From f1648f62b7f4a50d10ec337723575b7d0808d1c8 Mon Sep 17 00:00:00 2001
From: Rodney Norris <rodney.norris@elastic.co>
Date: Mon, 15 Jan 2024 05:29:54 -0600
Subject: [PATCH] [Serverless Search] refactor(security): update create api key
 flyout markup (#170074)

## Summary

Updating the markup for the security plugin create API key flyout to
match the flyout used by serverless search getting started page.
Update API key with roles
<img width="957" alt="image"
src="https://github.com/elastic/kibana/assets/1972968/cabd5546-246e-42ef-9870-0e35a5c3aa5d">

Update API key with metadata
<img width="957" alt="image"
src="https://github.com/elastic/kibana/assets/1972968/ce774206-723b-4731-a9bf-8d9141e277a3">

### Checklist

Delete any items that are not applicable to this PR.

- [x] Any text added follows [EUI's writing
guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses
sentence case text and includes [i18n
support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md)
- [x] [Unit or functional
tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)
were updated or added to match the most common scenarios
- [x] Any UI touched in this PR is usable by keyboard only (learn more
about [keyboard accessibility](https://webaim.org/techniques/keyboard/))
- [x] Any UI touched in this PR does not create any new axe failures
(run axe in browser:
[FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/),
[Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US))
- [x] This renders correctly on smaller devices using a responsive
layout. (You can test this [in your
browser](https://www.browserstack.com/guide/responsive-testing-on-local-server))
- [ ] This was checked for [cross-browser
compatibility](https://www.elastic.co/support/matrix#matrix_browsers)

---------

Co-authored-by: Sander Philipse <sander.philipse@elastic.co>
Co-authored-by: Sander Philipse <94373878+sphilipse@users.noreply.github.com>
Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
---
 .../api_keys/api_keys_grid/api_key_flyout.tsx | 785 +++++++++++-------
 x-pack/plugins/security/tsconfig.json         |   8 +-
 .../translations/translations/fr-FR.json      |   4 -
 .../translations/translations/ja-JP.json      |   4 -
 .../translations/translations/zh-CN.json      |   4 -
 .../functional/apps/api_keys/home_page.ts     |  20 +-
 .../functional/page_objects/api_keys_page.ts  |   4 +
 7 files changed, 489 insertions(+), 340 deletions(-)

diff --git a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx
index d2346147da3d1..18bc6db281939 100644
--- a/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx
+++ b/x-pack/plugins/security/public/management/api_keys/api_keys_grid/api_key_flyout.tsx
@@ -18,28 +18,31 @@ import {
   EuiFlyoutBody,
   EuiFlyoutFooter,
   EuiFlyoutHeader,
-  EuiFormFieldset,
   EuiFormRow,
   EuiHorizontalRule,
+  EuiIcon,
+  EuiPanel,
   EuiSkeletonText,
   EuiSpacer,
   EuiSwitch,
   EuiText,
   EuiTitle,
+  useEuiTheme,
 } from '@elastic/eui';
 import { Form, FormikProvider, useFormik } from 'formik';
 import moment from 'moment-timezone';
 import type { FunctionComponent } from 'react';
-import React, { useEffect } from 'react';
+import React, { useEffect, useState } from 'react';
 import useAsyncFn from 'react-use/lib/useAsyncFn';
 
 import { CodeEditorField } from '@kbn/code-editor';
 import { i18n } from '@kbn/i18n';
-import { FormattedMessage } from '@kbn/i18n-react';
+import { FormattedDate, FormattedMessage } from '@kbn/i18n-react';
 import { useKibana } from '@kbn/kibana-react-plugin/public';
+import type { KibanaServerError } from '@kbn/kibana-utils-plugin/public';
 
 import type { CategorizedApiKey } from './api_keys_grid_page';
-import { ApiKeyBadge, ApiKeyStatus, TimeToolTip, UsernameWithIcon } from './api_keys_grid_page';
+import { ApiKeyBadge, ApiKeyStatus, TimeToolTip } from './api_keys_grid_page';
 import type { ApiKeyRoleDescriptors } from '../../../../common/model';
 import { DocLink } from '../../../components/doc_link';
 import { FormField } from '../../../components/form_field';
@@ -56,6 +59,27 @@ import type {
   UpdateAPIKeyResult,
 } from '../api_keys_api_client';
 
+const TypeLabel = () => (
+  <FormattedMessage
+    id="xpack.security.accountManagement.apiKeyFlyout.typeLabel"
+    defaultMessage="Type"
+  />
+);
+
+const NameLabel = () => (
+  <FormattedMessage
+    id="xpack.security.accountManagement.apiKeyFlyout.nameLabel"
+    defaultMessage="Name"
+  />
+);
+
+const invalidJsonError = i18n.translate(
+  'xpack.security.management.apiKeys.apiKeyFlyout.invalidJsonError',
+  {
+    defaultMessage: 'Enter valid JSON.',
+  }
+);
+
 export interface ApiKeyFormValues {
   name: string;
   type: string;
@@ -89,10 +113,10 @@ export type ApiKeyFlyoutProps = ExclusiveUnion<CreateApiKeyFlyoutProps, UpdateAp
 const defaultInitialValues: ApiKeyFormValues = {
   name: '',
   type: 'rest',
-  customExpiration: false,
   expiration: '',
   includeMetadata: false,
   metadata: '{}',
+  customExpiration: false,
   customPrivileges: false,
   access: JSON.stringify(
     {
@@ -120,12 +144,14 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
   canManageCrossClusterApiKeys = false,
   readOnly = false,
 }) => {
+  const { euiTheme } = useEuiTheme();
   const { services } = useKibana();
   const { value: currentUser, loading: isLoadingCurrentUser } = useCurrentUser();
   const [{ value: roles, loading: isLoadingRoles }, getRoles] = useAsyncFn(
     () => new RolesAPIClient(services.http!).getRoles(),
     [services.http]
   );
+  const [responseError, setResponseError] = useState<KibanaServerError | undefined>(undefined);
 
   const formik = useFormik<ApiKeyFormValues>({
     onSubmit: async (values) => {
@@ -143,7 +169,9 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
 
           onSuccess?.(createApiKeyResponse);
         }
+        setResponseError(undefined);
       } catch (error) {
+        setResponseError(error.body);
         throw error;
       }
     },
@@ -209,6 +237,12 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
         values: { isSubmitting: formik.isSubmitting },
       });
 
+  let expirationDate: Date | undefined;
+  if (formik.values.customExpiration) {
+    expirationDate = new Date();
+    expirationDate.setDate(expirationDate.getDate() + parseInt(formik.values.expiration, 10));
+  }
+
   return (
     <FormikProvider value={formik}>
       <EuiFlyout onClose={onCancel} aria-labelledby={titleId} size="m" ownFocus>
@@ -223,6 +257,22 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
           </EuiFlyoutHeader>
           <EuiFlyoutBody>
             <EuiSkeletonText isLoading={isLoading}>
+              {responseError && (
+                <>
+                  <EuiCallOut
+                    color="danger"
+                    title={
+                      <FormattedMessage
+                        id="xpack.security.accountManagement.apiKeyFlyout.responseErrorTitle"
+                        defaultMessage="Error creating API key"
+                      />
+                    }
+                  >
+                    {responseError.message}
+                  </EuiCallOut>
+                  <EuiSpacer />
+                </>
+              )}
               {apiKey && !readOnly ? (
                 !isOwner ? (
                   <>
@@ -252,243 +302,406 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                   </>
                 ) : null
               ) : null}
-
-              <FormRow
-                label={
-                  <FormattedMessage
-                    id="xpack.security.accountManagement.apiKeyFlyout.nameLabel"
-                    defaultMessage="Name"
-                  />
-                }
-                fullWidth
-              >
-                <FormField
-                  name="name"
-                  inputRef={firstFieldRef}
-                  data-test-subj="apiKeyNameInput"
-                  disabled={readOnly || !!apiKey}
-                  validate={{
-                    required: i18n.translate(
-                      'xpack.security.management.apiKeys.apiKeyFlyout.nameRequired',
-                      {
-                        defaultMessage: 'Enter a name.',
-                      }
-                    ),
-                  }}
-                  fullWidth
-                />
-              </FormRow>
-
-              {apiKey ? (
-                <>
-                  <EuiSpacer />
-                  <EuiFlexGroup gutterSize="xl">
-                    <EuiFlexItem grow={false}>
-                      <EuiFormRow
-                        label={
-                          <FormattedMessage
-                            id="xpack.security.accountManagement.apiKeyFlyout.typeLabel"
-                            defaultMessage="Type"
-                          />
-                        }
-                      >
+              <EuiPanel hasBorder>
+                {apiKey ? (
+                  <>
+                    <EuiTitle size="xs">
+                      <h4>
+                        <FormattedMessage
+                          id="xpack.security.accountManagement.apiKeyFlyout.overviewLabel"
+                          defaultMessage="Overview"
+                        />
+                      </h4>
+                    </EuiTitle>
+                    <EuiSpacer />
+                    <EuiFlexGroup alignItems="center" justifyContent="spaceBetween">
+                      <EuiFlexItem>
+                        <EuiText size="xs">
+                          <strong>
+                            <NameLabel />
+                          </strong>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem grow={false}>{apiKey.name}</EuiFlexItem>
+                    </EuiFlexGroup>
+                    <EuiHorizontalRule margin="s" />
+                    <EuiFlexGroup alignItems="center" justifyContent="spaceBetween">
+                      <EuiFlexItem>
+                        <EuiText size="xs">
+                          <strong>
+                            <FormattedMessage
+                              id="xpack.security.accountManagement.apiKeyFlyout.ownerLabel"
+                              defaultMessage="Owner"
+                            />
+                          </strong>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem grow={false}>
+                        <EuiFlexGroup justifyContent="flexEnd" alignItems="center" gutterSize="xs">
+                          <EuiFlexItem grow={false}>
+                            <EuiIcon type="user" />
+                          </EuiFlexItem>
+                          <EuiFlexItem grow={false}>{apiKey.username}</EuiFlexItem>
+                        </EuiFlexGroup>
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                    <EuiHorizontalRule margin="s" />
+
+                    <EuiFlexGroup alignItems="center" justifyContent="spaceBetween">
+                      <EuiFlexItem>
+                        <EuiText size="xs">
+                          <strong>
+                            <TypeLabel />
+                          </strong>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem grow={false}>
                         <ApiKeyBadge type={apiKey.type} />
-                      </EuiFormRow>
-                    </EuiFlexItem>
-                    <EuiFlexItem grow={false}>
-                      <EuiFormRow
-                        label={
-                          <FormattedMessage
-                            id="xpack.security.accountManagement.apiKeyFlyout.ownerLabel"
-                            defaultMessage="Owner"
-                          />
-                        }
-                      >
-                        <UsernameWithIcon username={apiKey.username} />
-                      </EuiFormRow>
-                    </EuiFlexItem>
-                    <EuiFlexItem grow={false}>
-                      <EuiFormRow
-                        label={
-                          <FormattedMessage
-                            id="xpack.security.accountManagement.apiKeyFlyout.createdLabel"
-                            defaultMessage="Created"
-                          />
-                        }
-                      >
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                    <EuiHorizontalRule margin="s" />
+
+                    <EuiFlexGroup alignItems="center" justifyContent="spaceBetween">
+                      <EuiFlexItem>
+                        <EuiText size="xs">
+                          <strong>
+                            <FormattedMessage
+                              id="xpack.security.accountManagement.apiKeyFlyout.createdLabel"
+                              defaultMessage="Created"
+                            />
+                          </strong>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem grow={false}>
                         <TimeToolTip timestamp={apiKey.creation} />
-                      </EuiFormRow>
-                    </EuiFlexItem>
-                    <EuiFlexItem grow={false}>
-                      <EuiFormRow
-                        label={
-                          <FormattedMessage
-                            id="xpack.security.accountManagement.apiKeyFlyout.statusLabel"
-                            defaultMessage="Status"
-                          />
-                        }
-                      >
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                    <EuiHorizontalRule margin="s" />
+
+                    <EuiFlexGroup alignItems="center" justifyContent="spaceBetween">
+                      <EuiFlexItem>
+                        <EuiText size="xs">
+                          <strong>
+                            <FormattedMessage
+                              id="xpack.security.accountManagement.apiKeyFlyout.statusLabel"
+                              defaultMessage="Status"
+                            />
+                          </strong>
+                        </EuiText>
+                      </EuiFlexItem>
+                      <EuiFlexItem grow={false}>
                         <ApiKeyStatus expiration={apiKey.expiration} />
-                      </EuiFormRow>
-                    </EuiFlexItem>
-                  </EuiFlexGroup>
-                </>
-              ) : canManageCrossClusterApiKeys ? (
-                <FormRow
-                  name="type"
-                  label={
-                    <FormattedMessage
-                      id="xpack.security.accountManagement.apiKeyFlyout.typeLabel"
-                      defaultMessage="Type"
-                    />
-                  }
-                  fullWidth
-                >
-                  <EuiFlexGroup gutterSize="m">
-                    <EuiFlexItem>
-                      <EuiCheckableCard
-                        id="rest"
-                        label={
-                          <>
-                            <EuiTitle size="xxs">
-                              <h2>
-                                <FormattedMessage
-                                  id="xpack.security.accountManagement.apiKeyFlyout.restTypeLabel"
-                                  defaultMessage="Personal API key"
-                                />
-                              </h2>
-                            </EuiTitle>
-                            <EuiSpacer size="xs" />
-                            <EuiText size="s">
-                              <FormattedMessage
-                                id="xpack.security.accountManagement.apiKeyFlyout.restTypeDescription"
-                                defaultMessage="Allow external services to access the Elastic Stack on your behalf."
-                              />
-                            </EuiText>
-                          </>
-                        }
-                        onChange={() => formik.setFieldValue('type', 'rest')}
-                        checked={formik.values.type === 'rest'}
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                  </>
+                ) : (
+                  <>
+                    <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s">
+                      <EuiFlexItem grow={false}>
+                        <EuiIcon type="gear" />
+                      </EuiFlexItem>
+                      <EuiFlexItem>
+                        <EuiTitle size="xs">
+                          <h4>
+                            <FormattedMessage
+                              id="xpack.security.accountManagement.apiKeyFlyout.setup.title"
+                              defaultMessage="Setup"
+                            />
+                          </h4>
+                        </EuiTitle>
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                    <EuiSpacer size="xs" />
+                    <EuiText color="subdued" size="xs">
+                      <p>
+                        <FormattedMessage
+                          id="xpack.security.accountManagement.apiKeyFlyout.setup.description"
+                          defaultMessage="Basic configuration details to create your API key."
+                        />
+                      </p>
+                    </EuiText>
+                    <EuiSpacer size="s" />
+                    <FormRow label={<NameLabel />} fullWidth>
+                      <FormField
+                        name="name"
+                        inputRef={firstFieldRef}
+                        data-test-subj="apiKeyNameInput"
+                        disabled={readOnly || !!apiKey}
+                        validate={{
+                          required: i18n.translate(
+                            'xpack.security.management.apiKeys.apiKeyFlyout.nameRequired',
+                            {
+                              defaultMessage: 'Enter a name.',
+                            }
+                          ),
+                        }}
+                        fullWidth
                       />
-                    </EuiFlexItem>
-                    <EuiFlexItem>
-                      <EuiCheckableCard
-                        id="cross_cluster"
+                    </FormRow>
+                    {canManageCrossClusterApiKeys ? (
+                      <FormRow name="type" label={<TypeLabel />} fullWidth>
+                        <EuiFlexGroup gutterSize="m">
+                          <EuiFlexItem>
+                            <EuiCheckableCard
+                              id="rest"
+                              label={
+                                <>
+                                  <EuiTitle size="xxs">
+                                    <h2>
+                                      <FormattedMessage
+                                        id="xpack.security.accountManagement.apiKeyFlyout.restTypeLabel"
+                                        defaultMessage="Personal API key"
+                                      />
+                                    </h2>
+                                  </EuiTitle>
+                                  <EuiSpacer size="xs" />
+                                  <EuiText size="s">
+                                    <FormattedMessage
+                                      id="xpack.security.accountManagement.apiKeyFlyout.restTypeDescription"
+                                      defaultMessage="Allow external services to access the Elastic Stack on your behalf."
+                                    />
+                                  </EuiText>
+                                </>
+                              }
+                              onChange={() => formik.setFieldValue('type', 'rest')}
+                              checked={formik.values.type === 'rest'}
+                            />
+                          </EuiFlexItem>
+                          <EuiFlexItem>
+                            <EuiCheckableCard
+                              id="cross_cluster"
+                              label={
+                                <>
+                                  <EuiTitle size="xxs">
+                                    <h2>
+                                      <FormattedMessage
+                                        id="xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeLabel"
+                                        defaultMessage="Cross-Cluster API key"
+                                      />
+                                    </h2>
+                                  </EuiTitle>
+                                  <EuiSpacer size="xs" />
+                                  <EuiText size="s">
+                                    <FormattedMessage
+                                      id="xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeDescription"
+                                      defaultMessage="Allow remote clusters to connect to your local cluster."
+                                    />
+                                  </EuiText>
+                                </>
+                              }
+                              onChange={() => formik.setFieldValue('type', 'cross_cluster')}
+                              checked={formik.values.type === 'cross_cluster'}
+                            />
+                          </EuiFlexItem>
+                        </EuiFlexGroup>
+                      </FormRow>
+                    ) : (
+                      <EuiFormRow label={<TypeLabel />}>
+                        <ApiKeyBadge type="rest" />
+                      </EuiFormRow>
+                    )}
+                  </>
+                )}
+              </EuiPanel>
+              <EuiSpacer />
+              {!apiKey && (
+                <>
+                  <EuiPanel hasBorder>
+                    <div style={{ paddingRight: euiTheme.size.s }}>
+                      <EuiSwitch
+                        data-test-subj="apiKeyCustomExpirationSwitch"
                         label={
-                          <>
-                            <EuiTitle size="xxs">
-                              <h2>
-                                <FormattedMessage
-                                  id="xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeLabel"
-                                  defaultMessage="Cross-Cluster API key"
-                                />
-                              </h2>
-                            </EuiTitle>
-                            <EuiSpacer size="xs" />
-                            <EuiText size="s">
+                          <EuiTitle size="xs">
+                            <h4>
                               <FormattedMessage
-                                id="xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeDescription"
-                                defaultMessage="Allow remote clusters to connect to your local cluster."
+                                id="xpack.security.accountManagement.apiKeyFlyout.applyExpirationDateLabel"
+                                defaultMessage="Apply expiration date"
                               />
-                            </EuiText>
-                          </>
+                            </h4>
+                          </EuiTitle>
                         }
-                        onChange={() => formik.setFieldValue('type', 'cross_cluster')}
-                        checked={formik.values.type === 'cross_cluster'}
+                        checked={Boolean(formik.values.customExpiration)}
+                        disabled={readOnly || !!apiKey}
+                        onChange={(e) => formik.setFieldValue('customExpiration', e.target.checked)}
                       />
-                    </EuiFlexItem>
-                  </EuiFlexGroup>
-                </FormRow>
-              ) : (
-                <EuiFormRow
-                  label={
-                    <FormattedMessage
-                      id="xpack.security.accountManagement.apiKeyFlyout.typeLabel"
-                      defaultMessage="Type"
-                    />
-                  }
-                >
-                  <ApiKeyBadge type="rest" />
-                </EuiFormRow>
+                      <EuiSpacer size="xs" />
+                      <EuiText color="subdued" size="xs">
+                        <p>
+                          <FormattedMessage
+                            id="xpack.security.accountManagement.apiKeyFlyout.expiresFieldHelpText"
+                            defaultMessage="Setting an expiration date is a security best practice. Defaults to no expiration."
+                          />
+                        </p>
+                      </EuiText>
+                    </div>
+                    {formik.values.customExpiration && (
+                      <>
+                        <EuiSpacer />
+                        <EuiFormRow
+                          fullWidth
+                          helpText={
+                            <FormattedMessage
+                              id="xpack.security.accountManagement.apiKeyFlyout.expirationHelpText"
+                              defaultMessage="This API Key will expire on {expirationDate}"
+                              values={{
+                                expirationDate: (
+                                  <strong>
+                                    <FormattedDate
+                                      year="numeric"
+                                      month="long"
+                                      day="numeric"
+                                      value={expirationDate!}
+                                    />
+                                  </strong>
+                                ),
+                              }}
+                            />
+                          }
+                        >
+                          <FormField
+                            as={EuiFieldNumber}
+                            name="expiration"
+                            min={0}
+                            append={i18n.translate(
+                              'xpack.security.accountManagement.apiKeyFlyout.expirationUnit',
+                              {
+                                defaultMessage: 'days',
+                              }
+                            )}
+                            validate={{
+                              min: {
+                                value: 1,
+                                message: i18n.translate(
+                                  'xpack.security.management.apiKeys.apiKeyFlyout.expirationRequired',
+                                  {
+                                    defaultMessage:
+                                      'Enter a valid duration or disable this option.',
+                                  }
+                                ),
+                              },
+                            }}
+                            disabled={readOnly || !!apiKey}
+                            data-test-subj="apiKeyCustomExpirationInput"
+                          />
+                        </EuiFormRow>
+                      </>
+                    )}
+                  </EuiPanel>
+                  <EuiSpacer size="l" />
+                </>
               )}
-              <EuiHorizontalRule />
-
               {formik.values.type === 'cross_cluster' ? (
-                <FormRow
-                  data-test-subj="apiKeysAccessCodeEditor"
-                  label={
-                    <FormattedMessage
-                      id="xpack.security.accountManagement.apiKeyFlyout.accessLabel"
-                      defaultMessage="Access"
-                    />
-                  }
-                  helpText={
-                    <DocLink
-                      app="elasticsearch"
-                      doc="security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body"
-                    >
+                <EuiPanel hasBorder>
+                  <div style={{ paddingRight: euiTheme.size.s }}>
+                    <EuiFlexGroup justifyContent="flexStart" alignItems="center" gutterSize="s">
+                      <EuiFlexItem grow={false}>
+                        <EuiIcon type="lock" />
+                      </EuiFlexItem>
+                      <EuiFlexItem>
+                        <EuiTitle size="xs">
+                          <h4>
+                            {i18n.translate(
+                              'xpack.security.accountManagement.apiKeyFlyout.accessPermissions.title',
+                              {
+                                defaultMessage: 'Access Permissions',
+                              }
+                            )}
+                          </h4>
+                        </EuiTitle>
+                      </EuiFlexItem>
+                    </EuiFlexGroup>
+                  </div>
+                  <FormRow
+                    data-test-subj="apiKeysAccessCodeEditor"
+                    label={
                       <FormattedMessage
-                        id="xpack.security.accountManagement.apiKeyFlyout.accessHelpText"
-                        defaultMessage="Learn how to structure access permissions."
+                        id="xpack.security.accountManagement.apiKeyFlyout.accessLabel"
+                        defaultMessage="Access"
                       />
-                    </DocLink>
-                  }
-                  fullWidth
-                >
-                  <FormField
-                    as={CodeEditorField}
-                    name="access"
-                    aria-label={i18n.translate(
-                      'xpack.security.management.apiKeys.apiKeyFlyout.accessCodeEditor',
-                      {
-                        defaultMessage: 'Code editor for access permissions',
-                      }
-                    )}
-                    value={formik.values.access}
-                    options={{ readOnly: readOnly || (apiKey && !canEdit) }}
-                    onChange={(value: string) => formik.setFieldValue('access', value)}
-                    validate={(value: string) => {
-                      if (!value) {
-                        return i18n.translate(
-                          'xpack.security.management.apiKeys.apiKeyFlyout.accessRequired',
-                          {
-                            defaultMessage: 'Enter access permissions or disable this option.',
-                          }
-                        );
+                    }
+                    helpText={
+                      <DocLink
+                        app="elasticsearch"
+                        doc="security-api-create-cross-cluster-api-key.html#security-api-create-cross-cluster-api-key-request-body"
+                      >
+                        <FormattedMessage
+                          id="xpack.security.accountManagement.apiKeyFlyout.accessHelpText"
+                          defaultMessage="Learn how to structure access permissions."
+                        />
+                      </DocLink>
+                    }
+                    fullWidth
+                  >
+                    <FormField
+                      as={CodeEditorField}
+                      name="access"
+                      aria-label={i18n.translate(
+                        'xpack.security.management.apiKeys.apiKeyFlyout.accessCodeEditor',
+                        {
+                          defaultMessage: 'Code editor for access permissions',
+                        }
+                      )}
+                      value={formik.values.access}
+                      options={{ readOnly: readOnly || (apiKey && !canEdit) }}
+                      onChange={(value: string) => formik.setFieldValue('access', value)}
+                      validate={(value: string) => {
+                        if (!value) {
+                          return i18n.translate(
+                            'xpack.security.management.apiKeys.apiKeyFlyout.accessRequired',
+                            {
+                              defaultMessage: 'Enter access permissions or disable this option.',
+                            }
+                          );
+                        }
+                        try {
+                          JSON.parse(value);
+                        } catch (e) {
+                          return invalidJsonError;
+                        }
+                      }}
+                      fullWidth
+                      languageId="xjson"
+                      height={200}
+                    />
+                  </FormRow>
+                </EuiPanel>
+              ) : (
+                <EuiPanel hasBorder>
+                  <div style={{ paddingRight: euiTheme.size.s }}>
+                    <EuiSwitch
+                      label={
+                        <EuiTitle size="xs">
+                          <h4>
+                            {i18n.translate(
+                              'xpack.security.accountManagement.apiKeyFlyout.privileges.title',
+                              {
+                                defaultMessage: 'Control security privileges',
+                              }
+                            )}
+                          </h4>
+                        </EuiTitle>
                       }
-                      try {
-                        JSON.parse(value);
-                      } catch (e) {
-                        return i18n.translate(
-                          'xpack.security.management.apiKeys.apiKeyFlyout.invalidJsonError',
+                      checked={formik.values.customPrivileges}
+                      data-test-subj="apiKeysRoleDescriptorsSwitch"
+                      onChange={(e) => formik.setFieldValue('customPrivileges', e.target.checked)}
+                      disabled={readOnly || (apiKey && !canEdit)}
+                    />
+                    <EuiSpacer size="xs" />
+                    <EuiText color="subdued" size="xs">
+                      <p>
+                        {i18n.translate(
+                          'xpack.security.accountManagement.apiKeyFlyout.privileges.description',
                           {
-                            defaultMessage: 'Enter valid JSON.',
+                            defaultMessage:
+                              'Control access to specific Elasticsearch APIs and resources using predefined roles or custom privileges per API key.',
                           }
-                        );
-                      }
-                    }}
-                    fullWidth
-                    languageId="xjson"
-                    height={200}
-                  />
-                </FormRow>
-              ) : (
-                <EuiFormFieldset>
-                  <EuiSwitch
-                    label={
-                      <FormattedMessage
-                        id="xpack.security.accountManagement.apiKeyFlyout.customPrivilegesLabel"
-                        defaultMessage="Restrict privileges"
-                      />
-                    }
-                    checked={formik.values.customPrivileges}
-                    data-test-subj="apiKeysRoleDescriptorsSwitch"
-                    onChange={(e) => formik.setFieldValue('customPrivileges', e.target.checked)}
-                    disabled={readOnly || (apiKey && !canEdit)}
-                  />
+                        )}
+                      </p>
+                    </EuiText>
+                  </div>
                   {formik.values.customPrivileges && (
                     <>
-                      <EuiSpacer size="m" />
+                      <EuiSpacer />
                       <FormRow
                         helpText={
                           <DocLink
@@ -530,12 +743,7 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                             try {
                               JSON.parse(value);
                             } catch (e) {
-                              return i18n.translate(
-                                'xpack.security.management.apiKeys.apiKeyFlyout.invalidJsonError',
-                                {
-                                  defaultMessage: 'Enter valid JSON.',
-                                }
-                              );
+                              return invalidJsonError;
                             }
                           }}
                           fullWidth
@@ -543,89 +751,42 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                           height={200}
                         />
                       </FormRow>
-                      <EuiSpacer size="s" />
                     </>
                   )}
-                </EuiFormFieldset>
+                </EuiPanel>
               )}
-
-              {!apiKey && (
-                <>
-                  <EuiSpacer />
-                  <EuiFormFieldset>
-                    <EuiSwitch
-                      label={
-                        <FormattedMessage
-                          id="xpack.security.accountManagement.apiKeyFlyout.customExpirationLabel"
-                          defaultMessage="Expire after time"
-                        />
-                      }
-                      checked={formik.values.customExpiration}
-                      onChange={(e) => formik.setFieldValue('customExpiration', e.target.checked)}
-                      disabled={readOnly || !!apiKey}
-                      data-test-subj="apiKeyCustomExpirationSwitch"
-                    />
-                    {formik.values.customExpiration && (
-                      <>
-                        <EuiSpacer size="m" />
-                        <FormRow
-                          label={
-                            <FormattedMessage
-                              id="xpack.security.accountManagement.apiKeyFlyout.customExpirationInputLabel"
-                              defaultMessage="Lifetime"
-                            />
-                          }
-                          fullWidth
-                        >
-                          <FormField
-                            as={EuiFieldNumber}
-                            name="expiration"
-                            min={0}
-                            append={i18n.translate(
-                              'xpack.security.accountManagement.apiKeyFlyout.expirationUnit',
-                              {
-                                defaultMessage: 'days',
-                              }
-                            )}
-                            validate={{
-                              min: {
-                                value: 1,
-                                message: i18n.translate(
-                                  'xpack.security.management.apiKeys.apiKeyFlyout.expirationRequired',
-                                  {
-                                    defaultMessage:
-                                      'Enter a valid duration or disable this option.',
-                                  }
-                                ),
-                              },
-                            }}
-                            disabled={readOnly || !!apiKey}
-                            data-test-subj="apiKeyCustomExpirationInput"
+              <EuiSpacer size="l" />
+              <EuiPanel hasBorder>
+                <div style={{ paddingRight: euiTheme.size.s }}>
+                  <EuiSwitch
+                    label={
+                      <EuiTitle size="xs">
+                        <h4>
+                          <FormattedMessage
+                            id="xpack.security.accountManagement.apiKeyFlyout.metadata.title"
+                            defaultMessage="Add metadata"
                           />
-                        </FormRow>
-                        <EuiSpacer size="s" />
-                      </>
-                    )}
-                  </EuiFormFieldset>
-                </>
-              )}
-              <EuiSpacer />
-              <EuiFormFieldset>
-                <EuiSwitch
-                  label={
-                    <FormattedMessage
-                      id="xpack.security.accountManagement.apiKeyFlyout.includeMetadataLabel"
-                      defaultMessage="Include metadata"
-                    />
-                  }
-                  data-test-subj="apiKeysMetadataSwitch"
-                  checked={formik.values.includeMetadata}
-                  disabled={readOnly || (apiKey && !canEdit)}
-                  onChange={(e) => formik.setFieldValue('includeMetadata', e.target.checked)}
-                />
+                        </h4>
+                      </EuiTitle>
+                    }
+                    data-test-subj="apiKeysMetadataSwitch"
+                    checked={formik.values.includeMetadata}
+                    disabled={readOnly || (apiKey && !canEdit)}
+                    onChange={(e) => formik.setFieldValue('includeMetadata', e.target.checked)}
+                  />
+                  <EuiSpacer size="xs" />
+                  <EuiText color="subdued" size="xs">
+                    <p>
+                      <FormattedMessage
+                        id="xpack.security.accountManagement.apiKeyFlyout.metadata.description"
+                        defaultMessage="Use configurable key-value pairs to add information about the API key or customize Elasticsearch resource access."
+                      />
+                    </p>
+                  </EuiText>
+                </div>
                 {formik.values.includeMetadata && (
                   <>
-                    <EuiSpacer size="m" />
+                    <EuiSpacer />
                     <FormRow
                       data-test-subj="apiKeysMetadataCodeEditor"
                       helpText={
@@ -666,12 +827,7 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                           try {
                             JSON.parse(value);
                           } catch (e) {
-                            return i18n.translate(
-                              'xpack.security.management.apiKeys.apiKeyFlyout.invalidJsonError',
-                              {
-                                defaultMessage: 'Enter valid JSON.',
-                              }
-                            );
+                            return invalidJsonError;
                           }
                         }}
                         fullWidth
@@ -679,10 +835,9 @@ export const ApiKeyFlyout: FunctionComponent<ApiKeyFlyoutProps> = ({
                         height={200}
                       />
                     </FormRow>
-                    <EuiSpacer size="s" />
                   </>
                 )}
-              </EuiFormFieldset>
+              </EuiPanel>
             </EuiSkeletonText>
           </EuiFlyoutBody>
           <EuiFlyoutFooter>
diff --git a/x-pack/plugins/security/tsconfig.json b/x-pack/plugins/security/tsconfig.json
index 0b54e40c228e7..5a28a341b94da 100644
--- a/x-pack/plugins/security/tsconfig.json
+++ b/x-pack/plugins/security/tsconfig.json
@@ -3,7 +3,12 @@
   "compilerOptions": {
     "outDir": "target/types",
   },
-  "include": ["common/**/*", "public/**/*", "server/**/*", "__mocks__/**/*"],
+  "include": [
+    "common/**/*",
+    "public/**/*",
+    "server/**/*",
+    "__mocks__/**/*"
+  ],
   "kbn_references": [
     "@kbn/cloud-plugin",
     "@kbn/features-plugin",
@@ -66,6 +71,7 @@
     "@kbn/security-plugin-types-common",
     "@kbn/security-plugin-types-public",
     "@kbn/security-plugin-types-server",
+    "@kbn/kibana-utils-plugin",
     "@kbn/code-editor",
     "@kbn/code-editor-mock",
   ],
diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json
index dcf92f6e1670a..fcbc20c1a8c79 100644
--- a/x-pack/plugins/translations/translations/fr-FR.json
+++ b/x-pack/plugins/translations/translations/fr-FR.json
@@ -30825,11 +30825,7 @@
     "xpack.security.accountManagement.apiKeyFlyout.createTitle": "Créer une clé d'API",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeDescription": "Autorise les clusters distants à se connecter à votre cluster local.",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeLabel": "Clé d'API inter-clusters",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationInputLabel": "Durée de vie",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationLabel": "Délai d'expiration",
-    "xpack.security.accountManagement.apiKeyFlyout.customPrivilegesLabel": "Limiter les privilèges",
     "xpack.security.accountManagement.apiKeyFlyout.expirationUnit": "jours",
-    "xpack.security.accountManagement.apiKeyFlyout.includeMetadataLabel": "Inclure les métadonnées",
     "xpack.security.accountManagement.apiKeyFlyout.metadataHelpText": "Découvrez comment structurer les métadonnées.",
     "xpack.security.accountManagement.apiKeyFlyout.nameLabel": "Nom",
     "xpack.security.accountManagement.apiKeyFlyout.ownerLabel": "Propriétaire",
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index 5cf4410604fc4..62908af4bd9c1 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -30824,11 +30824,7 @@
     "xpack.security.accountManagement.apiKeyFlyout.createTitle": "APIキーを作成",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeDescription": "リモートクラスターがローカルクラスターに接続できるようにします。",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeLabel": "クラスター横断APIキー",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationInputLabel": "寿命",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationLabel": "時間の後に有効期限切れ",
-    "xpack.security.accountManagement.apiKeyFlyout.customPrivilegesLabel": "権限を制限",
     "xpack.security.accountManagement.apiKeyFlyout.expirationUnit": "日",
-    "xpack.security.accountManagement.apiKeyFlyout.includeMetadataLabel": "メタデータを含む",
     "xpack.security.accountManagement.apiKeyFlyout.metadataHelpText": "メタデータを構成する方法を参照してください。",
     "xpack.security.accountManagement.apiKeyFlyout.nameLabel": "名前",
     "xpack.security.accountManagement.apiKeyFlyout.ownerLabel": "所有者",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index c39642226aaa2..c1550eab55885 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -30806,11 +30806,7 @@
     "xpack.security.accountManagement.apiKeyFlyout.createTitle": "创建 API 密钥",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeDescription": "允许远程集群连接到本地集群。",
     "xpack.security.accountManagement.apiKeyFlyout.crossClusterTypeLabel": "跨集群 API 密钥",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationInputLabel": "寿命",
-    "xpack.security.accountManagement.apiKeyFlyout.customExpirationLabel": "有效时间",
-    "xpack.security.accountManagement.apiKeyFlyout.customPrivilegesLabel": "限制权限",
     "xpack.security.accountManagement.apiKeyFlyout.expirationUnit": "天",
-    "xpack.security.accountManagement.apiKeyFlyout.includeMetadataLabel": "包括元数据",
     "xpack.security.accountManagement.apiKeyFlyout.metadataHelpText": "了解如何结构化元数据。",
     "xpack.security.accountManagement.apiKeyFlyout.nameLabel": "名称",
     "xpack.security.accountManagement.apiKeyFlyout.ownerLabel": "所有者",
diff --git a/x-pack/test/functional/apps/api_keys/home_page.ts b/x-pack/test/functional/apps/api_keys/home_page.ts
index 316a2e32c47fd..7eb37c4665554 100644
--- a/x-pack/test/functional/apps/api_keys/home_page.ts
+++ b/x-pack/test/functional/apps/api_keys/home_page.ts
@@ -170,9 +170,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
 
         expect(await pageObjects.apiKeys.getFlyoutTitleText()).to.be('Update API key');
 
-        // Verify name input box are disabled
-        const apiKeyNameInput = await pageObjects.apiKeys.getApiKeyName();
-        expect(await apiKeyNameInput.isEnabled()).to.be(false);
+        // Verify name input box is not present
+        expect(await pageObjects.apiKeys.isApiKeyNamePresent()).to.be(false);
 
         // Status should be displayed
         const apiKeyStatus = await pageObjects.apiKeys.getFlyoutApiKeyStatus();
@@ -278,9 +277,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
         expect(await browser.getCurrentUrl()).to.contain('app/management/security/api_keys');
         expect(await pageObjects.apiKeys.getFlyoutTitleText()).to.be('API key details');
 
-        // Verify name input box are disabled
-        const apiKeyNameInput = await pageObjects.apiKeys.getApiKeyName();
-        expect(await apiKeyNameInput.isEnabled()).to.be(false);
+        // Verify name input box is not present
+        expect(await pageObjects.apiKeys.isApiKeyNamePresent()).to.be(false);
 
         // Status should be displayed
         const apiKeyStatus = await pageObjects.apiKeys.getFlyoutApiKeyStatus();
@@ -324,9 +322,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
         expect(await browser.getCurrentUrl()).to.contain('app/management/security/api_keys');
         expect(await pageObjects.apiKeys.getFlyoutTitleText()).to.be('API key details');
 
-        // Verify name input box are disabled
-        const apiKeyNameInput = await pageObjects.apiKeys.getApiKeyName();
-        expect(await apiKeyNameInput.isEnabled()).to.be(false);
+        // Verify name input box is not present
+        expect(await pageObjects.apiKeys.isApiKeyNamePresent()).to.be(false);
 
         // Status should be displayed
         const apiKeyStatus = await pageObjects.apiKeys.getFlyoutApiKeyStatus();
@@ -365,9 +362,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
         expect(await browser.getCurrentUrl()).to.contain('app/management/security/api_keys');
         expect(await pageObjects.apiKeys.getFlyoutTitleText()).to.be('API key details');
 
-        // Verify name input box are disabled
-        const apiKeyNameInput = await pageObjects.apiKeys.getApiKeyName();
-        expect(await apiKeyNameInput.isEnabled()).to.be(false);
+        // Verify name input box is not present
+        expect(await pageObjects.apiKeys.isApiKeyNamePresent()).to.be(false);
 
         // Status should be displayed
         const apiKeyStatus = await pageObjects.apiKeys.getFlyoutApiKeyStatus();
diff --git a/x-pack/test/functional/page_objects/api_keys_page.ts b/x-pack/test/functional/page_objects/api_keys_page.ts
index 0875774470018..8f74f927b976f 100644
--- a/x-pack/test/functional/page_objects/api_keys_page.ts
+++ b/x-pack/test/functional/page_objects/api_keys_page.ts
@@ -45,6 +45,10 @@ export function ApiKeysPageProvider({ getService }: FtrProviderContext) {
       return await testSubjects.find('apiKeyNameInput');
     },
 
+    async isApiKeyNamePresent() {
+      return await testSubjects.exists('apiKeyNameInput');
+    },
+
     async setApiKeyCustomExpiration(expirationTime: string) {
       return await testSubjects.setValue('apiKeyCustomExpirationInput', expirationTime);
     },