));
+
+		await screen.findByText('snz_abc123xyz456secret');
+		expect(screen.getByText(/Store the key securely/i)).toBeInTheDocument();
+		await screen.findByRole('dialog', { name: /Key Created Successfully/i });
+	});
+
+	it('copy button writes key to clipboard and shows toast.success', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const writeTextSpy = jest
+			.spyOn(navigator.clipboard, 'writeText')
+			.mockResolvedValue(undefined);
+
+		renderModal();
+
+		await user.type(screen.getByPlaceholderText(/Enter key name/i), 'Deploy Key');
+		await waitFor(() =>
+			expect(
+				screen.getByRole('button', { name: /Create Key/i }),
+			).not.toBeDisabled(),
+		);
+		await user.click(screen.getByRole('button', { name: /Create Key/i }));
+
+		await screen.findByText('snz_abc123xyz456secret');
+
+		const copyBtn = screen
+			.getAllByRole('button')
+			.find((btn) => btn.querySelector('svg'));
+		if (!copyBtn) {
+			throw new Error('Copy button not found');
+		}
+		await user.click(copyBtn);
+
+		await waitFor(() => {
+			expect(writeTextSpy).toHaveBeenCalledWith('snz_abc123xyz456secret');
+			expect(mockToast.success).toHaveBeenCalledWith(
+				'Key copied to clipboard',
+				expect.anything(),
+			);
+		});
+
+		writeTextSpy.mockRestore();
+	});
+
+	it('Cancel button closes the modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await screen.findByRole('dialog', { name: /Add a New Key/i });
+		await user.click(screen.getByRole('button', { name: /Cancel/i }));
+
+		expect(
+			screen.queryByRole('dialog', { name: /Add a New Key/i }),
+		).not.toBeInTheDocument();
+	});
+});

frontend/src/components/ServiceAccountDrawer/__tests__/EditKeyModal.test.tsx

@@ -0,0 +1,151 @@
+import { toast } from '@signozhq/sonner';
+import type { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import EditKeyModal from '../EditKeyModal';
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+const mockToast = jest.mocked(toast);
+
+const SA_KEY_ENDPOINT = '*/api/v1/service_accounts/sa-1/keys/key-1';
+
+const mockKey: ServiceaccounttypesFactorAPIKeyDTO = {
+	id: 'key-1',
+	name: 'Original Key Name',
+	expiresAt: 0,
+	lastObservedAt: null as any,
+	key: 'snz_abc123',
+	serviceAccountId: 'sa-1',
+};
+
+function renderModal(
+	keyItem: ServiceaccounttypesFactorAPIKeyDTO | null = mockKey,
+	searchParams: Record<string, string> = {
+		account: 'sa-1',
+		'edit-key': 'key-1',
+	},
+): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter searchParams={searchParams} hasMemory>
+			<EditKeyModal keyItem={keyItem} />
+		</NuqsTestingAdapter>,
+	);
+}
+
+describe('EditKeyModal (URL-controlled)', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.put(SA_KEY_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.delete(SA_KEY_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('renders nothing when edit-key param is absent', () => {
+		renderModal(null, { account: 'sa-1' });
+
+		expect(
+			screen.queryByRole('dialog', { name: /Edit Key Details/i }),
+		).not.toBeInTheDocument();
+	});
+
+	it('renders key data from prop when edit-key param is set', async () => {
+		renderModal();
+
+		expect(
+			await screen.findByDisplayValue('Original Key Name'),
+		).toBeInTheDocument();
+		expect(screen.getByRole('button', { name: /Save Changes/i })).toBeDisabled();
+	});
+
+	it('save calls update API, shows toast, and closes modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		const nameInput = await screen.findByPlaceholderText(/Enter key name/i);
+		await user.clear(nameInput);
+		await user.type(nameInput, 'Updated Key Name');
+
+		await user.click(screen.getByRole('button', { name: /Save Changes/i }));
+
+		await waitFor(() => {
+			expect(mockToast.success).toHaveBeenCalledWith(
+				'Key updated successfully',
+				expect.anything(),
+			);
+		});
+
+		await waitFor(() => {
+			expect(
+				screen.queryByRole('dialog', { name: /Edit Key Details/i }),
+			).not.toBeInTheDocument();
+		});
+	});
+
+	it('cancel clears edit-key param and closes modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await screen.findByDisplayValue('Original Key Name');
+		await user.click(screen.getByRole('button', { name: /Cancel/i }));
+
+		expect(
+			screen.queryByRole('dialog', { name: /Edit Key Details/i }),
+		).not.toBeInTheDocument();
+	});
+
+	it('revoke flow: clicking Revoke Key shows confirmation inside same dialog', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await screen.findByDisplayValue('Original Key Name');
+		await user.click(screen.getByRole('button', { name: /Revoke Key/i }));
+
+		// Same dialog, now showing revoke confirmation
+		expect(
+			await screen.findByRole('dialog', { name: /Revoke Original Key Name/i }),
+		).toBeInTheDocument();
+		expect(
+			screen.getByText(/Revoking this key will permanently invalidate it/i),
+		).toBeInTheDocument();
+	});
+
+	it('revoke flow: confirming revoke shows toast and closes modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		renderModal();
+
+		await screen.findByDisplayValue('Original Key Name');
+		await user.click(screen.getByRole('button', { name: /Revoke Key/i }));
+
+		const confirmBtn = await screen.findByRole('button', {
+			name: /^Revoke Key$/i,
+		});
+		await user.click(confirmBtn);
+
+		await waitFor(() => {
+			expect(mockToast.success).toHaveBeenCalledWith(
+				'Key revoked successfully',
+				expect.anything(),
+			);
+		});
+
+		await waitFor(() => {
+			expect(
+				screen.queryByRole('dialog', { name: /Edit Key Details/i }),
+			).not.toBeInTheDocument();
+		});
+	});
+});

frontend/src/components/ServiceAccountDrawer/__tests__/KeysTab.test.tsx

@@ -0,0 +1,183 @@
+import { toast } from '@signozhq/sonner';
+import { ServiceaccounttypesFactorAPIKeyDTO } from 'api/generated/services/sigNoz.schemas';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import KeysTab from '../KeysTab';
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+const mockToast = jest.mocked(toast);
+
+const SA_KEY_ENDPOINT = '*/api/v1/service_accounts/sa-1/keys/:fid';
+
+const keys: ServiceaccounttypesFactorAPIKeyDTO[] = [
+	{
+		id: 'key-1',
+		name: 'Production Key',
+		expiresAt: 0,
+		lastObservedAt: null as any,
+		key: 'snz_prod_123',
+		serviceAccountId: 'sa-1',
+	},
+	{
+		id: 'key-2',
+		name: 'Staging Key',
+		expiresAt: 1924905600, // 2030-12-31
+		lastObservedAt: new Date('2026-03-10T10:00:00Z'),
+		key: 'snz_stag_456',
+		serviceAccountId: 'sa-1',
+	},
+];
+
+const defaultProps = {
+	keys,
+	isLoading: false,
+	isDisabled: false,
+	currentPage: 1,
+	pageSize: 10,
+};
+
+function renderKeysTab(
+	props: Partial<typeof defaultProps> = {},
+	searchParams: Record<string, string> = { account: 'sa-1' },
+): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter searchParams={searchParams} hasMemory>
+			<KeysTab {...defaultProps} {...props} />
+		</NuqsTestingAdapter>,
+	);
+}
+
+describe('KeysTab', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.delete(SA_KEY_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('renders loading state', () => {
+		renderKeysTab({ isLoading: true });
+		expect(document.querySelector('.ant-skeleton')).toBeInTheDocument();
+	});
+
+	it('renders empty state when no keys and clicking add sets add-key param', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const onUrlUpdate = jest.fn();
+		render(
+			<NuqsTestingAdapter
+				searchParams={{ account: 'sa-1' }}
+				onUrlUpdate={onUrlUpdate}
+			>
+				<KeysTab {...defaultProps} keys={[]} />
+			</NuqsTestingAdapter>,
+		);
+
+		expect(
+			screen.getByText(/No keys. Start by creating one./i),
+		).toBeInTheDocument();
+		const addBtn = screen.getByRole('button', { name: /\+ Add your first key/i });
+		await user.click(addBtn);
+		expect(onUrlUpdate).toHaveBeenCalledWith(
+			expect.objectContaining({
+				queryString: expect.stringContaining('add-key=true'),
+			}),
+		);
+	});
+
+	it('renders table with keys', () => {
+		renderKeysTab();
+
+		expect(screen.getByText('Production Key')).toBeInTheDocument();
+		expect(screen.getByText('Staging Key')).toBeInTheDocument();
+		expect(screen.getByText('Never')).toBeInTheDocument();
+		expect(screen.getByText('Dec 31, 2030')).toBeInTheDocument();
+	});
+
+	it('clicking a row sets the edit-key URL param', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const onUrlUpdate = jest.fn();
+
+		render(
+			<NuqsTestingAdapter onUrlUpdate={onUrlUpdate}>
+				<KeysTab {...defaultProps} />
+			</NuqsTestingAdapter>,
+		);
+
+		const row = screen.getByText('Production Key').closest('tr');
+		if (!row) {
+			throw new Error('Row not found');
+		}
+
+		await user.click(row);
+
+		expect(onUrlUpdate).toHaveBeenCalledWith(
+			expect.objectContaining({
+				queryString: expect.stringContaining('edit-key=key-1'),
+			}),
+		);
+	});
+
+	it('clicking revoke icon sets revoke-key URL param', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const onUrlUpdate = jest.fn();
+
+		render(
+			<NuqsTestingAdapter onUrlUpdate={onUrlUpdate}>
+				<KeysTab {...defaultProps} />
+			</NuqsTestingAdapter>,
+		);
+
+		const revokeBtns = screen
+			.getAllByRole('button')
+			.filter((btn) => btn.className.includes('keys-tab__revoke-btn'));
+		await user.click(revokeBtns[0]);
+
+		expect(onUrlUpdate).toHaveBeenCalledWith(
+			expect.objectContaining({
+				queryString: expect.stringContaining('revoke-key=key-1'),
+			}),
+		);
+	});
+
+	it('handles successful key revocation via RevokeKeyModal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderKeysTab();
+
+		// Seed the keys cache so RevokeKeyModal can read the key name
+		const revokeBtns = screen
+			.getAllByRole('button')
+			.filter((btn) => btn.className.includes('keys-tab__revoke-btn'));
+		await user.click(revokeBtns[0]);
+
+		const confirmBtn = await screen.findByRole('button', { name: /Revoke Key/i });
+		await user.click(confirmBtn);
+
+		await waitFor(() => {
+			expect(mockToast.success).toHaveBeenCalledWith(
+				'Key revoked successfully',
+				expect.anything(),
+			);
+		});
+	});
+
+	it('disables actions when isDisabled is true', () => {
+		renderKeysTab({ isDisabled: true });
+
+		const revokeBtns = screen
+			.getAllByRole('button')
+			.filter((btn) => btn.className.includes('keys-tab__revoke-btn'));
+		revokeBtns.forEach((btn) => expect(btn).toBeDisabled());
+	});
+});

frontend/src/components/ServiceAccountDrawer/__tests__/ServiceAccountDrawer.test.tsx

@@ -0,0 +1,246 @@
+import type { ReactNode } from 'react';
+import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent, waitFor } from 'tests/test-utils';
+
+import ServiceAccountDrawer from '../ServiceAccountDrawer';
+
+jest.mock('@signozhq/drawer', () => ({
+	DrawerWrapper: ({
+		content,
+		open,
+	}: {
+		content?: ReactNode;
+		open: boolean;
+	}): JSX.Element | null => (open ? <div>{content}</div> : null),
+}));
+
+jest.mock('@signozhq/sonner', () => ({
+	toast: { success: jest.fn(), error: jest.fn() },
+}));
+
+const ROLES_ENDPOINT = '*/api/v1/roles';
+const SA_KEYS_ENDPOINT = '*/api/v1/service_accounts/:id/keys';
+const SA_ENDPOINT = '*/api/v1/service_accounts/sa-1';
+const SA_STATUS_ENDPOINT = '*/api/v1/service_accounts/sa-1/status';
+
+const activeAccountResponse = {
+	id: 'sa-1',
+	name: 'CI Bot',
+	email: 'ci-bot@signoz.io',
+	roles: ['signoz-admin'],
+	status: 'ACTIVE',
+	createdAt: '2026-01-01T00:00:00Z',
+	updatedAt: '2026-01-02T00:00:00Z',
+};
+
+const disabledAccountResponse = {
+	...activeAccountResponse,
+	id: 'sa-2',
+	status: 'DISABLED',
+};
+
+function renderDrawer(
+	searchParams: Record<string, string> = { account: 'sa-1' },
+): ReturnType<typeof render> {
+	return render(
+		<NuqsTestingAdapter searchParams={searchParams} hasMemory>
+			<ServiceAccountDrawer onSuccess={jest.fn()} />
+		</NuqsTestingAdapter>,
+	);
+}
+
+describe('ServiceAccountDrawer', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+			rest.get(SA_KEYS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: [] })),
+			),
+			rest.get(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: activeAccountResponse })),
+			),
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+			rest.put(SA_STATUS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('renders Overview tab by default: editable name input, locked email, Save disabled when not dirty', async () => {
+		renderDrawer();
+
+		expect(await screen.findByDisplayValue('CI Bot')).toBeInTheDocument();
+		expect(screen.getByText('ci-bot@signoz.io')).toBeInTheDocument();
+		expect(screen.getByRole('button', { name: /Save Changes/i })).toBeDisabled();
+	});
+
+	it('editing name enables Save; clicking Save sends correct payload and calls onSuccess', async () => {
+		const onSuccess = jest.fn();
+		const updateSpy = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.put(SA_ENDPOINT, async (req, res, ctx) => {
+				updateSpy(await req.json());
+				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
+			}),
+		);
+
+		render(
+			<NuqsTestingAdapter searchParams={{ account: 'sa-1' }} hasMemory>
+				<ServiceAccountDrawer onSuccess={onSuccess} />
+			</NuqsTestingAdapter>,
+		);
+
+		const nameInput = await screen.findByDisplayValue('CI Bot');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'CI Bot Updated');
+
+		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(updateSpy).toHaveBeenCalledWith(
+				expect.objectContaining({
+					name: 'CI Bot Updated',
+					email: 'ci-bot@signoz.io',
+					roles: ['signoz-admin'],
+				}),
+			);
+			expect(onSuccess).toHaveBeenCalledWith({ closeDrawer: false });
+		});
+	});
+
+	it('changing roles enables Save; clicking Save sends updated roles in payload', async () => {
+		const updateSpy = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.put(SA_ENDPOINT, async (req, res, ctx) => {
+				updateSpy(await req.json());
+				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
+			}),
+		);
+
+		renderDrawer();
+
+		await screen.findByDisplayValue('CI Bot');
+
+		await user.click(screen.getByLabelText('Roles'));
+		await user.click(await screen.findByTitle('signoz-viewer'));
+
+		const saveBtn = screen.getByRole('button', { name: /Save Changes/i });
+		await waitFor(() => expect(saveBtn).not.toBeDisabled());
+		await user.click(saveBtn);
+
+		await waitFor(() => {
+			expect(updateSpy).toHaveBeenCalledWith(
+				expect.objectContaining({
+					roles: expect.arrayContaining(['signoz-admin', 'signoz-viewer']),
+				}),
+			);
+		});
+	});
+
+	it('"Disable Service Account" opens confirm dialog; confirming sends correct status payload', async () => {
+		const statusSpy = jest.fn();
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		server.use(
+			rest.put(SA_STATUS_ENDPOINT, async (req, res, ctx) => {
+				statusSpy(await req.json());
+				return res(ctx.status(200), ctx.json({ status: 'success', data: {} }));
+			}),
+		);
+
+		renderDrawer();
+
+		await screen.findByDisplayValue('CI Bot');
+
+		await user.click(
+			screen.getByRole('button', { name: /Disable Service Account/i }),
+		);
+
+		const dialog = await screen.findByRole('dialog', {
+			name: /Disable service account CI Bot/i,
+		});
+		expect(dialog).toBeInTheDocument();
+
+		const confirmBtns = screen.getAllByRole('button', { name: /^Disable$/i });
+		await user.click(confirmBtns[confirmBtns.length - 1]);
+
+		await waitFor(() => {
+			expect(statusSpy).toHaveBeenCalledWith({ status: 'DISABLED' });
+		});
+	});
+
+	it('disabled account shows read-only name, no Save button, no Disable button', async () => {
+		server.use(
+			rest.get('*/api/v1/service_accounts/sa-2', (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: disabledAccountResponse })),
+			),
+			rest.get('*/api/v1/service_accounts/sa-2/keys', (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: [] })),
+			),
+		);
+
+		renderDrawer({ account: 'sa-2' });
+
+		await screen.findByText('CI Bot');
+
+		expect(
+			screen.queryByRole('button', { name: /Save Changes/i }),
+		).not.toBeInTheDocument();
+		expect(
+			screen.queryByRole('button', { name: /Disable Service Account/i }),
+		).not.toBeInTheDocument();
+		expect(screen.queryByDisplayValue('CI Bot')).not.toBeInTheDocument();
+	});
+
+	it('switching to Keys tab shows "No keys" empty state', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		renderDrawer();
+
+		await screen.findByDisplayValue('CI Bot');
+
+		await user.click(screen.getByRole('radio', { name: /Keys/i }));
+
+		await screen.findByText(/No keys/i);
+	});
+
+	it('shows skeleton while loading account data', () => {
+		renderDrawer();
+
+		// Skeleton renders while the fetch is in-flight
+		expect(document.querySelector('.ant-skeleton')).toBeInTheDocument();
+	});
+
+	it('shows error state when account fetch fails', async () => {
+		server.use(
+			rest.get(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(500), ctx.json({ message: 'Server error' })),
+			),
+		);
+
+		renderDrawer();
+
+		expect(
+			await screen.findByText(
+				/An unexpected error occurred while fetching service account details/i,
+			),
+		).toBeInTheDocument();
+	});
+});

frontend/src/components/ServiceAccountDrawer/utils.ts

@@ -0,0 +1,33 @@
+import { DATE_TIME_FORMATS } from 'constants/dateTimeFormats';
+import type { Dayjs } from 'dayjs';
+import dayjs from 'dayjs';
+
+export enum ServiceAccountDrawerTab {
+	Overview = 'overview',
+	Keys = 'keys',
+}
+
+export function formatLastObservedAt(
+	lastObservedAt: string | Date | null | undefined,
+	formatTimezoneAdjustedTimestamp: (ts: string, format: string) => string,
+): string {
+	if (!lastObservedAt) {
+		return '—';
+	}
+	const str =
+		typeof lastObservedAt === 'string'
+			? lastObservedAt
+			: lastObservedAt.toISOString();
+	// Go zero time means the key has never been used
+	if (str.startsWith('0001-01-01')) {
+		return '—';
+	}
+	const d = new Date(str);
+	if (Number.isNaN(d.getTime())) {
+		return '—';
+	}
+	return formatTimezoneAdjustedTimestamp(str, DATE_TIME_FORMATS.DASH_DATETIME);
+}
+
+export const disabledDate = (current: Dayjs): boolean =>
+	!!current && current < dayjs().startOf('day');

frontend/src/components/ServiceAccountsTable/ServiceAccountsTable.styles.scss

@@ -0,0 +1,218 @@
+.sa-table-wrapper {
+	display: flex;
+	flex-direction: column;
+	flex: 1;
+	min-height: 0;
+	overflow: hidden;
+	border-radius: 4px;
+}
+
+.sa-table {
+	.ant-table {
+		background: transparent;
+		font-size: 13px;
+	}
+
+	.ant-table-container {
+		border-radius: 0 !important;
+		border: none !important;
+	}
+
+	.ant-table-thead {
+		> tr > th,
+		> tr > td {
+			background: var(--background);
+			font-size: var(--paragraph-small-600-font-size);
+			font-weight: var(--paragraph-small-600-font-weight);
+			line-height: var(--paragraph-small-600-line-height);
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+			color: var(--foreground);
+			padding: var(--padding-2) var(--padding-4);
+			border-bottom: none !important;
+			border-top: none !important;
+
+			&::before {
+				display: none !important;
+			}
+		}
+	}
+
+	.ant-table-tbody {
+		> tr > td {
+			border-bottom: none !important;
+			padding: var(--padding-2) var(--padding-4);
+			background: transparent;
+			transition: none;
+		}
+
+		> tr.sa-table-row--tinted > td {
+			background: rgba(171, 189, 255, 0.02);
+		}
+
+		> tr:hover > td {
+			background: rgba(171, 189, 255, 0.04) !important;
+		}
+	}
+
+	.ant-table-wrapper,
+	.ant-table-container,
+	.ant-spin-nested-loading,
+	.ant-spin-container {
+		border: none !important;
+		box-shadow: none !important;
+	}
+
+	.sa-name-column {
+		.ant-table-column-sorters {
+			justify-content: flex-start;
+			gap: var(--spacing-2);
+		}
+
+		.ant-table-column-title {
+			flex: none;
+		}
+	}
+
+	.sa-status-cell {
+		[data-slot='badge'] {
+			padding: var(--padding-1) var(--padding-2);
+			align-items: center;
+			font-size: var(--uppercase-small-500-font-size);
+			font-weight: var(--uppercase-small-500-font-weight);
+			line-height: 100%;
+			letter-spacing: 0.44px;
+			text-transform: uppercase;
+		}
+	}
+}
+
+.sa-name-email-cell {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-2);
+	height: 22px;
+	overflow: hidden;
+
+	.sa-name {
+		font-size: var(--paragraph-base-500-font-size);
+		font-weight: var(--paragraph-base-500-font-weight);
+		color: var(--foreground);
+		line-height: var(--paragraph-base-500-line-height);
+		letter-spacing: -0.07px;
+		white-space: nowrap;
+		flex-shrink: 0;
+	}
+
+	.sa-email {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--l3-foreground-hover);
+		line-height: var(--paragraph-base-400-line-height);
+		letter-spacing: -0.07px;
+		flex: 1 0 0;
+		min-width: 0;
+		overflow: hidden;
+		text-overflow: ellipsis;
+		white-space: nowrap;
+	}
+}
+
+.sa-roles-cell {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-2);
+}
+
+.sa-dash {
+	font-size: var(--paragraph-base-400-font-size);
+	color: var(--l3-foreground-hover);
+}
+
+.sa-empty-state {
+	display: flex;
+	flex-direction: column;
+	align-items: center;
+	justify-content: center;
+	padding: var(--padding-12) var(--padding-4);
+	gap: var(--spacing-4);
+	color: var(--foreground);
+
+	&__emoji {
+		font-size: var(--font-size-2xl);
+		line-height: 1;
+	}
+
+	&__text {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--foreground);
+		margin: 0;
+		line-height: var(--paragraph-base-400-line-height);
+
+		strong {
+			font-weight: var(--font-weight-medium);
+			color: var(--bg-base-white);
+		}
+	}
+}
+
+.sa-table-pagination {
+	display: flex;
+	align-items: center;
+	justify-content: flex-end;
+	padding: var(--padding-2) var(--padding-4);
+
+	.ant-pagination-total-text {
+		margin-right: auto;
+	}
+
+	.sa-pagination-range {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+	}
+
+	.sa-pagination-total {
+		font-size: var(--font-size-xs);
+		color: var(--foreground);
+		opacity: 0.5;
+	}
+}
+
+.sa-tooltip {
+	.ant-tooltip-inner {
+		background-color: var(--bg-slate-500);
+		color: var(--foreground);
+		font-size: var(--font-size-xs);
+		line-height: normal;
+		padding: var(--padding-2) var(--padding-3);
+		border-radius: 4px;
+		text-align: left;
+	}
+
+	.ant-tooltip-arrow-content {
+		background-color: var(--bg-slate-500);
+	}
+}
+
+.lightMode {
+	.sa-table {
+		.ant-table-tbody {
+			> tr.sa-table-row--tinted > td {
+				background: rgba(0, 0, 0, 0.015);
+			}
+
+			> tr:hover > td {
+				background: rgba(0, 0, 0, 0.03) !important;
+			}
+		}
+	}
+
+	.sa-empty-state {
+		&__text {
+			strong {
+				color: var(--bg-base-black);
+			}
+		}
+	}
+}

frontend/src/components/ServiceAccountsTable/ServiceAccountsTable.tsx

@@ -0,0 +1,95 @@
+import React from 'react';
+import { Table } from 'antd';
+import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
+import { parseAsInteger, parseAsString, useQueryState } from 'nuqs';
+
+import {
+	columns,
+	ServiceAccountsEmptyState,
+	showPaginationTotal,
+} from './utils';
+
+import './ServiceAccountsTable.styles.scss';
+
+export const PAGE_SIZE = 20;
+
+interface ServiceAccountsTableProps {
+	data: ServiceAccountRow[];
+	loading: boolean;
+	onRowClick?: (row: ServiceAccountRow) => void;
+}
+
+function ServiceAccountsTable({
+	data,
+	loading,
+	onRowClick,
+}: ServiceAccountsTableProps): JSX.Element {
+	const [currentPage, setPage] = useQueryState(
+		'page',
+		parseAsInteger.withDefault(1),
+	);
+	const [searchQuery] = useQueryState('search', parseAsString.withDefault(''));
+
+	return (
+		<div className="sa-table-wrapper">
+			{/* Todo: use new table component from periscope when ready */}
+			<Table<ServiceAccountRow>
+				columns={columns}
+				dataSource={data}
+				rowKey="id"
+				loading={loading}
+				pagination={
+					data.length > PAGE_SIZE
+						? {
+								current: currentPage,
+								pageSize: PAGE_SIZE,
+								total: data.length,
+								showTotal: showPaginationTotal,
+								showSizeChanger: false,
+								onChange: (page: number): void => void setPage(page),
+								className: 'sa-table-pagination',
+						  }
+						: false
+				}
+				rowClassName={(_, index): string =>
+					index % 2 === 0 ? 'sa-table-row--tinted' : ''
+				}
+				showSorterTooltip={false}
+				locale={{
+					emptyText: <ServiceAccountsEmptyState searchQuery={searchQuery} />,
+				}}
+				className="sa-table"
+				onRow={(
+					record,
+				): {
+					onClick?: () => void;
+					onKeyDown?: (e: React.KeyboardEvent<HTMLElement>) => void;
+					style?: React.CSSProperties;
+					tabIndex?: number;
+					role?: string;
+					'aria-label'?: string;
+				} => {
+					if (!onRowClick) {
+						return {};
+					}
+
+					return {
+						onClick: (): void => onRowClick(record),
+						onKeyDown: (e: React.KeyboardEvent<HTMLElement>): void => {
+							if (e.key === 'Enter' || e.key === ' ') {
+								e.preventDefault();
+								onRowClick(record);
+							}
+						},
+						style: { cursor: 'pointer' },
+						tabIndex: 0,
+						role: 'button',
+						'aria-label': `View service account ${record.name || record.email}`,
+					};
+				}}
+			/>
+		</div>
+	);
+}
+
+export default ServiceAccountsTable;

frontend/src/components/ServiceAccountsTable/__tests__/ServiceAccountsTable.test.tsx

@@ -0,0 +1,96 @@
+import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent } from 'tests/test-utils';
+
+import ServiceAccountsTable from '../ServiceAccountsTable';
+
+const mockActiveAccount: ServiceAccountRow = {
+	id: 'sa-1',
+	name: 'CI Bot',
+	email: 'ci-bot@signoz.io',
+	roles: ['signoz-admin'],
+	status: 'ACTIVE',
+	createdAt: '2026-01-01T00:00:00Z',
+	updatedAt: '2026-01-02T00:00:00Z',
+};
+
+const mockDisabledAccount: ServiceAccountRow = {
+	id: 'sa-2',
+	name: 'Legacy Bot',
+	email: 'legacy@signoz.io',
+	roles: ['signoz-viewer', 'signoz-editor', 'billing-manager'],
+	status: 'DISABLED',
+	createdAt: '2025-06-01T00:00:00Z',
+	updatedAt: '2025-12-01T00:00:00Z',
+};
+
+const defaultProps = {
+	loading: false,
+	onRowClick: jest.fn(),
+};
+
+describe('ServiceAccountsTable', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+	});
+
+	it('renders name, email, role badge, and ACTIVE status badge', () => {
+		render(<ServiceAccountsTable {...defaultProps} data={[mockActiveAccount]} />);
+
+		expect(screen.getByText('CI Bot')).toBeInTheDocument();
+		expect(screen.getByText('ci-bot@signoz.io')).toBeInTheDocument();
+		expect(screen.getByText('signoz-admin')).toBeInTheDocument();
+		expect(screen.getByText('ACTIVE')).toBeInTheDocument();
+	});
+
+	it('shows DISABLED badge and +2 overflow badge for multi-role accounts', () => {
+		render(
+			<ServiceAccountsTable {...defaultProps} data={[mockDisabledAccount]} />,
+		);
+
+		expect(screen.getByText('DISABLED')).toBeInTheDocument();
+		expect(screen.getByText('signoz-viewer')).toBeInTheDocument();
+		expect(screen.getByText('+2')).toBeInTheDocument();
+	});
+
+	it('calls onRowClick with the correct account when a row is clicked', async () => {
+		const onRowClick = jest.fn() as jest.MockedFunction<
+			(row: ServiceAccountRow) => void
+		>;
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<ServiceAccountsTable
+				{...defaultProps}
+				data={[mockActiveAccount]}
+				onRowClick={onRowClick}
+			/>,
+		);
+
+		await user.click(
+			screen.getByRole('button', { name: /View service account CI Bot/i }),
+		);
+
+		expect(onRowClick).toHaveBeenCalledTimes(1);
+		expect(onRowClick).toHaveBeenCalledWith(
+			expect.objectContaining({ id: 'sa-1', email: 'ci-bot@signoz.io' }),
+		);
+	});
+
+	it('shows "No service accounts" empty state when data is empty and no search query', () => {
+		render(<ServiceAccountsTable {...defaultProps} data={[]} />);
+
+		expect(screen.getByText(/No service accounts/i)).toBeInTheDocument();
+	});
+
+	it('shows "No results for {query}" empty state when search is active', () => {
+		render(
+			<NuqsTestingAdapter searchParams={{ search: 'ghost' }}>
+				<ServiceAccountsTable {...defaultProps} data={[]} />
+			</NuqsTestingAdapter>,
+		);
+
+		expect(screen.getByText(/No results for/i)).toBeInTheDocument();
+		expect(screen.getByText('ghost')).toBeInTheDocument();
+	});
+});

frontend/src/components/ServiceAccountsTable/utils.tsx

@@ -0,0 +1,133 @@
+import { Badge } from '@signozhq/badge';
+import { Tooltip } from 'antd';
+import type { ColumnsType } from 'antd/es/table/interface';
+import { ServiceAccountRow } from 'container/ServiceAccountsSettings/utils';
+
+export function NameEmailCell({
+	name,
+	email,
+}: {
+	name: string;
+	email: string;
+}): JSX.Element {
+	return (
+		<div className="sa-name-email-cell">
+			{name && (
+				<span className="sa-name" title={name}>
+					{name}
+				</span>
+			)}
+			<Tooltip title={email} overlayClassName="sa-tooltip">
+				<span className="sa-email">{email}</span>
+			</Tooltip>
+		</div>
+	);
+}
+
+export function RolesCell({ roles }: { roles: string[] }): JSX.Element {
+	if (!roles || roles.length === 0) {
+		return <span className="sa-dash">—</span>;
+	}
+	const first = roles[0];
+	const overflow = roles.length - 1;
+	const tooltipContent = roles.slice(1).join(', ');
+
+	return (
+		<div className="sa-roles-cell">
+			<Badge color="vanilla">{first}</Badge>
+			{overflow > 0 && (
+				<Tooltip
+					title={tooltipContent}
+					overlayClassName="sa-tooltip"
+					overlayStyle={{ maxWidth: '600px' }}
+				>
+					<Badge color="vanilla" variant="outline" className="sa-status-badge">
+						+{overflow}
+					</Badge>
+				</Tooltip>
+			)}
+		</div>
+	);
+}
+
+export function StatusBadge({ status }: { status: string }): JSX.Element {
+	if (status?.toUpperCase() === 'ACTIVE') {
+		return (
+			<Badge color="forest" variant="outline">
+				ACTIVE
+			</Badge>
+		);
+	}
+	return (
+		<Badge color="vanilla" variant="outline" className="sa-status-badge">
+			DISABLED
+		</Badge>
+	);
+}
+
+export function ServiceAccountsEmptyState({
+	searchQuery,
+}: {
+	searchQuery: string;
+}): JSX.Element {
+	return (
+		<div className="sa-empty-state">
+			<span className="sa-empty-state__emoji" role="img" aria-label="monocle face">
+				🧐
+			</span>
+			{searchQuery ? (
+				<p className="sa-empty-state__text">
+					No results for <strong>{searchQuery}</strong>
+				</p>
+			) : (
+				<p className="sa-empty-state__text">
+					No service accounts. Start by creating one to manage keys.
+				</p>
+			)}
+		</div>
+	);
+}
+
+export const columns: ColumnsType<ServiceAccountRow> = [
+	{
+		title: 'Name / Email',
+		dataIndex: 'name',
+		key: 'name',
+		className: 'sa-name-column',
+		sorter: (a, b): number => a.email.localeCompare(b.email),
+		render: (_, record): JSX.Element => (
+			<NameEmailCell name={record.name} email={record.email} />
+		),
+	},
+	{
+		title: 'Roles',
+		dataIndex: 'roles',
+		key: 'roles',
+		width: 420,
+		render: (roles: string[]): JSX.Element => <RolesCell roles={roles} />,
+	},
+	{
+		title: 'Status',
+		dataIndex: 'status',
+		key: 'status',
+		width: 120,
+		align: 'right' as const,
+		className: 'sa-status-cell',
+		sorter: (a, b): number =>
+			(a.status?.toUpperCase() === 'ACTIVE' ? 0 : 1) -
+			(b.status?.toUpperCase() === 'ACTIVE' ? 0 : 1),
+		render: (status: string): JSX.Element => <StatusBadge status={status} />,
+	},
+];
+
+export const showPaginationTotal = (
+	_total: number,
+	range: number[],
+): JSX.Element => (
+	<>
+		<span className="sa-pagination-range">
+			{range[0]} &#8212; {range[1]}
+		</span>
+		<span className="sa-pagination-total"> of {_total}</span>
+	</>
+);

frontend/src/constants/localStorage.ts

@@ -35,4 +35,5 @@ export enum LOCALSTORAGE {
 	LAST_USED_CUSTOM_TIME_RANGES = 'LAST_USED_CUSTOM_TIME_RANGES',
 	SHOW_FREQUENCY_CHART = 'SHOW_FREQUENCY_CHART',
 	DISSMISSED_COST_METER_INFO = 'DISMISSED_COST_METER_INFO',
+	DISMISSED_API_KEYS_DEPRECATION_BANNER = 'DISMISSED_API_KEYS_DEPRECATION_BANNER',
 }

frontend/src/constants/routes.ts

@@ -86,6 +86,7 @@ const ROUTES = {
 	METER_EXPLORER_VIEWS: '/meter/explorer/views',
 	HOME_PAGE: '/',
 	PUBLIC_DASHBOARD: '/public/dashboard/:dashboardId',
+	SERVICE_ACCOUNTS_SETTINGS: '/settings/service-accounts',
 } as const;
 
 export default ROUTES;

frontend/src/container/Home/Home.tsx

@@ -6,13 +6,16 @@ import { Button, Popover } from 'antd';
 import logEvent from 'api/common/logEvent';
 import listUserPreferences from 'api/v1/user/preferences/list';
 import updateUserPreferenceAPI from 'api/v1/user/preferences/name/update';
+import { PersistedAnnouncementBanner } from 'components/AnnouncementBanner';
 import Header from 'components/Header/Header';
 import { ENTITY_VERSION_V5 } from 'constants/app';
+import { LOCALSTORAGE } from 'constants/localStorage';
 import { ORG_PREFERENCES } from 'constants/orgPreferences';
 import { initialQueriesMap, PANEL_TYPES } from 'constants/queryBuilder';
 import { REACT_QUERY_KEY } from 'constants/reactQueryKeys';
 import ROUTES from 'constants/routes';
 import { getMetricsListQuery } from 'container/MetricsExplorer/Summary/utils';
+import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { useGetMetricsList } from 'hooks/metricsExplorer/useGetMetricsList';
 import { useGetQueryRange } from 'hooks/queryBuilder/useGetQueryRange';
 import { useIsDarkMode } from 'hooks/useDarkMode';
@@ -291,6 +294,24 @@ export default function Home(): JSX.Element {
 
 	return (
 		<div className="home-container">
+			{IS_SERVICE_ACCOUNTS_ENABLED && (
+				<PersistedAnnouncementBanner
+					type="warning"
+					storageKey={LOCALSTORAGE.DISMISSED_API_KEYS_DEPRECATION_BANNER}
+					message={
+						<>
+							<strong>API Keys</strong> have been deprecated and replaced by{' '}
+							<strong>Service Accounts</strong>. Please migrate to Service Accounts for
+							programmatic API access.
+						</>
+					}
+					action={{
+						label: 'Go to Service Accounts',
+						onClick: (): void => history.push(ROUTES.SERVICE_ACCOUNTS_SETTINGS),
+					}}
+				/>
+			)}
+
 			<div className="sticky-header">
 				<Header
 					leftComponent={

frontend/src/container/MembersSettings/MembersSettings.tsx

@@ -13,6 +13,7 @@ import InviteMembersModal from 'components/InviteMembersModal/InviteMembersModal
 import MembersTable, { MemberRow } from 'components/MembersTable/MembersTable';
 import useUrlQuery from 'hooks/useUrlQuery';
 import { useAppContext } from 'providers/App/App';
+import { toISOString } from 'utils/app';
 
 import { FilterMode, INVITE_PREFIX, MemberStatus } from './utils';
 
@@ -61,8 +62,8 @@ function MembersSettings(): JSX.Element {
 			email: user.email,
 			role: user.role,
 			status: MemberStatus.Active,
-			joinedOn: user.createdAt ? String(user.createdAt) : null,
-			updatedAt: user?.updatedAt ? String(user.updatedAt) : null,
+			joinedOn: toISOString(user.createdAt),
+			updatedAt: toISOString(user?.updatedAt),
 		}));
 
 		const pendingInvites: MemberRow[] = (invitesData?.data ?? []).map(
@@ -72,7 +73,7 @@ function MembersSettings(): JSX.Element {
 				email: invite.email,
 				role: invite.role,
 				status: MemberStatus.Invited,
-				joinedOn: invite.createdAt ? String(invite.createdAt) : null,
+				joinedOn: toISOString(invite.createdAt),
 				token: invite.token ?? null,
 			}),
 		);
@@ -122,6 +123,9 @@ function MembersSettings(): JSX.Element {
 		if (currentPage > maxPage) {
 			setPage(maxPage);
 		}
+		if (currentPage < 1) {
+			setPage(1);
+		}
 	}, [filteredMembers.length, currentPage, setPage]);
 
 	const pendingCount = invitesData?.data?.length ?? 0;
@@ -209,6 +213,7 @@ function MembersSettings(): JSX.Element {
 
 					<div className="members-settings__search">
 						<Input
+							type="search"
 							placeholder="Search by name, email, or role..."
 							value={searchQuery}
 							onChange={(e): void => {
@@ -217,6 +222,7 @@ function MembersSettings(): JSX.Element {
 							}}
 							className="members-search-input"
 							color="secondary"
+							name="members-search"
 						/>
 					</div>
 

frontend/src/container/ServiceAccountsSettings/ServiceAccountsSettings.styles.scss

@@ -0,0 +1,134 @@
+.sa-settings {
+	display: flex;
+	flex-direction: column;
+	gap: var(--spacing-8);
+	padding: var(--padding-4) var(--padding-2) var(--padding-6) var(--padding-4);
+	height: 100%;
+
+	&__header {
+		display: flex;
+		flex-direction: column;
+		gap: var(--spacing-2);
+	}
+
+	&__title {
+		font-size: var(--label-large-500-font-size);
+		font-weight: var(--label-large-500-font-weight);
+		color: var(--text-base-white);
+		letter-spacing: -0.09px;
+		line-height: var(--line-height-normal);
+		margin: 0;
+	}
+
+	&__subtitle {
+		font-size: var(--paragraph-base-400-font-size);
+		font-weight: var(--paragraph-base-400-font-weight);
+		color: var(--foreground);
+		letter-spacing: -0.07px;
+		line-height: var(--paragraph-base-400-line-height);
+		margin: 0;
+	}
+
+	&__learn-more {
+		color: var(--primary);
+		text-decoration: none;
+
+		&:hover {
+			text-decoration: underline;
+		}
+	}
+
+	&__controls {
+		display: flex;
+		align-items: center;
+		gap: var(--spacing-4);
+	}
+
+	&__search {
+		flex: 1;
+		min-width: 0;
+	}
+}
+
+.sa-status-badge {
+	color: var(--l3-foreground);
+	border-color: var(--border);
+}
+
+.sa-settings-filter-trigger {
+	display: flex;
+	align-items: center;
+	gap: var(--spacing-2);
+	border: 1px solid var(--border);
+	border-radius: 2px;
+	background-color: var(--l2-background);
+
+	> span {
+		color: var(--foreground);
+	}
+
+	&__chevron {
+		flex-shrink: 0;
+		color: var(--foreground);
+	}
+}
+
+.sa-settings-filter-dropdown {
+	.ant-dropdown-menu {
+		padding: var(--padding-3) 14px;
+		border-radius: 4px;
+		border: 1px solid var(--border);
+		background: var(--l2-background);
+		backdrop-filter: blur(20px);
+	}
+
+	.ant-dropdown-menu-item {
+		background: transparent !important;
+		padding: var(--padding-1) 0 !important;
+
+		&:hover {
+			background: transparent !important;
+		}
+	}
+}
+
+.sa-settings-filter-option {
+	display: flex;
+	align-items: center;
+	justify-content: space-between;
+	font-size: var(--paragraph-base-400-font-size);
+	font-weight: var(--paragraph-base-400-font-weight);
+	color: var(--foreground);
+	letter-spacing: 0.14px;
+	min-width: 170px;
+
+	&:hover {
+		color: var(--card-foreground);
+		background: transparent;
+	}
+}
+
+.sa-settings-search-input {
+	height: 32px;
+	color: var(--l1-foreground);
+	background-color: var(--l2-background);
+	border-color: var(--border);
+
+	&::placeholder {
+		color: var(--l3-foreground);
+	}
+}
+
+.lightMode {
+	.sa-settings {
+		&__title {
+			color: var(--text-base-black);
+		}
+	}
+
+	.sa-settings-filter-option {
+		&:hover {
+			color: var(--bg-neutral-light-100);
+		}
+	}
+}

frontend/src/container/ServiceAccountsSettings/ServiceAccountsSettings.tsx

@@ -0,0 +1,306 @@
+import { useCallback, useEffect, useMemo } from 'react';
+import { useQueryClient } from 'react-query';
+import { Button } from '@signozhq/button';
+import { Check, ChevronDown, Plus } from '@signozhq/icons';
+import { Input } from '@signozhq/input';
+import type { MenuProps } from 'antd';
+import { Dropdown } from 'antd';
+import {
+	getGetServiceAccountQueryKey,
+	useListServiceAccounts,
+} from 'api/generated/services/serviceaccount';
+import type {
+	GetServiceAccount200,
+	ListServiceAccounts200,
+} from 'api/generated/services/sigNoz.schemas';
+import CreateServiceAccountModal from 'components/CreateServiceAccountModal/CreateServiceAccountModal';
+import ErrorInPlace from 'components/ErrorInPlace/ErrorInPlace';
+import ServiceAccountDrawer from 'components/ServiceAccountDrawer/ServiceAccountDrawer';
+import ServiceAccountsTable, {
+	PAGE_SIZE,
+} from 'components/ServiceAccountsTable/ServiceAccountsTable';
+import {
+	parseAsBoolean,
+	parseAsInteger,
+	parseAsString,
+	parseAsStringEnum,
+	useQueryState,
+} from 'nuqs';
+import { toAPIError } from 'utils/errorUtils';
+
+import {
+	FilterMode,
+	ServiceAccountRow,
+	ServiceAccountStatus,
+	toServiceAccountRow,
+} from './utils';
+
+import './ServiceAccountsSettings.styles.scss';
+
+function ServiceAccountsSettings(): JSX.Element {
+	const [currentPage, setPage] = useQueryState(
+		'page',
+		parseAsInteger.withDefault(1),
+	);
+	const [searchQuery, setSearchQuery] = useQueryState(
+		'search',
+		parseAsString.withDefault(''),
+	);
+	const [filterMode, setFilterMode] = useQueryState(
+		'filter',
+		parseAsStringEnum<FilterMode>(Object.values(FilterMode)).withDefault(
+			FilterMode.All,
+		),
+	);
+	const [, setSelectedAccountId] = useQueryState('account');
+	const [, setIsCreateModalOpen] = useQueryState(
+		'create-sa',
+		parseAsBoolean.withDefault(false),
+	);
+
+	const queryClient = useQueryClient();
+
+	const seedAccountCache = useCallback(
+		(data: ListServiceAccounts200) => {
+			data.data.forEach((account) => {
+				queryClient.setQueryData<GetServiceAccount200>(
+					getGetServiceAccountQueryKey({ id: account.id }),
+					(old) => old ?? { data: account, status: data.status },
+				);
+			});
+		},
+		[queryClient],
+	);
+
+	const {
+		data: serviceAccountsData,
+		isLoading,
+		isError,
+		error,
+		refetch: handleCreateSuccess,
+	} = useListServiceAccounts({
+		query: { onSuccess: seedAccountCache },
+	});
+
+	const allAccounts = useMemo(
+		(): ServiceAccountRow[] =>
+			(serviceAccountsData?.data ?? []).map(toServiceAccountRow),
+		[serviceAccountsData],
+	);
+
+	const activeCount = useMemo(
+		() =>
+			allAccounts.filter(
+				(a) => a.status?.toUpperCase() === ServiceAccountStatus.Active,
+			).length,
+		[allAccounts],
+	);
+
+	const disabledCount = useMemo(
+		() =>
+			allAccounts.filter(
+				(a) => a.status?.toUpperCase() !== ServiceAccountStatus.Active,
+			).length,
+		[allAccounts],
+	);
+
+	const filteredAccounts = useMemo((): ServiceAccountRow[] => {
+		let result = allAccounts;
+
+		if (filterMode === FilterMode.Active) {
+			result = result.filter(
+				(a) => a.status?.toUpperCase() === ServiceAccountStatus.Active,
+			);
+		} else if (filterMode === FilterMode.Disabled) {
+			result = result.filter(
+				(a) => a.status?.toUpperCase() !== ServiceAccountStatus.Active,
+			);
+		}
+
+		if (searchQuery.trim()) {
+			const q = searchQuery.trim().toLowerCase();
+			result = result.filter(
+				(a) =>
+					a.name?.toLowerCase().includes(q) ||
+					a.email?.toLowerCase().includes(q) ||
+					a.roles?.some((role: string) => role.toLowerCase().includes(q)),
+			);
+		}
+
+		return result;
+	}, [allAccounts, filterMode, searchQuery]);
+
+	useEffect(() => {
+		if (filteredAccounts.length === 0) {
+			return;
+		}
+
+		const maxPage = Math.max(1, Math.ceil(filteredAccounts.length / PAGE_SIZE));
+		if (currentPage > maxPage) {
+			setPage(maxPage);
+		} else if (currentPage < 1) {
+			setPage(1);
+		}
+	}, [filteredAccounts.length, currentPage, setPage]);
+
+	const totalCount = allAccounts.length;
+
+	const filterMenuItems: MenuProps['items'] = [
+		{
+			key: FilterMode.All,
+			label: (
+				<div className="sa-settings-filter-option">
+					<span>All accounts ⎯ {totalCount}</span>
+					{filterMode === FilterMode.All && <Check size={14} />}
+				</div>
+			),
+			onClick: (): void => {
+				setFilterMode(FilterMode.All);
+				setPage(1);
+			},
+		},
+		{
+			key: FilterMode.Active,
+			label: (
+				<div className="sa-settings-filter-option">
+					<span>Active ⎯ {activeCount}</span>
+					{filterMode === FilterMode.Active && <Check size={14} />}
+				</div>
+			),
+			onClick: (): void => {
+				setFilterMode(FilterMode.Active);
+				setPage(1);
+			},
+		},
+		{
+			key: FilterMode.Disabled,
+			label: (
+				<div className="sa-settings-filter-option">
+					<span>Disabled ⎯ {disabledCount}</span>
+					{filterMode === FilterMode.Disabled && <Check size={14} />}
+				</div>
+			),
+			onClick: (): void => {
+				setFilterMode(FilterMode.Disabled);
+				setPage(1);
+			},
+		},
+	];
+
+	function getFilterLabel(): string {
+		switch (filterMode) {
+			case FilterMode.Active:
+				return `Active ⎯ ${activeCount}`;
+			case FilterMode.Disabled:
+				return `Disabled ⎯ ${disabledCount}`;
+			default:
+				return `All accounts ⎯ ${totalCount}`;
+		}
+	}
+	const filterLabel = getFilterLabel();
+
+	const handleRowClick = useCallback(
+		(row: ServiceAccountRow): void => {
+			setSelectedAccountId(row.id);
+		},
+		[setSelectedAccountId],
+	);
+
+	const handleDrawerSuccess = useCallback(
+		(options?: { closeDrawer?: boolean }): void => {
+			if (options?.closeDrawer) {
+				setSelectedAccountId(null);
+			}
+			handleCreateSuccess();
+		},
+		[handleCreateSuccess, setSelectedAccountId],
+	);
+
+	return (
+		<>
+			<div className="sa-settings">
+				<div className="sa-settings__header">
+					<h1 className="sa-settings__title">Service Accounts</h1>
+					<p className="sa-settings__subtitle">
+						Overview of service accounts added to this workspace.{' '}
+						{/* Todo: to add doc links */}
+						{/* <a
+							href="https://signoz.io/docs/service-accounts"
+							target="_blank"
+							rel="noopener noreferrer"
+							className="sa-settings__learn-more"
+						>
+							Learn more
+						</a> */}
+					</p>
+				</div>
+
+				<div className="sa-settings__controls">
+					<Dropdown
+						menu={{ items: filterMenuItems }}
+						trigger={['click']}
+						overlayClassName="sa-settings-filter-dropdown"
+					>
+						<Button
+							variant="solid"
+							size="sm"
+							color="secondary"
+							className="sa-settings-filter-trigger"
+						>
+							<span>{filterLabel}</span>
+							<ChevronDown size={12} className="sa-settings-filter-trigger__chevron" />
+						</Button>
+					</Dropdown>
+
+					<div className="sa-settings__search">
+						<Input
+							type="search"
+							name="service-accounts-search"
+							placeholder="Search by name or email..."
+							value={searchQuery}
+							onChange={(e): void => {
+								setSearchQuery(e.target.value);
+								setPage(1);
+							}}
+							className="sa-settings-search-input"
+							color="secondary"
+						/>
+					</div>
+
+					<Button
+						variant="solid"
+						size="sm"
+						color="primary"
+						onClick={(): void => {
+							void setIsCreateModalOpen(true);
+						}}
+					>
+						<Plus size={12} />
+						New Service Account
+					</Button>
+				</div>
+			</div>
+
+			{isError ? (
+				<ErrorInPlace
+					error={toAPIError(
+						error,
+						'An unexpected error occurred while fetching service accounts.',
+					)}
+				/>
+			) : (
+				<ServiceAccountsTable
+					data={filteredAccounts}
+					loading={isLoading}
+					onRowClick={handleRowClick}
+				/>
+			)}
+
+			<CreateServiceAccountModal />
+
+			<ServiceAccountDrawer onSuccess={handleDrawerSuccess} />
+		</>
+	);
+}
+
+export default ServiceAccountsSettings;

frontend/src/container/ServiceAccountsSettings/__tests__/ServiceAccountsSettings.integration.test.tsx

@@ -0,0 +1,231 @@
+import type { ReactNode } from 'react';
+import { listRolesSuccessResponse } from 'mocks-server/__mockdata__/roles';
+import { rest, server } from 'mocks-server/server';
+import { NuqsTestingAdapter } from 'nuqs/adapters/testing';
+import { render, screen, userEvent } from 'tests/test-utils';
+
+import ServiceAccountsSettings from '../ServiceAccountsSettings';
+
+const SA_LIST_ENDPOINT = '*/api/v1/service_accounts';
+const SA_ENDPOINT = '*/api/v1/service_accounts/:id';
+const SA_KEYS_ENDPOINT = '*/api/v1/service_accounts/:id/keys';
+const ROLES_ENDPOINT = '*/api/v1/roles';
+
+jest.mock('@signozhq/drawer', () => ({
+	DrawerWrapper: ({
+		content,
+		open,
+	}: {
+		content?: ReactNode;
+		open: boolean;
+	}): JSX.Element | null => (open ? <div>{content}</div> : null),
+}));
+
+const mockServiceAccountsAPI = [
+	{
+		id: 'sa-1',
+		name: 'CI Bot',
+		email: 'ci-bot@signoz.io',
+		roles: ['signoz-admin'],
+		status: 'ACTIVE',
+		createdAt: 1700000000,
+		updatedAt: 1700000001,
+	},
+	{
+		id: 'sa-2',
+		name: 'Monitoring Agent',
+		email: 'monitor@signoz.io',
+		roles: ['signoz-viewer'],
+		status: 'ACTIVE',
+		createdAt: 1700000002,
+		updatedAt: 1700000003,
+	},
+	{
+		id: 'sa-3',
+		name: 'Legacy Bot',
+		email: 'legacy@signoz.io',
+		roles: ['signoz-editor'],
+		status: 'DISABLED',
+		createdAt: 1700000004,
+		updatedAt: 1700000005,
+	},
+];
+
+describe('ServiceAccountsSettings (integration)', () => {
+	beforeEach(() => {
+		jest.clearAllMocks();
+		server.use(
+			rest.get(SA_LIST_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: mockServiceAccountsAPI })),
+			),
+			rest.get(SA_ENDPOINT, (req, res, ctx) => {
+				const { id } = req.params as { id: string };
+				const account = mockServiceAccountsAPI.find((a) => a.id === id);
+				return account
+					? res(ctx.status(200), ctx.json({ data: account }))
+					: res(ctx.status(404), ctx.json({ message: 'Not found' }));
+			}),
+			rest.get(SA_KEYS_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ data: [] })),
+			),
+			rest.get(ROLES_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json(listRolesSuccessResponse)),
+			),
+		);
+	});
+
+	afterEach(() => {
+		server.resetHandlers();
+	});
+
+	it('loads and displays all accounts with correct ACTIVE and DISABLED badges', async () => {
+		render(
+			<NuqsTestingAdapter>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await screen.findByText('CI Bot');
+		expect(screen.getByText('Monitoring Agent')).toBeInTheDocument();
+		expect(screen.getByText('legacy@signoz.io')).toBeInTheDocument();
+		expect(screen.getAllByText('ACTIVE')).toHaveLength(2);
+		expect(screen.getByText('DISABLED')).toBeInTheDocument();
+	});
+
+	it('filter dropdown to "Active" hides DISABLED accounts', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<NuqsTestingAdapter>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await screen.findByText('CI Bot');
+
+		await user.click(screen.getByRole('button', { name: /All accounts/i }));
+
+		const activeOption = await screen.findByText(/Active ⎯/i);
+		await user.click(activeOption);
+
+		await screen.findByText('CI Bot');
+		expect(screen.queryByText('Legacy Bot')).not.toBeInTheDocument();
+	});
+
+	it('search by name filters accounts in real-time', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<NuqsTestingAdapter>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await screen.findByText('CI Bot');
+
+		await user.type(
+			screen.getByPlaceholderText(/Search by name or email/i),
+			'legacy',
+		);
+
+		await screen.findByText('Legacy Bot');
+		expect(screen.queryByText('CI Bot')).not.toBeInTheDocument();
+		expect(screen.queryByText('Monitoring Agent')).not.toBeInTheDocument();
+	});
+
+	it('clicking a row opens the drawer with account details visible', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<NuqsTestingAdapter hasMemory>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await user.click(
+			await screen.findByRole('button', {
+				name: /View service account CI Bot/i,
+			}),
+		);
+
+		expect(
+			await screen.findByRole('button', { name: /Disable Service Account/i }),
+		).toBeInTheDocument();
+	});
+
+	it('saving changes in the drawer refetches the list', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+		const listRefetchSpy = jest.fn();
+
+		server.use(
+			rest.get(SA_LIST_ENDPOINT, (_, res, ctx) => {
+				listRefetchSpy();
+				return res(ctx.status(200), ctx.json({ data: mockServiceAccountsAPI }));
+			}),
+			rest.put(SA_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(200), ctx.json({ status: 'success', data: {} })),
+			),
+		);
+
+		render(
+			<NuqsTestingAdapter hasMemory>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await screen.findByText('CI Bot');
+		listRefetchSpy.mockClear();
+
+		await user.click(
+			await screen.findByRole('button', { name: /View service account CI Bot/i }),
+		);
+
+		const nameInput = await screen.findByDisplayValue('CI Bot');
+		await user.clear(nameInput);
+		await user.type(nameInput, 'CI Bot Updated');
+
+		await user.click(screen.getByRole('button', { name: /Save Changes/i }));
+
+		await screen.findByDisplayValue('CI Bot Updated');
+		expect(listRefetchSpy).toHaveBeenCalled();
+	});
+
+	it('"New Service Account" button opens the Create Service Account modal', async () => {
+		const user = userEvent.setup({ pointerEventsCheck: 0 });
+
+		render(
+			<NuqsTestingAdapter>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		await screen.findByText('CI Bot');
+
+		await user.click(
+			screen.getByRole('button', { name: /New Service Account/i }),
+		);
+
+		await screen.findByRole('dialog', { name: /New Service Account/i });
+		expect(screen.getByPlaceholderText('Enter a name')).toBeInTheDocument();
+	});
+
+	it('shows error state when API fails', async () => {
+		server.use(
+			rest.get(SA_LIST_ENDPOINT, (_, res, ctx) =>
+				res(ctx.status(500), ctx.json({ message: 'Internal Server Error' })),
+			),
+		);
+
+		render(
+			<NuqsTestingAdapter>
+				<ServiceAccountsSettings />
+			</NuqsTestingAdapter>,
+		);
+
+		expect(
+			await screen.findByText(
+				/An unexpected error occurred while fetching service accounts/i,
+			),
+		).toBeInTheDocument();
+	});
+});

frontend/src/container/ServiceAccountsSettings/config.ts

@@ -0,0 +1 @@
+export const IS_SERVICE_ACCOUNTS_ENABLED = false;

frontend/src/container/ServiceAccountsSettings/utils.ts

@@ -0,0 +1,37 @@
+import type { ServiceaccounttypesServiceAccountDTO } from 'api/generated/services/sigNoz.schemas';
+import { toISOString } from 'utils/app';
+
+export function toServiceAccountRow(
+	sa: ServiceaccounttypesServiceAccountDTO,
+): ServiceAccountRow {
+	return {
+		id: sa.id,
+		name: sa.name,
+		email: sa.email,
+		roles: sa.roles,
+		status: sa.status,
+		createdAt: toISOString(sa.createdAt),
+		updatedAt: toISOString(sa.updatedAt),
+	};
+}
+
+export enum FilterMode {
+	All = 'all',
+	Active = 'active',
+	Disabled = 'disabled',
+}
+
+export enum ServiceAccountStatus {
+	Active = 'ACTIVE',
+	Disabled = 'DISABLED',
+}
+
+export interface ServiceAccountRow {
+	id: string;
+	name: string;
+	email: string;
+	roles: string[];
+	status: string;
+	createdAt: string | null;
+	updatedAt: string | null;
+}

frontend/src/container/SideNav/menuItems.tsx

@@ -8,6 +8,7 @@ import {
 	BellDot,
 	Binoculars,
 	Book,
+	Bot,
 	Boxes,
 	BugIcon,
 	Building2,
@@ -358,6 +359,13 @@ export const settingsNavSections: SettingsNavSection[] = [
 				isEnabled: false,
 				itemKey: 'members',
 			},
+			{
+				key: ROUTES.SERVICE_ACCOUNTS_SETTINGS,
+				label: 'Service Accounts',
+				icon: <Bot size={16} />,
+				isEnabled: false,
+				itemKey: 'service-accounts',
+			},
 			{
 				key: ROUTES.API_KEYS,
 				label: 'API Keys',

frontend/src/container/TopNav/DateTimeSelectionV2/constants.ts

@@ -154,6 +154,7 @@ export const routesToSkip = [
 	ROUTES.ALL_DASHBOARD,
 	ROUTES.ORG_SETTINGS,
 	ROUTES.MEMBERS_SETTINGS,
+	ROUTES.SERVICE_ACCOUNTS_SETTINGS,
 	ROUTES.INGESTION_SETTINGS,
 	ROUTES.API_KEYS,
 	ROUTES.ERROR_DETAIL,

frontend/src/pages/ServiceAccountsSettings/index.tsx

@@ -0,0 +1 @@
+export { default } from 'container/ServiceAccountsSettings/ServiceAccountsSettings';

frontend/src/pages/Settings/Settings.tsx

@@ -5,6 +5,7 @@ import logEvent from 'api/common/logEvent';
 import RouteTab from 'components/RouteTab';
 import { FeatureKeys } from 'constants/features';
 import ROUTES from 'constants/routes';
+import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { routeConfig } from 'container/SideNav/config';
 import { getQueryString } from 'container/SideNav/helper';
 import { settingsNavSections } from 'container/SideNav/menuItems';
@@ -85,6 +86,8 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.INGESTION_SETTINGS ||
 							item.key === ROUTES.ORG_SETTINGS ||
 							item.key === ROUTES.MEMBERS_SETTINGS ||
+							(IS_SERVICE_ACCOUNTS_ENABLED &&
+								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS) ||
 							item.key === ROUTES.SHORTCUTS
 								? true
 								: item.isEnabled,
@@ -116,6 +119,8 @@ function SettingsPage(): JSX.Element {
 							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.ORG_SETTINGS ||
 							item.key === ROUTES.MEMBERS_SETTINGS ||
+							(IS_SERVICE_ACCOUNTS_ENABLED &&
+								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS) ||
 							item.key === ROUTES.INGESTION_SETTINGS
 								? true
 								: item.isEnabled,
@@ -141,7 +146,9 @@ function SettingsPage(): JSX.Element {
 						isEnabled:
 							item.key === ROUTES.API_KEYS ||
 							item.key === ROUTES.ORG_SETTINGS ||
-							item.key === ROUTES.MEMBERS_SETTINGS
+							item.key === ROUTES.MEMBERS_SETTINGS ||
+							(IS_SERVICE_ACCOUNTS_ENABLED &&
+								item.key === ROUTES.SERVICE_ACCOUNTS_SETTINGS)
 								? true
 								: item.isEnabled,
 					}));

frontend/src/pages/Settings/config.tsx

@@ -17,6 +17,7 @@ import { TFunction } from 'i18next';
 import {
 	Backpack,
 	BellDot,
+	Bot,
 	Building,
 	Cpu,
 	CreditCard,
@@ -30,6 +31,7 @@ import {
 } from 'lucide-react';
 import ChannelsEdit from 'pages/ChannelsEdit';
 import MembersSettings from 'pages/MembersSettings';
+import ServiceAccountsSettings from 'pages/ServiceAccountsSettings';
 import Shortcuts from 'pages/Shortcuts';
 
 export const organizationSettings = (t: TFunction): RouteTabProps['routes'] => [
@@ -203,6 +205,21 @@ export const mySettings = (t: TFunction): RouteTabProps['routes'] => [
 	},
 ];
 
+export const serviceAccountsSettings = (
+	t: TFunction,
+): RouteTabProps['routes'] => [
+	{
+		Component: ServiceAccountsSettings,
+		name: (
+			<div className="periscope-tab">
+				<Bot size={16} /> {t('routes:service_accounts').toString()}
+			</div>
+		),
+		route: ROUTES.SERVICE_ACCOUNTS_SETTINGS,
+		key: ROUTES.SERVICE_ACCOUNTS_SETTINGS,
+	},
+];
+
 export const createAlertChannels = (t: TFunction): RouteTabProps['routes'] => [
 	{
 		Component: (): JSX.Element => (

frontend/src/pages/Settings/utils.ts

@@ -1,4 +1,5 @@
 import { RouteTabProps } from 'components/RouteTab/types';
+import { IS_SERVICE_ACCOUNTS_ENABLED } from 'container/ServiceAccountsSettings/config';
 import { TFunction } from 'i18next';
 import { ROLES, USER_ROLES } from 'types/roles';
 
@@ -17,6 +18,7 @@ import {
 	organizationSettings,
 	roleDetails,
 	rolesSettings,
+	serviceAccountsSettings,
 } from './config';
 
 export const getRoutes = (
@@ -63,6 +65,10 @@ export const getRoutes = (
 
 	if (isAdmin) {
 		settings.push(...apiKeys(t), ...membersSettings(t));
+
+		if (IS_SERVICE_ACCOUNTS_ENABLED) {
+			settings.push(...serviceAccountsSettings(t));
+		}
 	}
 
 	// todo: Sagar - check the condition for role list and details page, to whom we want to serve

frontend/src/utils/app.ts

@@ -1,6 +1,7 @@
 import getLocalStorage from 'api/browser/localstorage/get';
 import { FeatureKeys } from 'constants/features';
 import { SKIP_ONBOARDING } from 'constants/onboarding';
+import dayjs from 'dayjs';
 import { get } from 'lodash-es';
 import { getLocation } from 'utils/getLocation';
 
@@ -73,3 +74,19 @@ export function buildAbsolutePath({
 }
 
 export const EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+export function toISOString(
+	date: Date | string | number | null | undefined,
+): string | null {
+	if (date == null) {
+		return null;
+	}
+
+	const d = dayjs(date);
+
+	if (!d.isValid()) {
+		return null;
+	}
+
+	return d.toISOString();
+}

frontend/src/utils/permission/index.ts

@@ -100,6 +100,7 @@ export const routePermission: Record<keyof typeof ROUTES, ROLES[]> = {
 	ROLES_SETTINGS: ['ADMIN'],
 	ROLE_DETAILS: ['ADMIN'],
 	MEMBERS_SETTINGS: ['ADMIN'],
+	SERVICE_ACCOUNTS_SETTINGS: ['ADMIN'],
 	BILLING: ['ADMIN'],
 	SUPPORT: ['ADMIN', 'EDITOR', 'VIEWER'],
 	SOMETHING_WENT_WRONG: ['ADMIN', 'EDITOR', 'VIEWER'],

frontend/yarn.lock

@@ -16824,6 +16824,11 @@ react-helmet-async@*, react-helmet-async@1.3.0:
     react-fast-compare "^3.2.0"
     shallowequal "^1.1.0"
 
+react-hook-form@7.71.2:
+  version "7.71.2"
+  resolved "https://registry.yarnpkg.com/react-hook-form/-/react-hook-form-7.71.2.tgz#a5f1d2b855be9ecf1af6e74df9b80f54beae7e35"
+  integrity sha512-1CHvcDYzuRUNOflt4MOq3ZM46AronNJtQ1S7tnX6YN4y72qhgiUItpacZUAQ0TyWYci3yz1X+rXaSxiuEm86PA==
+
 react-hooks-testing-library@0.6.0:
   version "0.6.0"
   resolved "https://registry.npmjs.org/react-hooks-testing-library/-/react-hooks-testing-library-0.6.0.tgz"

pkg/http/middleware/authz.go

@@ -42,7 +42,7 @@ func (middleware *AuthZ) ViewAccess(next http.HandlerFunc) http.HandlerFunc {
 		}
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
-		authtype, ok := commentCtx.Map()["identn_provider"]
+		authtype, ok := commentCtx.Map()["auth_type"]
 		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsViewer(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
@@ -94,7 +94,7 @@ func (middleware *AuthZ) EditAccess(next http.HandlerFunc) http.HandlerFunc {
 		}
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
-		authtype, ok := commentCtx.Map()["identn_provider"]
+		authtype, ok := commentCtx.Map()["auth_type"]
 		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsEditor(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)
@@ -145,7 +145,7 @@ func (middleware *AuthZ) AdminAccess(next http.HandlerFunc) http.HandlerFunc {
 		}
 
 		commentCtx := ctxtypes.CommentFromContext(ctx)
-		authtype, ok := commentCtx.Map()["identn_provider"]
+		authtype, ok := commentCtx.Map()["auth_type"]
 		if ok && (authtype == authtypes.IdentNProviderAPIkey.StringValue()) {
 			if err := claims.IsAdmin(); err != nil {
 				middleware.logger.WarnContext(ctx, authzDeniedMessage, "claims", claims)

pkg/identn/apikeyidentn/identn.go

@@ -101,8 +101,13 @@ func (provider *provider) GetIdentity(req *http.Request) (*authtypes.Identity, e
 		return nil, err
 	}
 
-	identity := authtypes.NewIdentity(user.ID, user.OrgID, user.Email, apiKey.Role, provider.Name())
-	return identity, nil
+	identity := authtypes.Identity{
+		UserID: user.ID,
+		Role:   apiKey.Role,
+		Email:  user.Email,
+		OrgID:  user.OrgID,
+	}
+	return &identity, nil
 }
 
 func (provider *provider) Post(ctx context.Context, _ *http.Request, _ authtypes.Claims) {

pkg/modules/cloudintegration/cloudintegration.go

@@ -1,65 +0,0 @@
-package cloudintegration
-
-import (
-	"context"
-	"net/http"
-
-	citypes "github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Module interface {
-	CreateAccount(ctx context.Context, account *citypes.Account) error
-
-	// GetAccount returns cloud integration account
-	GetAccount(ctx context.Context, orgID, accountID valuer.UUID) (*citypes.Account, error)
-
-	// ListAccounts lists accounts where agent is connected
-	ListAccounts(ctx context.Context, orgID valuer.UUID) ([]*citypes.Account, error)
-
-	// UpdateAccount updates the cloud integration account for a specific organization.
-	UpdateAccount(ctx context.Context, account *citypes.Account) error
-
-	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
-
-	// GetConnectionArtifact returns cloud provider specific connection information,
-	// client side handles how this information is shown
-	GetConnectionArtifact(ctx context.Context, account *citypes.Account, req *citypes.ConnectionArtifactRequest) (*citypes.ConnectionArtifact, error)
-
-	// ListServicesMetadata returns the list of services metadata for a cloud provider attached with the integrationID.
-	// This just returns a summary of the service and not the whole service definition
-	ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) ([]*citypes.ServiceMetadata, error)
-
-	// GetService returns service definition details for a serviceID. This returns config and
-	// other details required to show in service details page on web client.
-	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*citypes.Service, error)
-
-	// UpdateService updates cloud integration service
-	UpdateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService) error
-
-	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(ctx context.Context, orgID valuer.UUID, req *citypes.AgentCheckInRequest) (*citypes.AgentCheckInResponse, error)
-
-	// GetDashboardByID returns dashboard JSON for a given dashboard id.
-	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
-	// in the org for any cloud integration account
-	GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error)
-
-	// ListDashboards returns list of dashboards across all connected cloud integration accounts
-	// for enabled services in the org. This list gets added to dashboard list page
-	ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
-}
-
-type Handler interface {
-	GetConnectionArtifact(http.ResponseWriter, *http.Request)
-	ListAccounts(http.ResponseWriter, *http.Request)
-	GetAccount(http.ResponseWriter, *http.Request)
-	UpdateAccount(http.ResponseWriter, *http.Request)
-	DisconnectAccount(http.ResponseWriter, *http.Request)
-	ListServicesMetadata(http.ResponseWriter, *http.Request)
-	GetService(http.ResponseWriter, *http.Request)
-	UpdateService(http.ResponseWriter, *http.Request)
-	AgentCheckIn(http.ResponseWriter, *http.Request)
-}

pkg/modules/user/config.go

@@ -27,12 +27,7 @@ type OrgConfig struct {
 }
 
 type PasswordConfig struct {
-	Invite InviteConfig `mapstructure:"invite"`
-	Reset  ResetConfig  `mapstructure:"reset"`
-}
-
-type InviteConfig struct {
-	MaxTokenLifetime time.Duration `mapstructure:"max_token_lifetime"`
+	Reset ResetConfig `mapstructure:"reset"`
 }
 
 type ResetConfig struct {
@@ -51,9 +46,6 @@ func newConfig() factory.Config {
 				AllowSelf:        false,
 				MaxTokenLifetime: 6 * time.Hour,
 			},
-			Invite: InviteConfig{
-				MaxTokenLifetime: 48 * time.Hour,
-			},
 		},
 		Root: RootConfig{
 			Enabled: false,
@@ -69,10 +61,6 @@ func (c Config) Validate() error {
 		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::password::reset::max_token_lifetime must be positive")
 	}
 
-	if c.Password.Invite.MaxTokenLifetime <= 0 {
-		return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::password::invite::max_token_lifetime must be positive")
-	}
-
 	if c.Root.Enabled {
 		if c.Root.Email.IsZero() {
 			return errors.New(errors.TypeInvalidInput, errors.CodeInvalidInput, "user::root::email is required when root user is enabled")

pkg/modules/user/impluser/module.go

@@ -203,7 +203,7 @@ func (m *Module) CreateBulkInvite(ctx context.Context, orgID valuer.UUID, userID
 
 		resetLink := userWithToken.ResetPasswordToken.FactorPasswordResetLink(frontendBaseUrl)
 
-		tokenLifetime := m.config.Password.Invite.MaxTokenLifetime
+		tokenLifetime := m.config.Password.Reset.MaxTokenLifetime
 		humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
 
 		if err := m.emailing.SendHTML(ctx, userWithToken.User.Email.String(), "You're Invited to Join SigNoz", emailtypes.TemplateNameInvitationEmail, map[string]any{
@@ -460,11 +460,7 @@ func (module *Module) GetOrCreateResetPasswordToken(ctx context.Context, userID
 	}
 
 	// create a new token
-	tokenLifetime := module.config.Password.Reset.MaxTokenLifetime
-	if user.Status == types.UserStatusPendingInvite {
-		tokenLifetime = module.config.Password.Invite.MaxTokenLifetime
-	}
-	resetPasswordToken, err := types.NewResetPasswordToken(password.ID, time.Now().Add(tokenLifetime))
+	resetPasswordToken, err := types.NewResetPasswordToken(password.ID, time.Now().Add(module.config.Password.Reset.MaxTokenLifetime))
 	if err != nil {
 		return nil, err
 	}
@@ -504,9 +500,6 @@ func (module *Module) ForgotPassword(ctx context.Context, orgID valuer.UUID, ema
 	resetLink := token.FactorPasswordResetLink(frontendBaseURL)
 
 	tokenLifetime := module.config.Password.Reset.MaxTokenLifetime
-	if user.Status == types.UserStatusPendingInvite {
-		tokenLifetime = module.config.Password.Invite.MaxTokenLifetime
-	}
 	humanizedTokenLifetime := strings.TrimSpace(humanize.RelTime(time.Now(), time.Now().Add(tokenLifetime), "", ""))
 
 	if err := module.emailing.SendHTML(

pkg/query-service/agentConf/db.go

@@ -115,6 +115,7 @@ func (r *Repo) GetLatestVersion(
 func (r *Repo) insertConfig(
 	ctx context.Context, orgId valuer.UUID, userId valuer.UUID, c *opamptypes.AgentConfigVersion, elements []string,
 ) error {
+
 	if c.ElementType.StringValue() == "" {
 		return errors.NewInvalidInputf(CodeElementTypeRequired, "element type is required for creating agent config version")
 	}
@@ -228,25 +229,6 @@ func (r *Repo) updateDeployStatus(ctx context.Context,
 	return nil
 }
 
-// GetDeployStatusByHash returns the DeployStatus for the given config hash
-// (stored with orgId prefix). Returns DeployStatusUnknown when no matching row exists.
-func (r *Repo) GetDeployStatusByHash(ctx context.Context, orgId valuer.UUID, configHash string) (opamptypes.DeployStatus, error) {
-	var version opamptypes.AgentConfigVersion
-	err := r.store.BunDB().NewSelect().
-		Model(&version).
-		ColumnExpr("deploy_status").
-		Where("hash = ?", configHash).
-		Where("org_id = ?", orgId).
-		Scan(ctx)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return opamptypes.DeployStatusUnknown, nil
-		}
-		return opamptypes.DeployStatusUnknown, errors.WrapInternalf(err, errors.CodeInternal, "failed to query deploy status by hash")
-	}
-	return version.DeployStatus, nil
-}
-
 func (r *Repo) updateDeployStatusByHash(
 	ctx context.Context, orgId valuer.UUID, confighash string, status string, result string,
 ) error {

pkg/query-service/agentConf/manager.go

@@ -180,12 +180,6 @@ func (m *Manager) ReportConfigDeploymentStatus(
 	}
 }
 
-// Implements model.AgentConfigProvider
-func (m *Manager) GetDeployStatusByHash(ctx context.Context, orgId valuer.UUID, configHash string) (opamptypes.DeployStatus, error) {
-	return m.Repo.GetDeployStatusByHash(ctx, orgId, configHash)
-}
-
-
 func GetLatestVersion(
 	ctx context.Context, orgId valuer.UUID, elementType opamptypes.ElementType,
 ) (*opamptypes.AgentConfigVersion, error) {

pkg/query-service/app/opamp/config_provider.go

@@ -1,8 +1,6 @@
 package opamp
 
-import (
-	"github.com/SigNoz/signoz/pkg/query-service/app/opamp/model"
-)
+import "github.com/SigNoz/signoz/pkg/query-service/app/opamp/model"
 
 // Interface for a source of otel collector config recommendations.
 type AgentConfigProvider interface {

pkg/query-service/app/opamp/mocks.go

@@ -5,7 +5,6 @@ import (
 	"log"
 	"net"
 
-	"github.com/SigNoz/signoz/pkg/types/opamptypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	"github.com/google/uuid"
 	"github.com/knadh/koanf"
@@ -128,11 +127,6 @@ func (ta *MockAgentConfigProvider) HasReportedDeploymentStatus(orgID valuer.UUID
 	return exists
 }
 
-// AgentConfigProvider interface
-func (ta *MockAgentConfigProvider) GetDeployStatusByHash(_ context.Context, _ valuer.UUID, _ string) (opamptypes.DeployStatus, error) {
-	return opamptypes.DeployStatusUnknown, nil
-}
-
 // AgentConfigProvider interface
 func (ta *MockAgentConfigProvider) SubscribeToConfigUpdates(callback func()) func() {
 	subscriberId := uuid.NewString()

pkg/query-service/app/opamp/model/agent.go

@@ -111,99 +111,90 @@ func ExtractLbFlag(agentDescr *protobufs.AgentDescription) bool {
 	return false
 }
 
-// agentDescriptionChanged returns true when the agent sends updated properties
-// (e.g. capability flag, version) mid-connection, signalling the server to
-// recompute and push a new RemoteConfig.
-//
-// On reconnect this always returns false: handleFirstStatus pre-copies
-// AgentDescription into agent.Status so no diff is detected, avoiding a
-// redundant config recompute.
-func (agent *Agent) agentDescriptionChanged(newStatus *protobufs.AgentToServer) bool {
-	// nil AgentDescription means no change per OpAMP protocol.
-	if newStatus.AgentDescription == nil {
-		return false
+func (agent *Agent) updateAgentDescription(newStatus *protobufs.AgentToServer) (agentDescrChanged bool) {
+	prevStatus := agent.Status
+
+	if agent.Status == nil {
+		// First time this Agent reports a status, remember it.
+		agent.Status = newStatus
+		agentDescrChanged = true
+	} else {
+		// Not a new Agent. Update the Status.
+		agent.Status.SequenceNum = newStatus.SequenceNum
+
+		// Check what's changed in the AgentDescription.
+		if newStatus.AgentDescription != nil {
+			// If the AgentDescription field is set it means the Agent tells us
+			// something is changed in the field since the last status report
+			// (or this is the first report).
+			// Make full comparison of previous and new descriptions to see if it
+			// really is different.
+			if prevStatus != nil && proto.Equal(prevStatus.AgentDescription, newStatus.AgentDescription) {
+				// Agent description didn't change.
+				agentDescrChanged = false
+			} else {
+				// Yes, the description is different, update it.
+				agent.Status.AgentDescription = newStatus.AgentDescription
+				agentDescrChanged = true
+			}
+		} else {
+			// AgentDescription field is not set, which means description didn't change.
+			agentDescrChanged = false
+		}
+
+		// Update remote config status if it is included and is different from what we have.
+		if newStatus.RemoteConfigStatus != nil &&
+			!proto.Equal(agent.Status.RemoteConfigStatus, newStatus.RemoteConfigStatus) {
+			agent.Status.RemoteConfigStatus = newStatus.RemoteConfigStatus
+
+			// todo: need to address multiple agent scenario here
+			// for now, the first response will be sent back to the UI
+			if agent.Status.RemoteConfigStatus.Status == protobufs.RemoteConfigStatuses_RemoteConfigStatuses_APPLIED {
+				onConfigSuccess(agent.OrgID, agent.AgentID, string(agent.Status.RemoteConfigStatus.LastRemoteConfigHash))
+			}
+
+			if agent.Status.RemoteConfigStatus.Status == protobufs.RemoteConfigStatuses_RemoteConfigStatuses_FAILED {
+				onConfigFailure(agent.OrgID, agent.AgentID, string(agent.Status.RemoteConfigStatus.LastRemoteConfigHash), agent.Status.RemoteConfigStatus.ErrorMessage)
+			}
+		}
 	}
-	if proto.Equal(agent.Status.AgentDescription, newStatus.AgentDescription) {
-		return false
+
+	if agentDescrChanged {
+		agent.CanLB = ExtractLbFlag(newStatus.AgentDescription)
+	}
+
+	return agentDescrChanged
+}
+
+func (agent *Agent) updateHealth(newStatus *protobufs.AgentToServer) {
+	if newStatus.Health == nil {
+		return
+	}
+
+	agent.Status.Health = newStatus.Health
+
+	if agent.Status != nil && agent.Status.Health != nil && agent.Status.Health.Healthy {
+		agent.TimeAuditable.UpdatedAt = time.Unix(0, int64(agent.Status.Health.StartTimeUnixNano)).UTC()
 	}
-	agent.CanLB = ExtractLbFlag(newStatus.AgentDescription)
-	return true
 }
 
-// updateRemoteConfigStatus updates the stored RemoteConfigStatus and notifies
-// subscribers if the status has changed relative to what we have stored.
 func (agent *Agent) updateRemoteConfigStatus(newStatus *protobufs.AgentToServer) {
-	if newStatus.RemoteConfigStatus == nil ||
-		proto.Equal(agent.Status.RemoteConfigStatus, newStatus.RemoteConfigStatus) {
-		return
-	}
-
-	// todo: need to address multiple agent scenario here
-	// for now, the first response will be sent back to the UI
-	hash := string(newStatus.RemoteConfigStatus.LastRemoteConfigHash)
-	switch newStatus.RemoteConfigStatus.Status {
-	case protobufs.RemoteConfigStatuses_RemoteConfigStatuses_APPLIED:
-		onConfigSuccess(agent.OrgID, agent.AgentID, hash)
-	case protobufs.RemoteConfigStatuses_RemoteConfigStatuses_FAILED:
-		onConfigFailure(agent.OrgID, agent.AgentID, hash, newStatus.RemoteConfigStatus.ErrorMessage)
+	// Update remote config status if it is included and is different from what we have.
+	if newStatus.RemoteConfigStatus != nil {
+		agent.Status.RemoteConfigStatus = newStatus.RemoteConfigStatus
 	}
 }
 
-// handleFirstStatus initializes agent.Status on the first message received from
-// this agent instance. It is a no-op for all subsequent messages.
-func (agent *Agent) handleFirstStatus(newStatus *protobufs.AgentToServer, configProvider AgentConfigProvider) {
-	if agent.Status != nil {
-		return
+func (agent *Agent) updateStatusField(newStatus *protobufs.AgentToServer) (agentDescrChanged bool) {
+	if agent.Status == nil {
+		// First time this Agent reports a status, remember it.
+		agent.Status = newStatus
+		agentDescrChanged = true
 	}
 
-	// Initialize with a clean slate.
-	agent.Status = &protobufs.AgentToServer{
-		RemoteConfigStatus: &protobufs.RemoteConfigStatus{
-			Status: protobufs.RemoteConfigStatuses_RemoteConfigStatuses_UNSET,
-		},
-	}
-
-	if newStatus.RemoteConfigStatus == nil ||
-		newStatus.RemoteConfigStatus.Status == protobufs.RemoteConfigStatuses_RemoteConfigStatuses_UNSET {
-		// Agent just started fresh — no prior deployment to reconcile with the DB.
-		return
-	}
-
-	// Since the server's connection is restarted;
-	// copy the agent description; so no change is detected by agentDescriptionChanged
-	agent.Status.AgentDescription = newStatus.AgentDescription
-
-	// Server reconnected while the agent was already running.
-	// Reconcile deployment status with DB; DB is the source of truth.
-	// If DB says in_progress but agent now reports APPLIED/FAILED,
-	// updateRemoteConfigStatus will detect the transition and notify subscribers.
-	rawHash := string(newStatus.RemoteConfigStatus.LastRemoteConfigHash)
-	deployStatus, err := configProvider.GetDeployStatusByHash(context.Background(), agent.OrgID, agent.OrgID.String()+rawHash)
-	if err != nil {
-		return
-	}
-
-	agent.Status.RemoteConfigStatus.Status = opamptypes.DeployStatusToProtoStatus[deployStatus]
-
-	// If the deployment is still in-flight, rehydrate the subscriber so that
-	// updateRemoteConfigStatus can fire onConfigSuccess/onConfigFailure when
-	// the agent next reports a terminal status.
-	if deployStatus != opamptypes.Deployed && deployStatus != opamptypes.DeployFailed {
-		ListenToConfigUpdate(agent.OrgID, agent.AgentID, rawHash, configProvider.ReportConfigDeploymentStatus)
-	}
-}
-
-func (agent *Agent) updateStatusField(newStatus *protobufs.AgentToServer, configProvider AgentConfigProvider) bool {
-	agent.handleFirstStatus(newStatus, configProvider)
-	agentDescrChanged := agent.agentDescriptionChanged(newStatus)
-	// record healthy timestamp
-	if newStatus.Health != nil && newStatus.Health.Healthy {
-		agent.TimeAuditable.UpdatedAt = time.Unix(0, int64(newStatus.Health.StartTimeUnixNano)).UTC()
-	}
-	// notify subscribers first; this will update the status in the DB
+	agentDescrChanged = agent.updateAgentDescription(newStatus) || agentDescrChanged
 	agent.updateRemoteConfigStatus(newStatus)
-	// update local reference in last.
-	agent.Status = newStatus
+	agent.updateHealth(newStatus)
 	return agentDescrChanged
 }
 
@@ -246,7 +237,7 @@ func (agent *Agent) processStatusUpdate(
 	// current status is not up-to-date.
 	lostPreviousUpdate := (agent.Status == nil) || (agent.Status != nil && agent.Status.SequenceNum+1 != newStatus.SequenceNum)
 
-	agentDescrChanged := agent.updateStatusField(newStatus, configProvider)
+	agentDescrChanged := agent.updateStatusField(newStatus)
 
 	// Check if any fields were omitted in the status report.
 	effectiveConfigOmitted := newStatus.EffectiveConfig == nil &&

pkg/query-service/app/opamp/model/config.go

@@ -1,11 +1,6 @@
 package model
 
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/types/opamptypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
+import "github.com/SigNoz/signoz/pkg/valuer"
 
 // Interface for source of otel collector config recommendations.
 type AgentConfigProvider interface {
@@ -25,10 +20,4 @@ type AgentConfigProvider interface {
 		configId string,
 		err error,
 	)
-
-	// GetDeployStatusByHash returns the DeployStatus for the given config hash
-	// (with orgId prefix as stored in the DB). Returns DeployStatusUnknown when
-	// no matching row exists. Used by the agent's first-connect handler to
-	// determine whether the reported RemoteConfigStatus resolves a pending deployment.
-	GetDeployStatusByHash(ctx context.Context, orgId valuer.UUID, configHash string) (opamptypes.DeployStatus, error)
 }

pkg/query-service/app/opamp/model/coordinator.go

@@ -66,7 +66,6 @@ func ListenToConfigUpdate(orgId valuer.UUID, agentId string, hash string, ss OnC
 	defer coordinator.mutex.Unlock()
 
 	key := getSubscriberKey(orgId, hash)
-
 	if subs, ok := coordinator.subscribers[key]; ok {
 		subs = append(subs, ss)
 		coordinator.subscribers[key] = subs

pkg/query-service/rules/prom_rule_task.go

@@ -7,14 +7,12 @@ import (
 	"sync"
 	"time"
 
-	"log/slog"
-
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	ruletypes "github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
 	opentracing "github.com/opentracing/opentracing-go"
 	plabels "github.com/prometheus/prometheus/model/labels"
+	"log/slog"
 )
 
 // PromRuleTask is a promql rule executor
@@ -373,7 +371,7 @@ func (g *PromRuleTask) Eval(ctx context.Context, ts time.Time) {
 
 			comment := ctxtypes.CommentFromContext(ctx)
 			comment.Set("rule_id", rule.ID())
-			comment.Set("identn_provider", authtypes.IdentNProviderInternal.StringValue())
+			comment.Set("auth_type", "internal")
 			ctx = ctxtypes.NewContextWithComment(ctx, comment)
 
 			_, err := rule.Eval(ctx, ts)

pkg/query-service/rules/rule_task.go

@@ -10,7 +10,6 @@ import (
 	"log/slog"
 
 	"github.com/SigNoz/signoz/pkg/query-service/utils/labels"
-	"github.com/SigNoz/signoz/pkg/types/authtypes"
 	"github.com/SigNoz/signoz/pkg/types/ctxtypes"
 	ruletypes "github.com/SigNoz/signoz/pkg/types/ruletypes"
 	"github.com/SigNoz/signoz/pkg/valuer"
@@ -359,7 +358,7 @@ func (g *RuleTask) Eval(ctx context.Context, ts time.Time) {
 
 			comment := ctxtypes.CommentFromContext(ctx)
 			comment.Set("rule_id", rule.ID())
-			comment.Set("identn_provider", authtypes.IdentNProviderInternal.StringValue())
+			comment.Set("auth_type", "internal")
 			ctx = ctxtypes.NewContextWithComment(ctx, comment)
 
 			_, err := rule.Eval(ctx, ts)

pkg/types/authtypes/identn.go

@@ -6,7 +6,6 @@ var (
 	IdentNProviderTokenizer = IdentNProvider{valuer.NewString("tokenizer")}
 	IdentNProviderAPIkey    = IdentNProvider{valuer.NewString("api_key")}
 	IdentNProviderAnonymous = IdentNProvider{valuer.NewString("anonymous")}
-	IdentNProviderInternal  = IdentNProvider{valuer.NewString("internal")}
 )
 
 type IdentNProvider struct{ valuer.String }

pkg/types/cloudintegrationtypes/account.go

@@ -1,43 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Account struct {
-	types.Identifiable
-	types.TimeAuditable
-	ProviderAccountId *string           `json:"providerAccountID,omitempty"`
-	Provider          CloudProviderType `json:"provider"`
-	RemovedAt         *time.Time        `json:"removedAt,omitempty"`
-	AgentReport       *AgentReport      `json:"agentReport,omitempty"`
-	OrgID             valuer.UUID       `json:"orgID"`
-	Config            *AccountConfig    `json:"config,omitempty"`
-}
-
-// AgentReport represents heartbeats sent by the agent.
-type AgentReport struct {
-	TimestampMillis int64          `json:"timestampMillis"`
-	Data            map[string]any `json:"data"`
-}
-
-type GettableAccounts struct {
-	Accounts []*Account `json:"accounts"`
-}
-
-type GettableAccount = Account
-
-type UpdatableAccount struct {
-	Config *AccountConfig `json:"config"`
-}
-
-type AccountConfig struct {
-	AWS *AWSAccountConfig `json:"aws,omitempty"`
-}
-
-type AWSAccountConfig struct {
-	Regions []string `json:"regions"`
-}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -1,80 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"database/sql/driver"
-	"encoding/json"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/uptrace/bun"
-
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var (
-	ErrCodeCloudIntegrationNotFound = errors.MustNewCode("cloud_integration_not_found")
-)
-
-// StorableCloudIntegration represents a cloud integration stored in the database.
-// This is also referred as "Account" in the context of cloud integrations.
-type StorableCloudIntegration struct {
-	bun.BaseModel `bun:"table:cloud_integration"`
-	types.Identifiable
-	types.TimeAuditable
-
-	Provider        CloudProviderType    `bun:"provider,type:text"`
-	Config          string               `bun:"config,type:text"` // Config is provider-specific data in JSON string format
-	AccountID       *string              `bun:"account_id,type:text"`
-	LastAgentReport *StorableAgentReport `bun:"last_agent_report,type:text"`
-	RemovedAt       *time.Time           `bun:"removed_at,type:timestamp,nullzero"`
-	OrgID           valuer.UUID          `bun:"org_id,type:text"`
-}
-
-// StorableAgentReport represents the last heartbeat and arbitrary data sent by the agent
-// as of now there is no use case for Data field, but keeping it for backwards compatibility with older structure.
-type StorableAgentReport struct {
-	TimestampMillis int64          `json:"timestamp_millis"` // backward compatibility
-	Data            map[string]any `json:"data"`
-}
-
-// StorableCloudIntegrationService is to store service config for a cloud integration, which is a cloud provider specific configuration.
-type StorableCloudIntegrationService struct {
-	bun.BaseModel `bun:"table:cloud_integration_service,alias:cis"`
-	types.Identifiable
-	types.TimeAuditable
-
-	Type               ServiceID   `bun:"type,type:text,notnull"` // Keeping Type field name as is, but it is a service id
-	Config             string      `bun:"config,type:text"`       // Config is cloud provider's service specific data in JSON string format
-	CloudIntegrationID valuer.UUID `bun:"cloud_integration_id,type:text"`
-}
-
-// Scan scans value from DB.
-func (r *StorableAgentReport) Scan(src any) error {
-	var data []byte
-	switch v := src.(type) {
-	case []byte:
-		data = v
-	case string:
-		data = []byte(v)
-	default:
-		return errors.NewInternalf(errors.CodeInternal, "tried to scan from %T instead of string or bytes", src)
-	}
-	return json.Unmarshal(data, r)
-}
-
-// Value creates value to be stored in DB.
-func (r *StorableAgentReport) Value() (driver.Value, error) {
-	if r == nil {
-		return nil, errors.NewInternalf(errors.CodeInternal, "agent report is nil")
-	}
-
-	serialized, err := json.Marshal(r)
-	if err != nil {
-		return nil, errors.WrapInternalf(
-			err, errors.CodeInternal, "couldn't serialize agent report to JSON",
-		)
-	}
-	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
-	return string(serialized), nil
-}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -1,41 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-// CloudProviderType type alias.
-type CloudProviderType struct{ valuer.String }
-
-var (
-	// cloud providers.
-	CloudProviderTypeAWS   = CloudProviderType{valuer.NewString("aws")}
-	CloudProviderTypeAzure = CloudProviderType{valuer.NewString("azure")}
-
-	// errors.
-	ErrCodeCloudProviderInvalidInput = errors.MustNewCode("invalid_cloud_provider")
-
-	AWSIntegrationUserEmail   = valuer.MustNewEmail("aws-integration@signoz.io")
-	AzureIntegrationUserEmail = valuer.MustNewEmail("azure-integration@signoz.io")
-)
-
-// CloudIntegrationUserEmails is the list of valid emails for Cloud One Click integrations.
-// This is used for validation and restrictions in different contexts, across codebase.
-var CloudIntegrationUserEmails = []valuer.Email{
-	AWSIntegrationUserEmail,
-	AzureIntegrationUserEmail,
-}
-
-// NewCloudProvider returns a new CloudProviderType from a string.
-// It validates the input and returns an error if the input is not valid cloud provider.
-func NewCloudProvider(provider string) (CloudProviderType, error) {
-	switch provider {
-	case CloudProviderTypeAWS.StringValue():
-		return CloudProviderTypeAWS, nil
-	case CloudProviderTypeAzure.StringValue():
-		return CloudProviderTypeAzure, nil
-	default:
-		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
-	}
-}

pkg/types/cloudintegrationtypes/connection.go

@@ -1,88 +0,0 @@
-package cloudintegrationtypes
-
-import "github.com/SigNoz/signoz/pkg/types/integrationtypes"
-
-type ConnectionArtifactRequest struct {
-	Aws *AWSConnectionArtifactRequest `json:"aws"`
-}
-
-type AWSConnectionArtifactRequest struct {
-	DeploymentRegion string   `json:"deploymentRegion"`
-	Regions          []string `json:"regions"`
-}
-
-type PostableConnectionArtifact = ConnectionArtifactRequest
-
-type ConnectionArtifact struct {
-	Aws *AWSConnectionArtifact `json:"aws"`
-}
-
-type AWSConnectionArtifact struct {
-	ConnectionUrl string `json:"connectionURL"`
-}
-
-type GettableConnectionArtifact = ConnectionArtifact
-
-type AccountStatus struct {
-	Id                string                         `json:"id"`
-	ProviderAccountId *string                        `json:"providerAccountID,omitempty"`
-	Status            integrationtypes.AccountStatus `json:"status"`
-}
-
-type GettableAccountStatus = AccountStatus
-
-type AgentCheckInRequest struct {
-	// older backward compatible fields are mapped to new fields
-	// CloudIntegrationId string `json:"cloudIntegrationId"`
-	// AccountId          string `json:"accountId"`
-
-	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
-
-	Data map[string]any `json:"data,omitempty"`
-}
-
-type PostableAgentCheckInRequest struct {
-	AgentCheckInRequest
-	// following are backward compatible fields for older running agents
-	// which gets mapped to new fields in AgentCheckInRequest
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	CloudAccountId     string `json:"cloud_account_id"`
-}
-
-type GettableAgentCheckInResponse struct {
-	AgentCheckInResponse
-
-	// For backward compatibility
-	CloudIntegrationId string `json:"cloud_integration_id"`
-	AccountId          string `json:"account_id"`
-}
-
-type AgentCheckInResponse struct {
-	// Older fields for backward compatibility are mapped to new fields below
-	// CloudIntegrationId string `json:"cloud_integration_id"`
-	// AccountId          string `json:"account_id"`
-
-	// New fields
-	ProviderAccountId string `json:"providerAccountId"`
-	CloudAccountId    string `json:"cloudAccountId"`
-
-	// IntegrationConfig populates data related to integration that is required for an agent
-	// to start collecting telemetry data
-	// keeping JSON key snake_case for backward compatibility
-	IntegrationConfig *IntegrationConfig `json:"integration_config,omitempty"`
-}
-
-type IntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`      // backward compatible
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"` // backward compatible
-
-	// new fields
-	AWS *AWSIntegrationConfig `json:"aws,omitempty"`
-}
-
-type AWSIntegrationConfig struct {
-	EnabledRegions []string               `json:"enabledRegions"`
-	Telemetry      *AWSCollectionStrategy `json:"telemetry,omitempty"`
-}

pkg/types/cloudintegrationtypes/regions.go

@@ -1,103 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"github.com/SigNoz/signoz/pkg/errors"
-)
-
-var (
-	ErrCodeInvalidCloudRegion    = errors.MustNewCode("invalid_cloud_region")
-	ErrCodeMismatchCloudProvider = errors.MustNewCode("cloud_provider_mismatch")
-)
-
-// List of all valid cloud regions on Amazon Web Services.
-var ValidAWSRegions = map[string]struct{}{
-	"af-south-1":     {}, // Africa (Cape Town).
-	"ap-east-1":      {}, // Asia Pacific (Hong Kong).
-	"ap-northeast-1": {}, // Asia Pacific (Tokyo).
-	"ap-northeast-2": {}, // Asia Pacific (Seoul).
-	"ap-northeast-3": {}, // Asia Pacific (Osaka).
-	"ap-south-1":     {}, // Asia Pacific (Mumbai).
-	"ap-south-2":     {}, // Asia Pacific (Hyderabad).
-	"ap-southeast-1": {}, // Asia Pacific (Singapore).
-	"ap-southeast-2": {}, // Asia Pacific (Sydney).
-	"ap-southeast-3": {}, // Asia Pacific (Jakarta).
-	"ap-southeast-4": {}, // Asia Pacific (Melbourne).
-	"ca-central-1":   {}, // Canada (Central).
-	"ca-west-1":      {}, // Canada West (Calgary).
-	"eu-central-1":   {}, // Europe (Frankfurt).
-	"eu-central-2":   {}, // Europe (Zurich).
-	"eu-north-1":     {}, // Europe (Stockholm).
-	"eu-south-1":     {}, // Europe (Milan).
-	"eu-south-2":     {}, // Europe (Spain).
-	"eu-west-1":      {}, // Europe (Ireland).
-	"eu-west-2":      {}, // Europe (London).
-	"eu-west-3":      {}, // Europe (Paris).
-	"il-central-1":   {}, // Israel (Tel Aviv).
-	"me-central-1":   {}, // Middle East (UAE).
-	"me-south-1":     {}, // Middle East (Bahrain).
-	"sa-east-1":      {}, // South America (Sao Paulo).
-	"us-east-1":      {}, // US East (N. Virginia).
-	"us-east-2":      {}, // US East (Ohio).
-	"us-west-1":      {}, // US West (N. California).
-	"us-west-2":      {}, // US West (Oregon).
-}
-
-// List of all valid cloud regions for Microsoft Azure.
-var ValidAzureRegions = map[string]struct{}{
-	"australiacentral":   {}, // Australia Central
-	"australiacentral2":  {}, // Australia Central 2
-	"australiaeast":      {}, // Australia East
-	"australiasoutheast": {}, // Australia Southeast
-	"austriaeast":        {}, // Austria East
-	"belgiumcentral":     {}, // Belgium Central
-	"brazilsouth":        {}, // Brazil South
-	"brazilsoutheast":    {}, // Brazil Southeast
-	"canadacentral":      {}, // Canada Central
-	"canadaeast":         {}, // Canada East
-	"centralindia":       {}, // Central India
-	"centralus":          {}, // Central US
-	"chilecentral":       {}, // Chile Central
-	"denmarkeast":        {}, // Denmark East
-	"eastasia":           {}, // East Asia
-	"eastus":             {}, // East US
-	"eastus2":            {}, // East US 2
-	"francecentral":      {}, // France Central
-	"francesouth":        {}, // France South
-	"germanynorth":       {}, // Germany North
-	"germanywestcentral": {}, // Germany West Central
-	"indonesiacentral":   {}, // Indonesia Central
-	"israelcentral":      {}, // Israel Central
-	"italynorth":         {}, // Italy North
-	"japaneast":          {}, // Japan East
-	"japanwest":          {}, // Japan West
-	"koreacentral":       {}, // Korea Central
-	"koreasouth":         {}, // Korea South
-	"malaysiawest":       {}, // Malaysia West
-	"mexicocentral":      {}, // Mexico Central
-	"newzealandnorth":    {}, // New Zealand North
-	"northcentralus":     {}, // North Central US
-	"northeurope":        {}, // North Europe
-	"norwayeast":         {}, // Norway East
-	"norwaywest":         {}, // Norway West
-	"polandcentral":      {}, // Poland Central
-	"qatarcentral":       {}, // Qatar Central
-	"southafricanorth":   {}, // South Africa North
-	"southafricawest":    {}, // South Africa West
-	"southcentralus":     {}, // South Central US
-	"southindia":         {}, // South India
-	"southeastasia":      {}, // Southeast Asia
-	"spaincentral":       {}, // Spain Central
-	"swedencentral":      {}, // Sweden Central
-	"switzerlandnorth":   {}, // Switzerland North
-	"switzerlandwest":    {}, // Switzerland West
-	"uaecentral":         {}, // UAE Central
-	"uaenorth":           {}, // UAE North
-	"uksouth":            {}, // UK South
-	"ukwest":             {}, // UK West
-	"westcentralus":      {}, // West Central US
-	"westeurope":         {}, // West Europe
-	"westindia":          {}, // West India
-	"westus":             {}, // West US
-	"westus2":            {}, // West US 2
-	"westus3":            {}, // West US 3
-}

pkg/types/cloudintegrationtypes/service.go

@@ -1,248 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/SigNoz/signoz/pkg/errors"
-	"github.com/SigNoz/signoz/pkg/types"
-	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-var (
-	S3Sync = valuer.NewString("s3sync")
-	// ErrCodeInvalidServiceID is the error code for invalid service id.
-	ErrCodeInvalidServiceID = errors.MustNewCode("invalid_service_id")
-)
-
-type ServiceID struct{ valuer.String }
-
-type CloudIntegrationService struct {
-	types.Identifiable
-	types.TimeAuditable
-	Type               ServiceID      `json:"type"`
-	Config             *ServiceConfig `json:"config"`
-	CloudIntegrationID valuer.UUID    `json:"cloudIntegrationID"`
-}
-
-// ServiceMetadata helps to quickly list available services and whether it is enabled or not.
-// As getting complete service definition is a heavy operation and the response is also large,
-// initial integration page load can be very slow.
-type ServiceMetadata struct {
-	ServiceDefinitionMetadata
-	// if the service is enabled for the account
-	Enabled bool `json:"enabled"`
-}
-
-type GettableServicesMetadata struct {
-	Services []*ServiceMetadata `json:"services"`
-}
-
-type Service struct {
-	ServiceDefinition
-	ServiceConfig *ServiceConfig `json:"serviceConfig"`
-}
-
-type GettableService = Service
-
-type UpdatableService struct {
-	Config *ServiceConfig `json:"config"`
-}
-
-type ServiceConfig struct {
-	AWS *AWSServiceConfig `json:"aws,omitempty"`
-}
-
-type AWSServiceConfig struct {
-	Logs    *AWSServiceLogsConfig    `json:"logs"`
-	Metrics *AWSServiceMetricsConfig `json:"metrics"`
-}
-
-// AWSServiceLogsConfig is AWS specific logs config for a service
-// NOTE: the JSON keys are snake case for backward compatibility with existing agents.
-type AWSServiceLogsConfig struct {
-	Enabled   bool                `json:"enabled"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"`
-}
-
-type AWSServiceMetricsConfig struct {
-	Enabled bool `json:"enabled"`
-}
-
-// ServiceDefinitionMetadata represents service definition metadata. This is useful for showing service tab in frontend.
-type ServiceDefinitionMetadata struct {
-	Id    string `json:"id"`
-	Title string `json:"title"`
-	Icon  string `json:"icon"`
-}
-
-type ServiceDefinition struct {
-	ServiceDefinitionMetadata
-	Overview         string              `json:"overview"` // markdown
-	Assets           Assets              `json:"assets"`
-	SupportedSignals SupportedSignals    `json:"supported_signals"`
-	DataCollected    DataCollected       `json:"dataCollected"`
-	Strategy         *CollectionStrategy `json:"telemetryCollectionStrategy"`
-}
-
-// CollectionStrategy is cloud provider specific configuration for signal collection,
-// this is used by agent to understand the nitty-gritty for collecting telemetry for the cloud provider.
-type CollectionStrategy struct {
-	AWS *AWSCollectionStrategy `json:"aws,omitempty"`
-}
-
-// Assets represents the collection of dashboards.
-type Assets struct {
-	Dashboards []Dashboard `json:"dashboards"`
-}
-
-// SupportedSignals for cloud provider's service.
-type SupportedSignals struct {
-	Logs    bool `json:"logs"`
-	Metrics bool `json:"metrics"`
-}
-
-// DataCollected is curated static list of metrics and logs, this is shown as part of service overview.
-type DataCollected struct {
-	Logs    []CollectedLogAttribute `json:"logs"`
-	Metrics []CollectedMetric       `json:"metrics"`
-}
-
-// CollectedLogAttribute represents a log attribute that is present in all log entries for a service,
-// this is shown as part of service overview.
-type CollectedLogAttribute struct {
-	Name string `json:"name"`
-	Path string `json:"path"`
-	Type string `json:"type"`
-}
-
-// CollectedMetric represents a metric that is collected for a service, this is shown as part of service overview.
-type CollectedMetric struct {
-	Name        string `json:"name"`
-	Type        string `json:"type"`
-	Unit        string `json:"unit"`
-	Description string `json:"description"`
-}
-
-// AWSCollectionStrategy represents signal collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSCollectionStrategy struct {
-	Metrics   *AWSMetricsStrategy `json:"aws_metrics,omitempty"`
-	Logs      *AWSLogsStrategy    `json:"aws_logs,omitempty"`
-	S3Buckets map[string][]string `json:"s3_buckets,omitempty"` // Only available in S3 Sync Service Type in AWS
-}
-
-// AWSMetricsStrategy represents metrics collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSMetricsStrategy struct {
-	// to be used as https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudwatch-metricstream.html#cfn-cloudwatch-metricstream-includefilters
-	StreamFilters []struct {
-		// json tags here are in the shape expected by AWS API as detailed at
-		// https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudwatch-metricstream-metricstreamfilter.html
-		Namespace   string   `json:"Namespace"`
-		MetricNames []string `json:"MetricNames,omitempty"`
-	} `json:"cloudwatch_metric_stream_filters"`
-}
-
-// AWSLogsStrategy represents logs collection strategy for AWS services.
-// this is AWS specific.
-// NOTE: this structure is still using snake case, for backward compatibility,
-// with existing agents.
-type AWSLogsStrategy struct {
-	Subscriptions []struct {
-		// subscribe to all logs groups with specified prefix.
-		// eg: `/aws/rds/`
-		LogGroupNamePrefix string `json:"log_group_name_prefix"`
-
-		// https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
-		// "" implies no filtering is required.
-		FilterPattern string `json:"filter_pattern"`
-	} `json:"cloudwatch_logs_subscriptions"`
-}
-
-// Dashboard represents a dashboard definition for cloud integration.
-// This is used to show available pre-made dashboards for a service,
-// hence has additional fields like id, title and description
-type Dashboard struct {
-	Id          string                               `json:"id"`
-	Title       string                               `json:"title"`
-	Description string                               `json:"description"`
-	Definition  dashboardtypes.StorableDashboardData `json:"definition,omitempty"`
-}
-
-// SupportedServices is the map of supported services for each cloud provider.
-var SupportedServices = map[CloudProviderType][]ServiceID{
-	CloudProviderTypeAWS: {
-		{valuer.NewString("alb")},
-		{valuer.NewString("api-gateway")},
-		{valuer.NewString("dynamodb")},
-		{valuer.NewString("ec2")},
-		{valuer.NewString("ecs")},
-		{valuer.NewString("eks")},
-		{valuer.NewString("elasticache")},
-		{valuer.NewString("lambda")},
-		{valuer.NewString("msk")},
-		{valuer.NewString("rds")},
-		{valuer.NewString("s3sync")},
-		{valuer.NewString("sns")},
-		{valuer.NewString("sqs")},
-	},
-}
-
-// NewServiceID returns a new ServiceID from a string, validated against the supported services for the given cloud provider.
-func NewServiceID(provider CloudProviderType, service string) (ServiceID, error) {
-	services, ok := SupportedServices[provider]
-	if !ok {
-		return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "no services defined for cloud provider: %s", provider)
-	}
-	for _, s := range services {
-		if s.StringValue() == service {
-			return s, nil
-		}
-	}
-	return ServiceID{}, errors.NewInvalidInputf(ErrCodeInvalidServiceID, "invalid service id %q for cloud provider %s", service, provider)
-}
-
-// UTILS
-
-// GetCloudIntegrationDashboardID returns the dashboard id for a cloud integration, given the cloud provider, service id, and dashboard id.
-// This is used to generate unique dashboard ids for cloud integration, and also to parse the dashboard id to get the cloud provider and service id when needed.
-func GetCloudIntegrationDashboardID(cloudProvider CloudProviderType, svcId, dashboardId string) string {
-	return fmt.Sprintf("cloud-integration--%s--%s--%s", cloudProvider, svcId, dashboardId)
-}
-
-// GetDashboardsFromAssets returns the list of dashboards for the cloud provider service from definition.
-func GetDashboardsFromAssets(
-	svcId string,
-	orgID valuer.UUID,
-	cloudProvider CloudProviderType,
-	createdAt time.Time,
-	assets Assets,
-) []*dashboardtypes.Dashboard {
-	dashboards := make([]*dashboardtypes.Dashboard, 0)
-
-	for _, d := range assets.Dashboards {
-		author := fmt.Sprintf("%s-integration", cloudProvider)
-		dashboards = append(dashboards, &dashboardtypes.Dashboard{
-			ID:     GetCloudIntegrationDashboardID(cloudProvider, svcId, d.Id),
-			Locked: true,
-			OrgID:  orgID,
-			Data:   d.Definition,
-			TimeAuditable: types.TimeAuditable{
-				CreatedAt: createdAt,
-				UpdatedAt: createdAt,
-			},
-			UserAuditable: types.UserAuditable{
-				CreatedBy: author,
-				UpdatedBy: author,
-			},
-		})
-	}
-
-	return dashboards
-}

pkg/types/cloudintegrationtypes/store.go

@@ -1,41 +0,0 @@
-package cloudintegrationtypes
-
-import (
-	"context"
-
-	"github.com/SigNoz/signoz/pkg/valuer"
-)
-
-type Store interface {
-	// GetAccountByID returns a cloud integration account by id
-	GetAccountByID(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) (*StorableCloudIntegration, error)
-
-	// CreateAccount creates a new cloud integration account
-	CreateAccount(ctx context.Context, account *StorableCloudIntegration) (*StorableCloudIntegration, error)
-
-	// UpdateAccount updates an existing cloud integration account
-	UpdateAccount(ctx context.Context, account *StorableCloudIntegration) error
-
-	// RemoveAccount marks a cloud integration account as removed by setting the RemovedAt field
-	RemoveAccount(ctx context.Context, orgID, id valuer.UUID, provider CloudProviderType) error
-
-	// ListConnectedAccounts returns all the cloud integration accounts for the org and cloud provider
-	ListConnectedAccounts(ctx context.Context, orgID valuer.UUID, provider CloudProviderType) ([]*StorableCloudIntegration, error)
-
-	// GetConnectedAccount for a given provider
-	GetConnectedAccount(ctx context.Context, orgID valuer.UUID, provider CloudProviderType, providerAccountID string) (*StorableCloudIntegration, error)
-
-	// cloud_integration_service related methods
-
-	// GetServiceByServiceID returns the cloud integration service for the given cloud integration id and service id
-	GetServiceByServiceID(ctx context.Context, cloudIntegrationID valuer.UUID, serviceID ServiceID) (*StorableCloudIntegrationService, error)
-
-	// CreateService creates a new cloud integration service
-	CreateService(ctx context.Context, service *StorableCloudIntegrationService) (*StorableCloudIntegrationService, error)
-
-	// UpdateService updates an existing cloud integration service
-	UpdateService(ctx context.Context, service *StorableCloudIntegrationService) error
-
-	// ListServices returns all the cloud integration services for the given cloud integration id
-	ListServices(ctx context.Context, cloudIntegrationID valuer.UUID) ([]*StorableCloudIntegrationService, error)
-}

pkg/types/opamptypes/agent.go

@@ -6,7 +6,6 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
-	"github.com/open-telemetry/opamp-go/protobufs"
 	"github.com/uptrace/bun"
 )
 
@@ -18,15 +17,6 @@ const (
 	AgentStatusDisconnected
 )
 
-var DeployStatusToProtoStatus = map[DeployStatus]protobufs.RemoteConfigStatuses{
-	PendingDeploy:       protobufs.RemoteConfigStatuses_RemoteConfigStatuses_UNSET,
-	Deploying:           protobufs.RemoteConfigStatuses_RemoteConfigStatuses_APPLYING,
-	Deployed:            protobufs.RemoteConfigStatuses_RemoteConfigStatuses_APPLIED,
-	DeployInitiated:     protobufs.RemoteConfigStatuses_RemoteConfigStatuses_APPLYING,
-	DeployFailed:        protobufs.RemoteConfigStatuses_RemoteConfigStatuses_FAILED,
-	DeployStatusUnknown: protobufs.RemoteConfigStatuses_RemoteConfigStatuses_UNSET,
-}
-
 type StorableAgent struct {
 	bun.BaseModel `bun:"table:agent"`
 
@@ -40,6 +30,16 @@ type StorableAgent struct {
 	Config       string      `bun:"config,type:text,notnull"`
 }
 
+func NewStorableAgent(store sqlstore.SQLStore, orgID valuer.UUID, agentID string, status AgentStatus) StorableAgent {
+	return StorableAgent{
+		OrgID:         orgID,
+		Identifiable:  types.Identifiable{ID: valuer.GenerateUUID()},
+		AgentID:       agentID,
+		TimeAuditable: types.TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
+		Status:        status,
+	}
+}
+
 type ElementType struct{ valuer.String }
 
 var (
@@ -49,6 +49,24 @@ var (
 	ElementTypeLbExporter    = ElementType{valuer.NewString("lb_exporter")}
 )
 
+// NewElementType creates a new ElementType from a string value.
+// Returns the corresponding ElementType constant if the string matches,
+// otherwise returns an empty ElementType.
+func NewElementType(value string) ElementType {
+	switch valuer.NewString(value) {
+	case ElementTypeSamplingRules.String:
+		return ElementTypeSamplingRules
+	case ElementTypeDropRules.String:
+		return ElementTypeDropRules
+	case ElementTypeLogPipelines.String:
+		return ElementTypeLogPipelines
+	case ElementTypeLbExporter.String:
+		return ElementTypeLbExporter
+	default:
+		return ElementType{valuer.NewString("")}
+	}
+}
+
 type DeployStatus struct{ valuer.String }
 
 var (
@@ -80,26 +98,6 @@ type AgentConfigVersion struct {
 	Config         string       `json:"config" bun:"config,type:text"`
 }
 
-type AgentConfigElement struct {
-	bun.BaseModel `bun:"table:agent_config_element"`
-
-	types.Identifiable
-	types.TimeAuditable
-	ElementID   string      `bun:"element_id,type:text,notnull,unique:element_type_version_idx"`
-	ElementType string      `bun:"element_type,type:text,notnull,unique:element_type_version_idx"`
-	VersionID   valuer.UUID `bun:"version_id,type:text,notnull,unique:element_type_version_idx"`
-}
-
-func NewStorableAgent(store sqlstore.SQLStore, orgID valuer.UUID, agentID string, status AgentStatus) StorableAgent {
-	return StorableAgent{
-		OrgID:         orgID,
-		Identifiable:  types.Identifiable{ID: valuer.GenerateUUID()},
-		AgentID:       agentID,
-		TimeAuditable: types.TimeAuditable{CreatedAt: time.Now(), UpdatedAt: time.Now()},
-		Status:        status,
-	}
-}
-
 func NewAgentConfigVersion(orgId valuer.UUID, userId valuer.UUID, elementType ElementType) *AgentConfigVersion {
 	return &AgentConfigVersion{
 		TimeAuditable: types.TimeAuditable{
@@ -120,20 +118,12 @@ func (a *AgentConfigVersion) IncrementVersion(lastVersion int) {
 	a.Version = lastVersion + 1
 }
 
-// NewElementType creates a new ElementType from a string value.
-// Returns the corresponding ElementType constant if the string matches,
-// otherwise returns an empty ElementType.
-func NewElementType(value string) ElementType {
-	switch valuer.NewString(value) {
-	case ElementTypeSamplingRules.String:
-		return ElementTypeSamplingRules
-	case ElementTypeDropRules.String:
-		return ElementTypeDropRules
-	case ElementTypeLogPipelines.String:
-		return ElementTypeLogPipelines
-	case ElementTypeLbExporter.String:
-		return ElementTypeLbExporter
-	default:
-		return ElementType{valuer.NewString("")}
-	}
+type AgentConfigElement struct {
+	bun.BaseModel `bun:"table:agent_config_element"`
+
+	types.Identifiable
+	types.TimeAuditable
+	ElementID   string      `bun:"element_id,type:text,notnull,unique:element_type_version_idx"`
+	ElementType string      `bun:"element_type,type:text,notnull,unique:element_type_version_idx"`
+	VersionID   valuer.UUID `bun:"version_id,type:text,notnull,unique:element_type_version_idx"`
 }