Appearance
Service accounts
Production AI calls aren't people. A nightly summarisation job, a customer-facing chatbot, an evaluation harness — they should be governed differently from a developer at their keyboard. Service accounts give each one its own identity, scope statement, and signal trail.
This page lives at Settings → AI → AI Service Accounts. Admin-only.
What a service account is
An AiServiceAccount is a named, environment-scoped principal that production AI traffic authenticates as. Each one carries:
| Field | Meaning |
|---|---|
| Name | Human-readable label (e.g. nightly-digest-summariser) |
| Environment | production, staging, development — drives signal severity |
| Description | What this workload does |
| Intended scope | A sentence stating what the account is allowed to do — used in audits and as an LLM prompt for scope-creep detection |
| Abuse detection | On / off — whether this account participates in the abuse-pattern signal stream |
When you create one, Flowstate provisions a dedicated telemetry key bound to the account. Production traffic uses that key (or the underlying API key it manages) to identify itself.
The list
The page is a flat table of every service account in the org:
| Column | What it shows |
|---|---|
| Name | Account name |
| Environment | Pill — production, staging, development |
| First seen | First ingest timestamp |
| Last seen | Most recent ingest timestamp |
| Abuse detection | On / off |
| Actions | Edit, delete |
Creating one
The Create button at the top opens a dialog. The form requires name and environment. Description and intended-scope are optional but recommended — both feed into audit and signal context.
After save, a one-time reveal modal shows the raw API key with the visible prefix for record-keeping. This is the only time the full key is shown. Copy it into your secrets manager immediately. The prefix is searchable later for incident response.
WARNING
The raw key is shown once. Lose it and you have to rotate. Don't paste it into a chat window.
Editing
The pencil icon opens an edit drawer. You can change name, environment, description, intended scope, and the abuse-detection toggle. You cannot edit the underlying telemetry key — to rotate the credential, delete and recreate.
Deleting
The trash icon opens a confirm dialog. Deleting soft-deletes the account and revokes its telemetry key in the same transaction. Past ingest data is retained — only future traffic with the revoked key will fail.
Why these are separate from human keys
Three reasons:
- Scoped policy. A
BLOCKrule that's right for engineers ("no PII in prompts") might break the customer-facing summariser that legitimately processes PII. Service accounts let policy target each one explicitly. - Cleaner signals. Behavioural-signal categories like
personal_use_company_accountmake no sense for a service workload. The signal stream filters them automatically when the subject is a service account. - Audit clarity. When
forecast_breachfires on the nightly digest job, you want to see "service: nightly-digest-summariser / production" — not "subject: nobody".
What lands on Alerts
Behavioural signals raised against service accounts show up on Alerts and signals with the service badge in the drawer. The drawer surfaces the account name and environment alongside the signal details.
Empty state
If you've never created a service account, the page shows a friendly empty card with a CTA. Most orgs start with one or two — typically a production summariser and a staging counterpart — and grow from there.