[DOCS-815] Hashed API key updates for single-tenant

lychee.toml

@@ -56,6 +56,7 @@ exclude = [
   # Third party URLs
   'https://auth0.com/docs',
   'https://cognito-idp.us-east-1.amazonaws.com',
+  'https://hhs.gov',
 
   # W&B production URLs
   '^https://github\.com/wandb',

platform/hosting/iam/service-accounts.mdx

@@ -35,7 +35,7 @@ Service accounts are particularly useful for:
 - **Airflow/Prefect/Dagster**: ML pipeline orchestration tools
 
 <Note>
-Service accounts are available on [Dedicated Cloud](/platform/hosting/hosting-options/dedicated_cloud), [Self-Managed instances](/platform/hosting/hosting-options/self-managed) with an enterprise license, and enterprise accounts in [SaaS Cloud](/platform/hosting/hosting-options/multi_tenant_cloud).
+Service accounts are available on [Dedicated Cloud](/platform/hosting/hosting-options/dedicated_cloud), [Self-Managed instances](/platform/hosting/hosting-options/self-managed) with an enterprise license, and enterprise accounts in [Multi-tenant Cloud](/platform/hosting/hosting-options/multi_tenant_cloud).
 </Note>
 
 ## Organization-scoped service accounts

platform/hosting/monitoring-usage/audit-logging.mdx

@@ -18,7 +18,7 @@ For more details about the format of the logs, see [Audit log schema](#audit-log
 
 ## Audit log retention
 - If you require audit logs to be retained for a specific period of time, W&B recommends periodically transferring logs to long-term storage, either using storage buckets or the Audit Logging API.
-- If you are subject to the [Health Insurance Portability and Accountability Act of 1996 (HIPAA)](https://www.hhs.gov/hipaa/for-professionals/index.html), audit logs must be retained for a minimum of 6 years in an environment where they cannot be deleted or modified by any internal or exterrnal actor before the end of the mandatory retention period. For HIPAA-compliant [Dedicated Cloud](/platform/hosting/hosting-options/dedicated_cloud) instances with [BYOB](/platform/hosting/data-security/secure-storage-connector), you must configure guardrails for your managed storage, including any long-term retention storage.
+- If you are subject to the [Health Insurance Portability and Accountability Act of 1996 (HIPAA)](https://hhs.gov/hipaa/for-professionals/index.html), audit logs must be retained for a minimum of 6 years in an environment where they cannot be deleted or modified by any internal or exterrnal actor before the end of the mandatory retention period. For HIPAA-compliant [Dedicated Cloud](/platform/hosting/hosting-options/dedicated_cloud) instances with [BYOB](/platform/hosting/data-security/secure-storage-connector), you must configure guardrails for your managed storage, including any long-term retention storage.
 
 ## Audit log schema
 This table shows all keys which may appear in an audit log entry, ordered alphabetically. Depending on the action and the circumstances, a specific log entry may include only a subset of the possible fields.
@@ -121,10 +121,10 @@ This table describes possible actions that can be recorded by W&B, sorted alphab
 | `team:delete`                 | Team is deleted.
 | `team:invite_user`            | User is invited to team.
 | `team:uninvite`               | User or service account is uninvited from team.
-| `user:create_api_key`         | API key for the user is created. <sup><a href="#1">1</a></sup>
+| `user:create_api_key`         | API key for the user or service account is created. <sup><a href="#1">1</a></sup>
 | `user:create`                 | User is created. <sup><a href="#1">1</a></sup>
 | `user:deactivate`             | User is deactivated. <sup><a href="#1">1</a></sup>
-| `user:delete_api_key`         | API key for the user is deleted. <sup><a href="#1">1</a></sup>
+| `user:delete_api_key`         | API key for the user or service account is deleted. <sup><a href="#1">1</a></sup>
 | `user:initiate_login`         | User initiates log in. <sup><a href="#1">1</a></sup>
 | `user:login`                  | User logs in. <sup><a href="#1">1</a></sup>
 | `user:logout`                 | User logs out. <sup><a href="#1">1</a></sup>

snippets/en/_includes/api-key-create.mdx

@@ -4,20 +4,23 @@ import ServiceAccountApiKeyCreate from "/snippets/en/_includes/service-account-a
 To create an API key, select the **Personal API key** or **Service Account API key** tab for details.
 
 <Tabs>
-  <Tab title="Personal API key">
+<Tab title="Personal API key">
 To create a personal API key owned by your user ID:
 
-1. Navigate to [User Settings](https://wandb.ai/settings) and log in if necessary.
+1. Log in to W&B, click your user profile icon, then click **User Settings**.
 2. Click **Create new API key**.
 3. Provide a descriptive name for your API key.
 4. Click **Create**.
 5. Copy the displayed API key immediately and store it securely.
 
-  </Tab>
-  <Tab title="Service account API key">
-    <ServiceAccountApiKeyCreate/>
-  </Tab>
+</Tab>
+<Tab title="Service account API key">
+
+<ServiceAccountApiKeyCreate/>
+
+</Tab>
 </Tabs>
+
 <ApiKeyViewOnceWarning/>
 
 For secure storage options, see [Store API keys securely](#store-and-handle-api-keys-securely).

snippets/en/_includes/api-key-find.mdx

@@ -1,23 +1,27 @@
+<Note>
+In **Dedicated Cloud** and **Self-Managed**:
+- Organization admins can find or list API keys for all organization users and service accounts.
+- Team admins can find or list API keys for service accounts in teams they administer.
+- Non-admin users can find or list their own API keys.
+</Note>
+
 To find an API key, select the **Personal API key** or **Service Account API key** tab for details.
 
 <Tabs>
-  <Tab title="Personal API key">
+<Tab title="Personal API key">
 To find a personal API key owned by your user ID:
 
-1. Navigate to [User Settings](https://wandb.ai/settings) and log in if necessary.
-2. Alternatively, access your user settings:
-   - Click your user profile icon in the upper-right corner.
-   - Select **User Settings**.
-   - Scroll to the **API Keys** section.
-  </Tab>
-  <Tab title="Service account API key">
+1. Log in to W&B, click your user profile icon, then click **User Settings**.
+2. Scroll to the **API Keys** section.
+
+</Tab>
+<Tab title="Service account API key">
 To find an API key owned by an organization or team service account:
 
 1. Navigate to the **API Keys** tab in your organization settings.
 2. Find the API key in the list. You can search or filter the list by owner, key name, or key ID.
-  </Tab>
+
+</Tab>
 </Tabs>
 
-<Note>
 The API keys table shows the key ID (the first part of each API key) for identification purposes. The full secret API key is only displayed once when you create it. If you need to use an existing key but do not have the full secret stored, you must create a new API key.
-</Note>

snippets/en/_includes/org-service-account-create.mdx

@@ -1,6 +1,8 @@
 To create a new organization-scoped service account and API key:
 
-1. Go to [Organization settings](https://wandb.ai/account-settings/), then click **Service Accounts**.
+1. Log in to W&B, click your user profile icon, then:
+    - **Dedicated Cloud** or **Self-Managed**: Click **Organization Dashboard**, then click **Service Accounts**.
+    - **Multi-tenant Cloud**: Click **Service Accounts**.
 2. Click **Create service account**.
 3. Provide a name and select a default team.
 4. Click **Create**.