From a5f5a70e418d9fab580aab98c1bb524295816efc Mon Sep 17 00:00:00 2001
From: Nimish <85357445+nimish-ks@users.noreply.github.com>
Date: Mon, 25 Sep 2023 11:27:35 +0530
Subject: [PATCH] Multi user (#57)

* fix: clean up console.log

* feat: grant user access to all envs when given admin role

* feat: better colors for alert

* feat: disallow changing env scope for admins

* feat: misc improvements to alert style

* fix: disable save button when user is admin

* fix: dialog layout

* fix: misc ui improvements

* fix: ui fixes to tokens dialog

* fix: misc ui fixes and cleanup

* feat: user tokens page, misc styling improvements

* fix: wire app new app dialog with keyring context

* fix: graphql mutation operation name

* fix: operation name

* fix: veryify invite in useEffect hook

---------

Co-authored-by: rohan-chaturvedi <rohan.chaturvedi@protonmail.com>
---
 backend/backend/graphene/mutations/app.py     |  12 +-
 frontend/apollo/gql.ts                        |   8 +-
 frontend/apollo/graphql.ts                    |  10 +-
 .../app/[team]/apps/[app]/members/page.tsx    | 131 +++--
 .../app/[team]/apps/[app]/tokens/page.tsx     |  76 +--
 frontend/app/[team]/layout.tsx                |   1 -
 frontend/app/[team]/members/page.tsx          | 205 +++++--
 frontend/app/[team]/tokens/page.tsx           | 508 ++++++++++++++++++
 frontend/app/invite/[invite]/page.tsx         |  19 +-
 frontend/components/apps/NewAppDialog.tsx     |  89 +--
 .../components/apps/tokens/SecretTokens.tsx   |   6 +-
 .../components/auth/UnlockKeyringDialog.tsx   |   8 +-
 frontend/components/common/Alert.tsx          |  28 +-
 frontend/components/layout/Sidebar.tsx        |  21 +-
 .../mutations/organisation/deleteInvite.gql   |   2 +-
 frontend/utils/auth.ts                        |   3 +-
 16 files changed, 890 insertions(+), 237 deletions(-)
 create mode 100644 frontend/app/[team]/tokens/page.tsx

diff --git a/backend/backend/graphene/mutations/app.py b/backend/backend/graphene/mutations/app.py
index 274aa902..0f1633d2 100644
--- a/backend/backend/graphene/mutations/app.py
+++ b/backend/backend/graphene/mutations/app.py
@@ -138,13 +138,11 @@ def mutate(cls, root, info, member_id, app_id, env_keys):
 
         org_member = OrganisationMember.objects.get(
             id=member_id, deleted_at=None)
-        if org_member in app.members.all():
-            raise GraphQLError("This user already has access to this app")
-        else:
-            app.members.add(org_member)
-            for key in env_keys:
-                EnvironmentKey.objects.create(
-                    environment_id=key.env_id, user_id=key.user_id, wrapped_seed=key.wrapped_seed, wrapped_salt=key.wrapped_salt, identity_key=key.identity_key)
+
+        app.members.add(org_member)
+        for key in env_keys:
+            EnvironmentKey.objects.create(
+                environment_id=key.env_id, user_id=key.user_id, wrapped_seed=key.wrapped_seed, wrapped_salt=key.wrapped_salt, identity_key=key.identity_key)
 
         return AddAppMemberMutation(app=app)
 
diff --git a/frontend/apollo/gql.ts b/frontend/apollo/gql.ts
index b38fb386..7725e10c 100644
--- a/frontend/apollo/gql.ts
+++ b/frontend/apollo/gql.ts
@@ -30,7 +30,7 @@ const documents = {
     "mutation UpdateSecret($id: ID!, $secretData: SecretInput!) {\n  editSecret(id: $id, secretData: $secretData) {\n    secret {\n      id\n      updatedAt\n    }\n  }\n}": types.UpdateSecretDocument,
     "mutation InitAppEnvironments($devEnv: EnvironmentInput!, $stagingEnv: EnvironmentInput!, $prodEnv: EnvironmentInput!, $devAdminKeys: [EnvironmentKeyInput], $stagAdminKeys: [EnvironmentKeyInput], $prodAdminKeys: [EnvironmentKeyInput]) {\n  devEnvironment: createEnvironment(\n    environmentData: $devEnv\n    adminKeys: $devAdminKeys\n  ) {\n    environment {\n      id\n      name\n      createdAt\n      identityKey\n    }\n  }\n  stagingEnvironment: createEnvironment(\n    environmentData: $stagingEnv\n    adminKeys: $stagAdminKeys\n  ) {\n    environment {\n      id\n      name\n      createdAt\n      identityKey\n    }\n  }\n  prodEnvironment: createEnvironment(\n    environmentData: $prodEnv\n    adminKeys: $prodAdminKeys\n  ) {\n    environment {\n      id\n      name\n      createdAt\n      identityKey\n    }\n  }\n}": types.InitAppEnvironmentsDocument,
     "mutation AcceptOrganisationInvite($orgId: ID!, $identityKey: String!, $wrappedKeyring: String!, $inviteId: ID!) {\n  createOrganisationMember(\n    orgId: $orgId\n    identityKey: $identityKey\n    wrappedKeyring: $wrappedKeyring\n    inviteId: $inviteId\n  ) {\n    orgMember {\n      id\n      email\n      createdAt\n      role\n    }\n  }\n}": types.AcceptOrganisationInviteDocument,
-    "mutation DeleteInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}": types.DeleteInviteDocument,
+    "mutation DeleteOrgInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}": types.DeleteOrgInviteDocument,
     "mutation RemoveMember($memberId: ID!) {\n  deleteOrganisationMember(memberId: $memberId) {\n    ok\n  }\n}": types.RemoveMemberDocument,
     "mutation InviteMember($orgId: ID!, $email: String!, $apps: [String], $role: String) {\n  inviteOrganisationMember(orgId: $orgId, email: $email, apps: $apps, role: $role) {\n    invite {\n      id\n    }\n  }\n}": types.InviteMemberDocument,
     "mutation UpdateMemberRole($memberId: ID!, $role: String!) {\n  updateOrganisationMemberRole(memberId: $memberId, role: $role) {\n    orgMember {\n      id\n      role\n    }\n  }\n}": types.UpdateMemberRoleDocument,
@@ -44,7 +44,7 @@ const documents = {
     "query GetAppLogs($appId: ID!, $start: BigInt, $end: BigInt) {\n  logs(appId: $appId, start: $start, end: $end) {\n    id\n    timestamp\n    phaseNode\n    eventType\n    ipAddress\n    country\n    city\n    phSize\n  }\n  logsCount(appId: $appId)\n}": types.GetAppLogsDocument,
     "query GetApps($organisationId: ID!, $appId: ID!) {\n  apps(organisationId: $organisationId, appId: $appId) {\n    id\n    name\n    identityKey\n    createdAt\n  }\n}": types.GetAppsDocument,
     "query GetOrganisations {\n  organisations {\n    id\n    name\n    identityKey\n    createdAt\n    plan\n    role\n    memberId\n  }\n}": types.GetOrganisationsDocument,
-    "query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n    }\n    inviteeEmail\n  }\n}": types.GetInvitesDocument,
+    "query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n      fullName\n    }\n    inviteeEmail\n  }\n}": types.GetInvitesDocument,
     "query GetOrganisationAdminsAndSelf($organisationId: ID!) {\n  organisationAdminsAndSelf(organisationId: $organisationId) {\n    id\n    role\n    identityKey\n  }\n}": types.GetOrganisationAdminsAndSelfDocument,
     "query GetOrganisationMembers($organisationId: ID!, $role: [String]) {\n  organisationMembers(organisationId: $organisationId, role: $role) {\n    id\n    role\n    identityKey\n    email\n    fullName\n    avatarUrl\n    createdAt\n  }\n}": types.GetOrganisationMembersDocument,
     "query VerifyInvite($inviteId: ID!) {\n  validateInvite(inviteId: $inviteId) {\n    id\n    organisation {\n      id\n      name\n    }\n    inviteeEmail\n    invitedBy {\n      email\n    }\n    apps {\n      id\n      name\n    }\n  }\n}": types.VerifyInviteDocument,
@@ -143,7 +143,7 @@ export function graphql(source: "mutation AcceptOrganisationInvite($orgId: ID!,
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "mutation DeleteInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}"): (typeof documents)["mutation DeleteInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}"];
+export function graphql(source: "mutation DeleteOrgInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}"): (typeof documents)["mutation DeleteOrgInvite($inviteId: ID!) {\n  deleteInvitation(inviteId: $inviteId) {\n    ok\n  }\n}"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
@@ -199,7 +199,7 @@ export function graphql(source: "query GetOrganisations {\n  organisations {\n
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
-export function graphql(source: "query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n    }\n    inviteeEmail\n  }\n}"): (typeof documents)["query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n    }\n    inviteeEmail\n  }\n}"];
+export function graphql(source: "query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n      fullName\n    }\n    inviteeEmail\n  }\n}"): (typeof documents)["query GetInvites($orgId: ID!) {\n  organisationInvites(orgId: $orgId) {\n    id\n    createdAt\n    expiresAt\n    invitedBy {\n      email\n      fullName\n    }\n    inviteeEmail\n  }\n}"];
 /**
  * The graphql function is used to parse GraphQL queries into a document that can be used by GraphQL clients.
  */
diff --git a/frontend/apollo/graphql.ts b/frontend/apollo/graphql.ts
index a6d311c2..485401f2 100644
--- a/frontend/apollo/graphql.ts
+++ b/frontend/apollo/graphql.ts
@@ -893,12 +893,12 @@ export type AcceptOrganisationInviteMutationVariables = Exact<{
 
 export type AcceptOrganisationInviteMutation = { __typename?: 'Mutation', createOrganisationMember?: { __typename?: 'CreateOrganisationMemberMutation', orgMember?: { __typename?: 'OrganisationMemberType', id: string, email?: string | null, createdAt?: any | null, role: ApiOrganisationMemberRoleChoices } | null } | null };
 
-export type DeleteInviteMutationVariables = Exact<{
+export type DeleteOrgInviteMutationVariables = Exact<{
   inviteId: Scalars['ID'];
 }>;
 
 
-export type DeleteInviteMutation = { __typename?: 'Mutation', deleteInvitation?: { __typename?: 'DeleteInviteMutation', ok?: boolean | null } | null };
+export type DeleteOrgInviteMutation = { __typename?: 'Mutation', deleteInvitation?: { __typename?: 'DeleteInviteMutation', ok?: boolean | null } | null };
 
 export type RemoveMemberMutationVariables = Exact<{
   memberId: Scalars['ID'];
@@ -1011,7 +1011,7 @@ export type GetInvitesQueryVariables = Exact<{
 }>;
 
 
-export type GetInvitesQuery = { __typename?: 'Query', organisationInvites?: Array<{ __typename?: 'OrganisationMemberInviteType', id: string, createdAt?: any | null, expiresAt: any, inviteeEmail: string, invitedBy: { __typename?: 'OrganisationMemberType', email?: string | null } } | null> | null };
+export type GetInvitesQuery = { __typename?: 'Query', organisationInvites?: Array<{ __typename?: 'OrganisationMemberInviteType', id: string, createdAt?: any | null, expiresAt: any, inviteeEmail: string, invitedBy: { __typename?: 'OrganisationMemberType', email?: string | null, fullName?: string | null } } | null> | null };
 
 export type GetOrganisationAdminsAndSelfQueryVariables = Exact<{
   organisationId: Scalars['ID'];
@@ -1111,7 +1111,7 @@ export const RevokeServiceTokenDocument = {"kind":"Document","definitions":[{"ki
 export const UpdateSecretDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"UpdateSecret"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"id"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"secretData"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"SecretInput"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"editSecret"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"id"},"value":{"kind":"Variable","name":{"kind":"Name","value":"id"}}},{"kind":"Argument","name":{"kind":"Name","value":"secretData"},"value":{"kind":"Variable","name":{"kind":"Name","value":"secretData"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"secret"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"updatedAt"}}]}}]}}]}}]} as unknown as DocumentNode<UpdateSecretMutation, UpdateSecretMutationVariables>;
 export const InitAppEnvironmentsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"InitAppEnvironments"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"devEnv"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentInput"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"stagingEnv"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentInput"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"prodEnv"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentInput"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"devAdminKeys"}},"type":{"kind":"ListType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentKeyInput"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"stagAdminKeys"}},"type":{"kind":"ListType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentKeyInput"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"prodAdminKeys"}},"type":{"kind":"ListType","type":{"kind":"NamedType","name":{"kind":"Name","value":"EnvironmentKeyInput"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","alias":{"kind":"Name","value":"devEnvironment"},"name":{"kind":"Name","value":"createEnvironment"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"environmentData"},"value":{"kind":"Variable","name":{"kind":"Name","value":"devEnv"}}},{"kind":"Argument","name":{"kind":"Name","value":"adminKeys"},"value":{"kind":"Variable","name":{"kind":"Name","value":"devAdminKeys"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"environment"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}}]}}]}},{"kind":"Field","alias":{"kind":"Name","value":"stagingEnvironment"},"name":{"kind":"Name","value":"createEnvironment"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"environmentData"},"value":{"kind":"Variable","name":{"kind":"Name","value":"stagingEnv"}}},{"kind":"Argument","name":{"kind":"Name","value":"adminKeys"},"value":{"kind":"Variable","name":{"kind":"Name","value":"stagAdminKeys"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"environment"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}}]}}]}},{"kind":"Field","alias":{"kind":"Name","value":"prodEnvironment"},"name":{"kind":"Name","value":"createEnvironment"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"environmentData"},"value":{"kind":"Variable","name":{"kind":"Name","value":"prodEnv"}}},{"kind":"Argument","name":{"kind":"Name","value":"adminKeys"},"value":{"kind":"Variable","name":{"kind":"Name","value":"prodAdminKeys"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"environment"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}}]}}]}}]}}]} as unknown as DocumentNode<InitAppEnvironmentsMutation, InitAppEnvironmentsMutationVariables>;
 export const AcceptOrganisationInviteDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"AcceptOrganisationInvite"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"identityKey"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"wrappedKeyring"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"createOrganisationMember"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"orgId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}}},{"kind":"Argument","name":{"kind":"Name","value":"identityKey"},"value":{"kind":"Variable","name":{"kind":"Name","value":"identityKey"}}},{"kind":"Argument","name":{"kind":"Name","value":"wrappedKeyring"},"value":{"kind":"Variable","name":{"kind":"Name","value":"wrappedKeyring"}}},{"kind":"Argument","name":{"kind":"Name","value":"inviteId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"orgMember"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"email"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"role"}}]}}]}}]}}]} as unknown as DocumentNode<AcceptOrganisationInviteMutation, AcceptOrganisationInviteMutationVariables>;
-export const DeleteInviteDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"DeleteInvite"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"deleteInvitation"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"inviteId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"ok"}}]}}]}}]} as unknown as DocumentNode<DeleteInviteMutation, DeleteInviteMutationVariables>;
+export const DeleteOrgInviteDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"DeleteOrgInvite"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"deleteInvitation"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"inviteId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"ok"}}]}}]}}]} as unknown as DocumentNode<DeleteOrgInviteMutation, DeleteOrgInviteMutationVariables>;
 export const RemoveMemberDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"RemoveMember"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"memberId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"deleteOrganisationMember"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"memberId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"memberId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"ok"}}]}}]}}]} as unknown as DocumentNode<RemoveMemberMutation, RemoveMemberMutationVariables>;
 export const InviteMemberDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"InviteMember"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"email"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"apps"}},"type":{"kind":"ListType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"role"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"inviteOrganisationMember"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"orgId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}}},{"kind":"Argument","name":{"kind":"Name","value":"email"},"value":{"kind":"Variable","name":{"kind":"Name","value":"email"}}},{"kind":"Argument","name":{"kind":"Name","value":"apps"},"value":{"kind":"Variable","name":{"kind":"Name","value":"apps"}}},{"kind":"Argument","name":{"kind":"Name","value":"role"},"value":{"kind":"Variable","name":{"kind":"Name","value":"role"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"invite"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}}]}}]}}]}}]} as unknown as DocumentNode<InviteMemberMutation, InviteMemberMutationVariables>;
 export const UpdateMemberRoleDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"mutation","name":{"kind":"Name","value":"UpdateMemberRole"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"memberId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"role"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"updateOrganisationMemberRole"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"memberId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"memberId"}}},{"kind":"Argument","name":{"kind":"Name","value":"role"},"value":{"kind":"Variable","name":{"kind":"Name","value":"role"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"orgMember"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"role"}}]}}]}}]}}]} as unknown as DocumentNode<UpdateMemberRoleMutation, UpdateMemberRoleMutationVariables>;
@@ -1125,7 +1125,7 @@ export const GetAppLogCountDocument = {"kind":"Document","definitions":[{"kind":
 export const GetAppLogsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetAppLogs"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"appId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"start"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"BigInt"}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"end"}},"type":{"kind":"NamedType","name":{"kind":"Name","value":"BigInt"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"logs"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"appId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"appId"}}},{"kind":"Argument","name":{"kind":"Name","value":"start"},"value":{"kind":"Variable","name":{"kind":"Name","value":"start"}}},{"kind":"Argument","name":{"kind":"Name","value":"end"},"value":{"kind":"Variable","name":{"kind":"Name","value":"end"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"timestamp"}},{"kind":"Field","name":{"kind":"Name","value":"phaseNode"}},{"kind":"Field","name":{"kind":"Name","value":"eventType"}},{"kind":"Field","name":{"kind":"Name","value":"ipAddress"}},{"kind":"Field","name":{"kind":"Name","value":"country"}},{"kind":"Field","name":{"kind":"Name","value":"city"}},{"kind":"Field","name":{"kind":"Name","value":"phSize"}}]}},{"kind":"Field","name":{"kind":"Name","value":"logsCount"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"appId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"appId"}}}]}]}}]} as unknown as DocumentNode<GetAppLogsQuery, GetAppLogsQueryVariables>;
 export const GetAppsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetApps"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"appId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"apps"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"organisationId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}}},{"kind":"Argument","name":{"kind":"Name","value":"appId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"appId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}}]}}]}}]} as unknown as DocumentNode<GetAppsQuery, GetAppsQueryVariables>;
 export const GetOrganisationsDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetOrganisations"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"organisations"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"plan"}},{"kind":"Field","name":{"kind":"Name","value":"role"}},{"kind":"Field","name":{"kind":"Name","value":"memberId"}}]}}]}}]} as unknown as DocumentNode<GetOrganisationsQuery, GetOrganisationsQueryVariables>;
-export const GetInvitesDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetInvites"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"organisationInvites"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"orgId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"expiresAt"}},{"kind":"Field","name":{"kind":"Name","value":"invitedBy"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"email"}}]}},{"kind":"Field","name":{"kind":"Name","value":"inviteeEmail"}}]}}]}}]} as unknown as DocumentNode<GetInvitesQuery, GetInvitesQueryVariables>;
+export const GetInvitesDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetInvites"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"organisationInvites"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"orgId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"orgId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}},{"kind":"Field","name":{"kind":"Name","value":"expiresAt"}},{"kind":"Field","name":{"kind":"Name","value":"invitedBy"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"email"}},{"kind":"Field","name":{"kind":"Name","value":"fullName"}}]}},{"kind":"Field","name":{"kind":"Name","value":"inviteeEmail"}}]}}]}}]} as unknown as DocumentNode<GetInvitesQuery, GetInvitesQueryVariables>;
 export const GetOrganisationAdminsAndSelfDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetOrganisationAdminsAndSelf"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"organisationAdminsAndSelf"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"organisationId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"role"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}}]}}]}}]} as unknown as DocumentNode<GetOrganisationAdminsAndSelfQuery, GetOrganisationAdminsAndSelfQueryVariables>;
 export const GetOrganisationMembersDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"GetOrganisationMembers"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}},{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"role"}},"type":{"kind":"ListType","type":{"kind":"NamedType","name":{"kind":"Name","value":"String"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"organisationMembers"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"organisationId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"organisationId"}}},{"kind":"Argument","name":{"kind":"Name","value":"role"},"value":{"kind":"Variable","name":{"kind":"Name","value":"role"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"role"}},{"kind":"Field","name":{"kind":"Name","value":"identityKey"}},{"kind":"Field","name":{"kind":"Name","value":"email"}},{"kind":"Field","name":{"kind":"Name","value":"fullName"}},{"kind":"Field","name":{"kind":"Name","value":"avatarUrl"}},{"kind":"Field","name":{"kind":"Name","value":"createdAt"}}]}}]}}]} as unknown as DocumentNode<GetOrganisationMembersQuery, GetOrganisationMembersQueryVariables>;
 export const VerifyInviteDocument = {"kind":"Document","definitions":[{"kind":"OperationDefinition","operation":"query","name":{"kind":"Name","value":"VerifyInvite"},"variableDefinitions":[{"kind":"VariableDefinition","variable":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}},"type":{"kind":"NonNullType","type":{"kind":"NamedType","name":{"kind":"Name","value":"ID"}}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"validateInvite"},"arguments":[{"kind":"Argument","name":{"kind":"Name","value":"inviteId"},"value":{"kind":"Variable","name":{"kind":"Name","value":"inviteId"}}}],"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"organisation"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}}]}},{"kind":"Field","name":{"kind":"Name","value":"inviteeEmail"}},{"kind":"Field","name":{"kind":"Name","value":"invitedBy"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"email"}}]}},{"kind":"Field","name":{"kind":"Name","value":"apps"},"selectionSet":{"kind":"SelectionSet","selections":[{"kind":"Field","name":{"kind":"Name","value":"id"}},{"kind":"Field","name":{"kind":"Name","value":"name"}}]}}]}}]}}]} as unknown as DocumentNode<VerifyInviteQuery, VerifyInviteQueryVariables>;
diff --git a/frontend/app/[team]/apps/[app]/members/page.tsx b/frontend/app/[team]/apps/[app]/members/page.tsx
index 29dd883a..51469d67 100644
--- a/frontend/app/[team]/apps/[app]/members/page.tsx
+++ b/frontend/app/[team]/apps/[app]/members/page.tsx
@@ -24,10 +24,8 @@ import {
   FaTimes,
   FaUserCog,
   FaUserTimes,
-  FaUsersCog,
 } from 'react-icons/fa'
 import clsx from 'clsx'
-import { copyToClipBoard } from '@/utils/clipboard'
 import { toast } from 'react-toastify'
 import { useSession } from 'next-auth/react'
 import { Avatar } from '@/components/common/Avatar'
@@ -36,6 +34,8 @@ import { unwrapEnvSecretsForUser, wrapEnvSecretsForUser } from '@/utils/environm
 import { OrganisationKeyring, cryptoUtils } from '@/utils/auth'
 import { userIsAdmin } from '@/utils/permissions'
 import { RoleLabel } from '@/components/users/RoleLabel'
+import { Alert } from '@/components/common/Alert'
+import Link from 'next/link'
 
 export default function Members({ params }: { params: { team: string; app: string } }) {
   const { data } = useQuery(GetAppMembers, { variables: { appId: params.app } })
@@ -234,8 +234,20 @@ export default function Members({ params }: { params: { team: string; app: strin
                     </Dialog.Title>
 
                     {memberOptions.length === 0 ? (
-                      <div className="p-4 text-lg">
-                        All organisation members are added to this App.
+                      <div className="py-4">
+                        <Alert variant="info" icon={true}>
+                          <p>
+                            All organisation members are added to this App. You can invite more
+                            users from the{' '}
+                            <Link
+                              className="font-semibold hover:underline"
+                              href={`/${params.team}/members`}
+                            >
+                              organisation members
+                            </Link>{' '}
+                            page.
+                          </p>
+                        </Alert>
                       </div>
                     ) : (
                       <form className="space-y-6 p-4" onSubmit={handleAddMember}>
@@ -330,7 +342,7 @@ export default function Members({ params }: { params: { team: string; app: strin
                                   </label>
                                 </Listbox.Label>
                                 <Listbox.Button as={Fragment} aria-required>
-                                  <div className="p-2 flex items-center justify-between bg-zinc-300 dark:bg-zinc-800 rounded-md cursor-pointer h-10">
+                                  <div className="p-2 flex items-center justify-between bg-zinc-100 dark:bg-zinc-800 border border-neutral-500/40 rounded-md cursor-pointer h-10">
                                     <span className="text-black dark:text-white">
                                       {envScope
                                         .map((env: Partial<EnvironmentType>) => env.name)
@@ -353,7 +365,7 @@ export default function Members({ params }: { params: { team: string; app: strin
                                   leaveTo="transform scale-95 opacity-0"
                                 >
                                   <Listbox.Options>
-                                    <div className="bg-zinc-300 dark:bg-zinc-800 p-2 rounded-md shadow-2xl absolute z-10 w-full">
+                                    <div className="bg-zinc-100 dark:bg-zinc-800 p-2 rounded-md border border-neutral-500/40 shadow-2xl absolute z-10 w-full">
                                       {envOptions.map((env: Partial<EnvironmentType>) => (
                                         <Listbox.Option key={env.id} value={env} as={Fragment}>
                                           {({ active, selected }) => (
@@ -387,7 +399,7 @@ export default function Members({ params }: { params: { team: string; app: strin
                                     >
                                       Sudo password
                                     </label>
-                                    <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-sm p-px">
+                                    <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 ring-1 ring-inset ring-neutral-500/40 focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-md p-px">
                                       <input
                                         id="password"
                                         value={password}
@@ -396,10 +408,10 @@ export default function Members({ params }: { params: { team: string; app: strin
                                         minLength={16}
                                         required
                                         autoFocus
-                                        className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800"
+                                        className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800 rounded-md"
                                       />
                                       <button
-                                        className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500"
+                                        className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500 rounded-md"
                                         type="button"
                                         onClick={() => setShowPw(!showPw)}
                                         tabIndex={-1}
@@ -558,6 +570,8 @@ export default function Members({ params }: { params: { team: string; app: strin
     const [password, setPassword] = useState<string>('')
     const [showPw, setShowPw] = useState<boolean>(false)
 
+    const memberIsAdmin = userIsAdmin(props.member.role) || false
+
     const closeModal = () => {
       setIsOpen(false)
     }
@@ -699,8 +713,11 @@ export default function Members({ params }: { params: { team: string; app: strin
                       </Button>
                     </Dialog.Title>
 
-                    <form className="space-y-6 p-4" onSubmit={handleUpdateScope}>
-                      <div className="space-y-1 w-full relative pb-8">
+                    <form
+                      className={clsx('space-y-6 p-4', memberIsAdmin && 'opacity-60')}
+                      onSubmit={handleUpdateScope}
+                    >
+                      <div className="space-y-1 w-full relative">
                         {envScope.length === 0 && showEnvHint && (
                           <span className="absolute right-2 inset-y-0 text-red-500 text-xs">
                             Select an environment scope
@@ -712,6 +729,7 @@ export default function Members({ params }: { params: { team: string; app: strin
                           onChange={setEnvScope}
                           multiple
                           name="environments"
+                          disabled={memberIsAdmin}
                         >
                           {({ open }) => (
                             <>
@@ -724,7 +742,12 @@ export default function Members({ params }: { params: { team: string; app: strin
                                 </label>
                               </Listbox.Label>
                               <Listbox.Button as={Fragment} aria-required>
-                                <div className="p-2 flex items-center justify-between bg-zinc-300 dark:bg-zinc-800 rounded-md cursor-pointer h-10">
+                                <div
+                                  className={clsx(
+                                    'p-2 flex items-center justify-between bg-zinc-100 dark:bg-zinc-800 border border-neutral-500/40 rounded-md h-10',
+                                    memberIsAdmin ? 'cursor-not-allowed' : 'cursor-pointer'
+                                  )}
+                                >
                                   <span className="text-black dark:text-white">
                                     {envScope
                                       .map((env: Partial<EnvironmentType>) => env.name)
@@ -747,7 +770,7 @@ export default function Members({ params }: { params: { team: string; app: strin
                                 leaveTo="transform scale-95 opacity-0"
                               >
                                 <Listbox.Options>
-                                  <div className="bg-zinc-300 dark:bg-zinc-800 p-2 rounded-md shadow-2xl absolute z-10 w-full">
+                                  <div className="bg-zinc-100 dark:bg-zinc-800 border border-neutral-500/40 p-2 rounded-md shadow-2xl absolute z-10 w-full">
                                     {envOptions.map((env: Partial<EnvironmentType>) => (
                                       <Listbox.Option key={env.id} value={env} as={Fragment}>
                                         {({ active, selected }) => (
@@ -772,47 +795,63 @@ export default function Members({ params }: { params: { team: string; app: strin
                                   </div>
                                 </Listbox.Options>
                               </Transition>
-
-                              {!keyring && (
-                                <div className="space-y-2 w-full">
-                                  <label
-                                    className="block text-gray-700 text-sm font-bold mb-2"
-                                    htmlFor="password"
-                                  >
-                                    Sudo password
-                                  </label>
-                                  <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-sm p-px">
-                                    <input
-                                      id="password"
-                                      value={password}
-                                      onChange={(e) => setPassword(e.target.value)}
-                                      type={showPw ? 'text' : 'password'}
-                                      minLength={16}
-                                      required
-                                      autoFocus
-                                      className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800"
-                                    />
-                                    <button
-                                      className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500"
-                                      type="button"
-                                      onClick={() => setShowPw(!showPw)}
-                                      tabIndex={-1}
-                                    >
-                                      {showPw ? <FaEyeSlash /> : <FaEye />}
-                                    </button>
-                                  </div>
-                                </div>
-                              )}
                             </>
                           )}
                         </Listbox>
                       </div>
+                      {!keyring && !memberIsAdmin && (
+                        <div className="space-y-2 w-full">
+                          <label
+                            className="block text-gray-700 text-sm font-bold mb-2"
+                            htmlFor="password"
+                          >
+                            Sudo password
+                          </label>
+                          <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 ring-1 ring-inset ring-neutral-500/40  focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-md p-px">
+                            <input
+                              id="password"
+                              value={password}
+                              onChange={(e) => setPassword(e.target.value)}
+                              type={showPw ? 'text' : 'password'}
+                              minLength={16}
+                              required
+                              autoFocus
+                              className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800 rounded-md"
+                            />
+                            <button
+                              className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500 rounded-md"
+                              type="button"
+                              onClick={() => setShowPw(!showPw)}
+                              tabIndex={-1}
+                            >
+                              {showPw ? <FaEyeSlash /> : <FaEye />}
+                            </button>
+                          </div>
+                        </div>
+                      )}
+
+                      {memberIsAdmin && (
+                        <Alert variant="info" icon={true}>
+                          <p>
+                            This user is an <RoleLabel role="admin" />, and has access to all
+                            environments in this App. To restrict their access, change their role to{' '}
+                            <RoleLabel role="dev" /> from the{' '}
+                            <Link
+                              className="font-semibold hover:underline"
+                              href={`/${params.team}/members`}
+                            >
+                              organisation members
+                            </Link>{' '}
+                            page.
+                          </p>
+                        </Alert>
+                      )}
 
                       <div className="flex items-center gap-4">
                         <Button variant="secondary" type="button" onClick={closeModal}>
                           Cancel
                         </Button>
-                        <Button variant="primary" type="submit">
+                        <Button variant="primary" type="submit" disabled={memberIsAdmin}>
                           Save
                         </Button>
                       </div>
@@ -829,7 +868,7 @@ export default function Members({ params }: { params: { team: string; app: strin
 
   return (
     <div className="w-full space-y-10 pt-8 text-black dark:text-white">
-      <div className="Space-y-4">
+      <div className="space-y-4">
         <div className="flex justify-end">
           <AddMemberDialog />
         </div>
diff --git a/frontend/app/[team]/apps/[app]/tokens/page.tsx b/frontend/app/[team]/apps/[app]/tokens/page.tsx
index 9c03cff7..aa5b02e1 100644
--- a/frontend/app/[team]/apps/[app]/tokens/page.tsx
+++ b/frontend/app/[team]/apps/[app]/tokens/page.tsx
@@ -19,6 +19,7 @@ import UnlockKeyringDialog from '@/components/auth/UnlockKeyringDialog'
 import { KeyringContext } from '@/contexts/keyringContext'
 import clsx from 'clsx'
 import { SecretTokens } from '@/components/apps/tokens/SecretTokens'
+import { organisationContext } from '@/contexts/organisationContext'
 
 export default function Tokens({ params }: { params: { team: string; app: string } }) {
   const { data: orgsData } = useQuery(GetOrganisations)
@@ -28,7 +29,7 @@ export default function Tokens({ params }: { params: { team: string; app: string
 
   const [activePanel, setActivePanel] = useState<'secrets' | 'kms'>('secrets')
 
-  const organisationId = orgsData?.organisations[0].id
+  const { activeOrganisation: organisation } = useContext(organisationContext)
 
   const { keyring } = useContext(KeyringContext)
 
@@ -183,33 +184,6 @@ export default function Tokens({ params }: { params: { team: string; app: string
                             </Alert>
                           </div>
 
-                          {/* <div className="flex flex-col justify-center max-w-md mx-auto">
-                            <label
-                              className="block text-gray-700 text-sm font-bold mb-2"
-                              htmlFor="password"
-                            >
-                              Sudo password
-                            </label>
-                            <div className="relative">
-                              <input
-                                id="password"
-                                value={pw}
-                                onChange={(e) => setPw(e.target.value)}
-                                type={showPw ? 'text' : 'password'}
-                                minLength={16}
-                                required
-                                className="w-full "
-                              />
-                              <button
-                                className="absolute inset-y-0 right-4"
-                                type="button"
-                                onClick={() => setShowPw(!showPw)}
-                                tabIndex={-1}
-                              >
-                                {showPw ? <FaEyeSlash /> : <FaEye />}
-                              </button>
-                            </div>
-                          </div> */}
                           <div className="mt-10 flex items-center w-full justify-between">
                             <Button variant="secondary" type="button" onClick={closeModal}>
                               Cancel
@@ -231,7 +205,7 @@ export default function Tokens({ params }: { params: { team: string; app: string
     }
 
     return (
-      <div className="w-full break-all space-y-8 col-span-2">
+      <div className="break-all space-y-8">
         <div className="bg-emerald-200/60 dark:bg-emerald-400/10 shadow-inner p-3 rounded-lg">
           <div className="uppercase text-xs tracking-widest text-gray-500 w-full flex items-center justify-between pb-4">
             app id
@@ -267,42 +241,44 @@ export default function Tokens({ params }: { params: { team: string; app: string
   }
 
   return (
-    <div className="w-full overflow-y-auto relative text-black dark:text-white grid grid-cols-1 md:grid-cols-3 gap-16">
-      <section className="md:col-span-3 max-w-screen-2xl">
+    <div className="w-full overflow-y-auto relative text-black dark:text-white space-y-16">
+      <section className="max-w-screen-xl">
         {orgsData?.organisations && (
           <UnlockKeyringDialog organisationId={orgsData.organisations[0].id} />
         )}
         {keyring !== null && (
-          <div className="grid grid-cols-3 mt-6 divide-x divide-neutral-500/20">
-            <div className="space-y-4 px-4 sticky top-[238px]">
+          <div className="flex gap-8 mt-6 divide-x divide-neutral-500/20 items-start">
+            <div className="space-y-4 border-l border-neutral-500/40 h-min">
               <div
                 role="button"
                 onClick={() => setActivePanel('secrets')}
                 className={clsx(
-                  'p-4 cursor-pointer rounded-md transition ease',
+                  'p-4 cursor-pointer border-l transition ease -ml-px w-60',
                   activePanel === 'secrets'
-                    ? 'bg-zinc-400 dark:bg-zinc-700 font-semibold'
-                    : 'bg-zinc-200 hover:bg-zinc-400 dark:bg-zinc-800 hover:dark:bg-zinc-700'
+                    ? 'bg-zinc-300 dark:bg-zinc-800 font-semibold border-emerald-500'
+                    : 'bg-zinc-200 dark:bg-zinc-900 hover:font-semibold border-neutral-500/40'
                 )}
               >
                 Secrets
               </div>
-              <div
-                role="button"
-                onClick={() => setActivePanel('kms')}
-                className={clsx(
-                  'p-4 cursor-pointer rounded-md transition ease',
-                  activePanel === 'kms'
-                    ? 'bg-zinc-400 dark:bg-zinc-700 font-semibold'
-                    : 'bg-zinc-200 hover:bg-zinc-400 dark:bg-zinc-800 hover:dark:bg-zinc-700'
-                )}
-              >
-                KMS
-              </div>
+              {organisation?.role?.toLowerCase() === 'owner' && (
+                <div
+                  role="button"
+                  onClick={() => setActivePanel('kms')}
+                  className={clsx(
+                    'p-4 cursor-pointer border-l transition ease -ml-px w-60',
+                    activePanel === 'kms'
+                      ? 'bg-zinc-300 dark:bg-zinc-800 font-semibold border-emerald-500'
+                      : 'bg-zinc-200 dark:bg-zinc-900 hover:font-semibold border-neutral-500/40'
+                  )}
+                >
+                  KMS
+                </div>
+              )}
             </div>
-            <div className="col-span-2 overflow-y-auto px-4">
+            <div className="overflow-y-auto px-4">
               {app && activePanel === 'secrets' && (
-                <SecretTokens organisationId={organisationId} appId={params.app} />
+                <SecretTokens organisationId={organisation!.id} appId={params.app} />
               )}
               {app && activePanel === 'kms' && <KmsPanel />}
             </div>
diff --git a/frontend/app/[team]/layout.tsx b/frontend/app/[team]/layout.tsx
index 9a8f3e26..8c630b58 100644
--- a/frontend/app/[team]/layout.tsx
+++ b/frontend/app/[team]/layout.tsx
@@ -21,7 +21,6 @@ export default function RootLayout({
     useContext(organisationContext)
 
   useEffect(() => {
-    console.log(activeOrganisation, params.team)
     if (organisations.length > 0 && activeOrganisation!.name !== params.team) {
       const altOrg = organisations.find((org) => org.name === params.team)
 
diff --git a/frontend/app/[team]/members/page.tsx b/frontend/app/[team]/members/page.tsx
index d413a06c..9f4ed3ab 100644
--- a/frontend/app/[team]/members/page.tsx
+++ b/frontend/app/[team]/members/page.tsx
@@ -3,10 +3,13 @@
 import GetOrganisationMembers from '@/graphql/queries/organisation/getOrganisationMembers.gql'
 import GetInvites from '@/graphql/queries/organisation/getInvites.gql'
 import GetApps from '@/graphql/queries/getApps.gql'
+import { GetAppEnvironments } from '@/graphql/queries/secrets/getAppEnvironments.gql'
+import { GetEnvironmentKey } from '@/graphql/queries/secrets/getEnvironmentKey.gql'
 import InviteMember from '@/graphql/mutations/organisation/inviteNewMember.gql'
-import DeleteInvite from '@/graphql/mutations/organisation/deleteInvite.gql'
+import DeleteOrgInvite from '@/graphql/mutations/organisation/deleteInvite.gql'
 import RemoveMember from '@/graphql/mutations/organisation/deleteOrgMember.gql'
 import UpdateMemberRole from '@/graphql/mutations/organisation/updateOrgMemberRole.gql'
+import AddMemberToApp from '@/graphql/mutations/apps/addAppMember.gql'
 import { useLazyQuery, useMutation, useQuery } from '@apollo/client'
 import { Fragment, useContext, useEffect, useState } from 'react'
 import {
@@ -14,17 +17,16 @@ import {
   OrganisationMemberType,
   AppType,
   ApiOrganisationMemberRoleChoices,
+  EnvironmentType,
 } from '@/apollo/graphql'
 import { Button } from '@/components/common/Button'
 import { organisationContext } from '@/contexts/organisationContext'
 import { relativeTimeFromDates } from '@/utils/time'
-import { Dialog, Listbox, RadioGroup, Transition } from '@headlessui/react'
+import { Dialog, Listbox, Transition } from '@headlessui/react'
 import {
   FaCheckSquare,
   FaChevronDown,
-  FaCircle,
   FaCopy,
-  FaDotCircle,
   FaPlus,
   FaSquare,
   FaTimes,
@@ -39,6 +41,9 @@ import { useSession } from 'next-auth/react'
 import { Avatar } from '@/components/common/Avatar'
 import { userIsAdmin } from '@/utils/permissions'
 import { RoleLabel } from '@/components/users/RoleLabel'
+import { KeyringContext } from '@/contexts/keyringContext'
+import { unwrapEnvSecretsForUser, wrapEnvSecretsForUser } from '@/utils/environments'
+import UnlockKeyringDialog from '@/components/auth/UnlockKeyringDialog'
 
 const handleCopy = (val: string) => {
   copyToClipBoard(val)
@@ -52,25 +57,114 @@ const inviteIsExpired = (invite: OrganisationMemberInviteType) => {
 const RoleSelector = (props: { member: OrganisationMemberType }) => {
   const { member } = props
 
+  const { activeOrganisation: organisation } = useContext(organisationContext)
+  const { keyring } = useContext(KeyringContext)
+
+  const { data: appsData, loading: appsLoading } = useQuery(GetApps, {
+    variables: { organisationId: organisation!.id, appId: '' },
+  })
+  const [getAppEnvs] = useLazyQuery(GetAppEnvironments)
+  const [getEnvKey] = useLazyQuery(GetEnvironmentKey)
   const [updateRole] = useMutation(UpdateMemberRole)
+  const [addMemberToApp] = useMutation(AddMemberToApp)
 
   const [role, setRole] = useState<string>(member.role)
 
   const isOwner = role.toLowerCase() === 'owner'
 
-  const { activeOrganisation: organisation } = useContext(organisationContext)
-
   const activeUserIsAdmin = organisation ? userIsAdmin(organisation.role!) : false
 
+  /**
+   * Handles the upgrade of a user from 'dev' to 'admin'.
+   * Env keys for all apps, are fetched and decrypted by the active user, then each key is re-encrypted for the new user and saved on the backend via the addMemberToApp mutation
+   *
+   * @returns {void}
+   */
+  const upgradeDevToAdmin = () => {
+    if (appsData) {
+      const apps = appsData.apps
+
+      // Function to process an individual app
+      const processApp = async (app: AppType) => {
+        //const keyring = await validateKeyring(password);
+        const { data: appEnvsData } = await getAppEnvs({ variables: { appId: app.id } })
+
+        const appEnvironments = appEnvsData.appEnvironments as EnvironmentType[]
+
+        const envKeyPromises = appEnvironments.map(async (env: EnvironmentType) => {
+          const { data } = await getEnvKey({
+            variables: {
+              envId: env.id,
+            },
+          })
+
+          const {
+            wrappedSeed: userWrappedSeed,
+            wrappedSalt: userWrappedSalt,
+            identityKey,
+          } = data.environmentKeys[0]
+
+          const { seed, salt } = await unwrapEnvSecretsForUser(
+            userWrappedSeed,
+            userWrappedSalt,
+            keyring!
+          )
+
+          const { wrappedSeed, wrappedSalt } = await wrapEnvSecretsForUser({ seed, salt }, member)
+
+          return {
+            envId: env.id,
+            userId: member.id,
+            identityKey,
+            wrappedSeed,
+            wrappedSalt,
+          }
+        })
+
+        const envKeyInputs = await Promise.all(envKeyPromises)
+
+        await addMemberToApp({
+          variables: { memberId: member.id, appId: app.id, envKeys: envKeyInputs },
+        })
+      }
+
+      // Process each app sequentially
+      const processAppsSequentially = async () => {
+        for (const app of apps) {
+          await processApp(app)
+        }
+      }
+
+      // Call the function to process all apps sequentially
+      processAppsSequentially()
+        .then(async () => {
+          // All apps have been processed
+          await updateRole({
+            variables: {
+              memberId: member.id,
+              role: 'admin',
+            },
+          })
+          toast.success('Updated member role', { autoClose: 2000 })
+        })
+        .catch((error) => {
+          console.error('Error processing apps:', error)
+        })
+    }
+  }
+
   const handleUpdateRole = async (newRole: string) => {
     setRole(newRole)
-    await updateRole({
-      variables: {
-        memberId: member.id,
-        role: newRole,
-      },
-    })
-    toast.success('Updated member role', { autoClose: 2000 })
+    if (newRole.toLowerCase() === 'admin') upgradeDevToAdmin()
+    else {
+      await updateRole({
+        variables: {
+          memberId: member.id,
+          role: newRole,
+        },
+      })
+      toast.success('Updated member role', { autoClose: 2000 })
+    }
   }
 
   const roleOptions = Object.keys(ApiOrganisationMemberRoleChoices).filter(
@@ -82,64 +176,50 @@ const RoleSelector = (props: { member: OrganisationMemberType }) => {
   return disabled ? (
     <RoleLabel role={role} />
   ) : (
-    <Listbox disabled={disabled} value={role} onChange={handleUpdateRole}>
-      {({ open }) => (
-        <>
-          <Listbox.Button as={Fragment} aria-required>
-            <div
-              className={clsx(
-                'p-2 flex items-center justify-between bg-zinc-300 dark:bg-zinc-800 rounded-md h-10',
-                disabled ? 'cursor-not-allowed' : 'cursor-pointer'
-              )}
-            >
-              <span
+    <div className="space-y-1 w-full relative">
+      <Listbox disabled={disabled} value={role} onChange={handleUpdateRole}>
+        {({ open }) => (
+          <>
+            <Listbox.Button as={Fragment} aria-required>
+              <div
                 className={clsx(
-                  'capitalize',
-                  disabled ? 'text-neutral-500' : 'text-black dark:text-white'
+                  'p-2 flex items-center justify-between  rounded-md h-10',
+                  disabled ? 'cursor-not-allowed' : 'cursor-pointer'
                 )}
               >
-                {role.toLowerCase()}
-              </span>
-              {!disabled && (
-                <FaChevronDown
-                  className={clsx(
-                    'transition-transform ease duration-300 text-neutral-500',
-                    open ? 'rotate-180' : 'rotate-0'
-                  )}
-                />
-              )}
-            </div>
-          </Listbox.Button>
-          <Transition
-            enter="transition duration-100 ease-out"
-            enterFrom="transform scale-95 opacity-0"
-            enterTo="transform scale-100 opacity-100"
-            leave="transition duration-75 ease-out"
-            leaveFrom="transform scale-100 opacity-100"
-            leaveTo="transform scale-95 opacity-0"
-          >
+                <RoleLabel role={role} />
+                {!disabled && (
+                  <FaChevronDown
+                    className={clsx(
+                      'transition-transform ease duration-300 text-neutral-500',
+                      open ? 'rotate-180' : 'rotate-0'
+                    )}
+                  />
+                )}
+              </div>
+            </Listbox.Button>
             <Listbox.Options>
-              <div className="bg-zinc-300 dark:bg-zinc-800 p-2 rounded-md shadow-2xl absolute z-20 w-full">
+              <div className="bg-zinc-300 dark:bg-zinc-800 p-2 rounded-md shadow-2xl absolute z-10 w-full">
                 {roleOptions.map((role: string) => (
                   <Listbox.Option key={role} value={role} as={Fragment}>
                     {({ active, selected }) => (
                       <div
                         className={clsx(
-                          'flex items-center gap-2 p-2 cursor-pointer',
-                          active && 'font-semibold'
+                          'flex items-center gap-2 p-2 cursor-pointer rounded-full',
+                          active && 'bg-zinc-400 dark:bg-zinc-700'
                         )}
                       >
-                        <span className="text-black dark:text-white">{role}</span>
+                        <RoleLabel role={role} />
                       </div>
                     )}
                   </Listbox.Option>
                 ))}
               </div>
             </Listbox.Options>
-          </Transition>
-        </>
-      )}
-    </Listbox>
+          </>
+        )}
+      </Listbox>
+    </div>
   )
 }
 
@@ -307,7 +387,7 @@ const InviteDialog = (props: { organisationId: string }) => {
 
                             <div className="space-y-2">
                               <label className="block text-gray-700 text-sm font-bold mb-2">
-                                App access
+                                App access (optional)
                               </label>
 
                               <div className="flex flex-wrap gap-4">
@@ -366,7 +446,7 @@ const InviteDialog = (props: { organisationId: string }) => {
 export default function Members({ params }: { params: { team: string } }) {
   const [getMembers, { data: membersData }] = useLazyQuery(GetOrganisationMembers)
   const [getInvites, { data: invitesData }] = useLazyQuery(GetInvites)
-  const [deleteInvite] = useMutation(DeleteInvite)
+  const [deleteInvite] = useMutation(DeleteOrgInvite)
 
   const sortedInvites: OrganisationMemberInviteType[] =
     invitesData?.organisationInvites
@@ -600,8 +680,10 @@ export default function Members({ params }: { params: { team: string } }) {
   return (
     <section className="h-screen overflow-y-auto">
       <div className="w-full space-y-10 p-8 text-black dark:text-white">
-        <h1 className="text-2xl font-semibold">{params.team} Members</h1>
-
+        <div className="space-y-1">
+          <h1 className="text-3xl font-semibold">{params.team} Members</h1>
+          <p className="text-neutral-500">Manage organisation members and roles.</p>
+        </div>
         <div className="Space-y-4">
           <div className="flex justify-end">
             {organisation && <InviteDialog organisationId={organisation.id} />}
@@ -634,7 +716,9 @@ export default function Members({ params }: { params: { team: string } }) {
                     </div>
                   </td>
                   <td className="px-6 py-4 whitespace-nowrap">
-                    <RoleSelector member={member} />
+                    <div>
+                      <RoleSelector member={member} />
+                    </div>
                   </td>
                   <td className="px-6 py-4 whitespace-nowrap capitalize">
                     {relativeTimeFromDates(new Date(member.createdAt))}
@@ -698,6 +782,9 @@ export default function Members({ params }: { params: { team: string } }) {
           </table>
         </div>
       </div>
+      {activeUserIsAdmin && organisation && (
+        <UnlockKeyringDialog organisationId={organisation.id} />
+      )}
     </section>
   )
 }
diff --git a/frontend/app/[team]/tokens/page.tsx b/frontend/app/[team]/tokens/page.tsx
new file mode 100644
index 00000000..17945b7b
--- /dev/null
+++ b/frontend/app/[team]/tokens/page.tsx
@@ -0,0 +1,508 @@
+'use client'
+
+import { CreateNewUserToken } from '@/graphql/mutations/users/createUserToken.gql'
+import { RevokeUserToken } from '@/graphql/mutations/users/deleteUserToken.gql'
+import { RevokeServiceToken } from '@/graphql/mutations/environments/deleteServiceToken.gql'
+import { CreateNewServiceToken } from '@/graphql/mutations/environments/createServiceToken.gql'
+import { GetUserTokens } from '@/graphql/queries/users/getUserTokens.gql'
+import { GetServiceTokens } from '@/graphql/queries/secrets/getServiceTokens.gql'
+import { GetEnvironmentKey } from '@/graphql/queries/secrets/getEnvironmentKey.gql'
+import { GetAppEnvironments } from '@/graphql/queries/secrets/getAppEnvironments.gql'
+import {
+  generateUserToken,
+  newEnvToken,
+  newEnvWrapKey,
+  newServiceTokenKeys,
+  unwrapEnvSecretsForUser,
+  wrapEnvSecretsForServiceToken,
+} from '@/utils/environments'
+import { EnvironmentType, ServiceTokenType, UserTokenType } from '@/apollo/graphql'
+import { cryptoUtils } from '@/utils/auth'
+import { getUserKxPublicKey, getUserKxPrivateKey } from '@/utils/crypto'
+import { splitSecret } from '@/utils/keyshares'
+import { useLazyQuery, useMutation, useQuery } from '@apollo/client'
+import { useState, useEffect, useContext, Fragment } from 'react'
+import { KeyringContext } from '@/contexts/keyringContext'
+import { Button } from '@/components/common/Button'
+import {
+  FaCheckSquare,
+  FaChevronDown,
+  FaCircle,
+  FaDotCircle,
+  FaExclamationTriangle,
+  FaKey,
+  FaPlus,
+  FaSquare,
+  FaTimes,
+  FaTrashAlt,
+  FaUserLock,
+} from 'react-icons/fa'
+import { getUnixTimeStampinFuture, relativeTimeFromDates } from '@/utils/time'
+import { Dialog, Listbox, RadioGroup, Transition } from '@headlessui/react'
+import { copyToClipBoard } from '@/utils/clipboard'
+import { MdContentCopy } from 'react-icons/md'
+import { toast } from 'react-toastify'
+import clsx from 'clsx'
+import { organisationContext } from '@/contexts/organisationContext'
+import { userIsAdmin } from '@/utils/permissions'
+import { Avatar } from '@/components/common/Avatar'
+import UnlockKeyringDialog from '@/components/auth/UnlockKeyringDialog'
+
+interface ExpiryOptionT {
+  name: string
+  getExpiry: () => number | null
+}
+
+const handleCopy = (val: string) => {
+  copyToClipBoard(val)
+  toast.info('Copied', {
+    autoClose: 2000,
+  })
+}
+
+const tokenExpiryOptions: ExpiryOptionT[] = [
+  {
+    name: 'Never',
+    getExpiry: () => null,
+  },
+  {
+    name: '7 days',
+    getExpiry: () => getUnixTimeStampinFuture(7),
+  },
+  {
+    name: '30 days',
+    getExpiry: () => getUnixTimeStampinFuture(30),
+  },
+  {
+    name: '60 days',
+    getExpiry: () => getUnixTimeStampinFuture(60),
+  },
+  {
+    name: '90 days',
+    getExpiry: () => getUnixTimeStampinFuture(90),
+  },
+]
+
+const compareExpiryOptions = (a: ExpiryOptionT, b: ExpiryOptionT) => {
+  return a.getExpiry() === b.getExpiry()
+}
+
+const humanReadableExpiry = (expiryOption: ExpiryOptionT) =>
+  expiryOption.getExpiry() === null
+    ? 'This token will never expire.'
+    : `This token will expire on ${new Date(expiryOption.getExpiry()!).toLocaleDateString()}.`
+
+const CreateUserTokenDialog = (props: { organisationId: string }) => {
+  const { organisationId } = props
+
+  const { keyring } = useContext(KeyringContext)
+
+  const [isOpen, setIsOpen] = useState<boolean>(false)
+  const [name, setName] = useState<string>('')
+  const [expiry, setExpiry] = useState<ExpiryOptionT>(tokenExpiryOptions[0])
+
+  const [userToken, setUserToken] = useState<string>('')
+  const [createUserToken] = useMutation(CreateNewUserToken)
+
+  const reset = () => {
+    setName('')
+    setUserToken('')
+  }
+
+  const closeModal = () => {
+    reset()
+    setIsOpen(false)
+  }
+
+  const openModal = () => {
+    setIsOpen(true)
+  }
+
+  const handleCreateNewUserToken = async (event: { preventDefault: () => void }) => {
+    event.preventDefault()
+
+    if (name.length === 0) {
+      toast.error('You must enter a name for the token')
+      return false
+    }
+
+    if (keyring) {
+      const userKxKeys = {
+        publicKey: await getUserKxPublicKey(keyring.publicKey),
+        privateKey: await getUserKxPrivateKey(keyring.privateKey),
+      }
+
+      const { pssUser, mutationPayload } = await generateUserToken(
+        organisationId,
+        userKxKeys,
+        name,
+        expiry.getExpiry()
+      )
+
+      await createUserToken({
+        variables: mutationPayload,
+        refetchQueries: [
+          {
+            query: GetUserTokens,
+            variables: {
+              organisationId,
+            },
+          },
+        ],
+      })
+
+      setUserToken(pssUser)
+    } else {
+      console.log('keyring unavailable')
+    }
+  }
+
+  return (
+    <>
+      <div className="flex items-center">
+        <Button variant="primary" onClick={openModal} title="Delete secret">
+          <div className="flex items-center gap-1">
+            <FaPlus /> Create User Token
+          </div>
+        </Button>
+      </div>
+
+      <Transition appear show={isOpen} as={Fragment}>
+        <Dialog as="div" className="relative z-10" onClose={() => {}}>
+          <Transition.Child
+            as={Fragment}
+            enter="ease-out duration-300"
+            enterFrom="opacity-0"
+            enterTo="opacity-100"
+            leave="ease-in duration-200"
+            leaveFrom="opacity-100"
+            leaveTo="opacity-0"
+          >
+            <div className="fixed inset-0 bg-black/25 backdrop-blur-md" />
+          </Transition.Child>
+
+          <div className="fixed inset-0 overflow-y-auto">
+            <div className="flex min-h-full items-center justify-center p-4 text-center">
+              <Transition.Child
+                as={Fragment}
+                enter="ease-out duration-300"
+                enterFrom="opacity-0 scale-95"
+                enterTo="opacity-100 scale-100"
+                leave="ease-in duration-200"
+                leaveFrom="opacity-100 scale-100"
+                leaveTo="opacity-0 scale-95"
+              >
+                <Dialog.Panel className="w-full max-w-2xl transform overflow-hidden rounded-2xl bg-neutral-100 dark:bg-neutral-900 p-6 text-left align-middle shadow-xl transition-all">
+                  <Dialog.Title as="div" className="flex w-full justify-between">
+                    <h3 className="text-lg font-medium leading-6 text-black dark:text-white ">
+                      Create a new User token
+                    </h3>
+
+                    <Button variant="text" onClick={closeModal}>
+                      <FaTimes className="text-zinc-900 dark:text-zinc-400 hover:text-zinc-700 dark:hover:text-zinc-300" />
+                    </Button>
+                  </Dialog.Title>
+
+                  {userToken ? (
+                    <div className="py-4">
+                      <div className="bg-blue-200 dark:bg-blue-400/10 shadow-inner p-3 rounded-lg">
+                        <div className="w-full flex items-center justify-between pb-4">
+                          <span className="uppercase text-xs tracking-widest text-gray-500">
+                            user token
+                          </span>
+                          <div className="flex gap-4">
+                            {userToken && (
+                              <div className="rounded-lg bg-amber-800/30 text-amber-500 p-2 flex items-center gap-4">
+                                <FaExclamationTriangle />
+                                <div className="text-2xs">
+                                  {"Copy this value. You won't see it again!"}
+                                </div>
+                              </div>
+                            )}
+                            {userToken && (
+                              <Button variant="outline" onClick={() => handleCopy(userToken)}>
+                                <MdContentCopy /> Copy
+                              </Button>
+                            )}
+                          </div>
+                        </div>
+                        <code className="text-xs break-all text-blue-500">{userToken}</code>
+                      </div>
+                    </div>
+                  ) : (
+                    <form className="space-y-6 p-4" onSubmit={handleCreateNewUserToken}>
+                      <div className="space-y-2 w-full">
+                        <label
+                          className="block text-gray-700 text-sm font-bold mb-2"
+                          htmlFor="name"
+                        >
+                          Token name
+                        </label>
+                        <input
+                          required
+                          id="name"
+                          value={name}
+                          onChange={(e) => setName(e.target.value)}
+                        />
+                      </div>
+
+                      <div>
+                        <RadioGroup value={expiry} by={compareExpiryOptions} onChange={setExpiry}>
+                          <RadioGroup.Label as={Fragment}>
+                            <label className="block text-gray-700 text-sm font-bold mb-2">
+                              Expiry
+                            </label>
+                          </RadioGroup.Label>
+                          <div className="flex flex-wrap items-center gap-2">
+                            {tokenExpiryOptions.map((option) => (
+                              <RadioGroup.Option key={option.name} value={option} as={Fragment}>
+                                {({ active, checked }) => (
+                                  <div
+                                    className={clsx(
+                                      'flex items-center gap-2 py-1 px-2 cursor-pointer bg-zinc-800 border border-zinc-800  rounded-full',
+                                      active && 'border-zinc-700',
+                                      checked && 'bg-zinc-700'
+                                    )}
+                                  >
+                                    {checked ? (
+                                      <FaDotCircle className="text-emerald-500" />
+                                    ) : (
+                                      <FaCircle />
+                                    )}
+                                    {option.name}
+                                  </div>
+                                )}
+                              </RadioGroup.Option>
+                            ))}
+                          </div>
+                        </RadioGroup>
+                        <span className="text-sm text-neutral-500">
+                          {humanReadableExpiry(expiry)}
+                        </span>
+                      </div>
+
+                      <div className="flex items-center gap-4">
+                        <Button variant="secondary" type="button" onClick={closeModal}>
+                          Cancel
+                        </Button>
+                        <Button variant="primary" type="submit">
+                          Create
+                        </Button>
+                      </div>
+                    </form>
+                  )}
+                </Dialog.Panel>
+              </Transition.Child>
+            </div>
+          </div>
+        </Dialog>
+      </Transition>
+    </>
+  )
+}
+
+export default function Tokens({ params }: { params: { team: string } }) {
+  const [getUserTokens, { data: userTokensData }] = useLazyQuery(GetUserTokens)
+
+  const [deleteUserToken] = useMutation(RevokeUserToken)
+
+  const { activeOrganisation: organisation } = useContext(organisationContext)
+
+  const organisationId = organisation?.id
+
+  const handleDeleteUserToken = async (tokenId: string) => {
+    await deleteUserToken({
+      variables: { tokenId },
+      refetchQueries: [
+        {
+          query: GetUserTokens,
+          variables: {
+            organisationId,
+          },
+        },
+      ],
+    })
+  }
+
+  useEffect(() => {
+    if (organisationId) {
+      getUserTokens({
+        variables: {
+          organisationId,
+        },
+      })
+    }
+  }, [getUserTokens, organisationId])
+
+  const userTokens =
+    userTokensData?.userTokens.sort((a: UserTokenType, b: UserTokenType) => {
+      return new Date(b.createdAt).getTime() - new Date(a.createdAt).getTime()
+    }) || []
+
+  const DeleteConfirmDialog = (props: {
+    token: UserTokenType | ServiceTokenType
+    onDelete: Function
+  }) => {
+    const { token, onDelete } = props
+
+    const [isOpen, setIsOpen] = useState<boolean>(false)
+
+    const closeModal = () => {
+      setIsOpen(false)
+    }
+
+    const openModal = () => {
+      setIsOpen(true)
+    }
+
+    return (
+      <>
+        <div className="flex items-center justify-center">
+          <Button variant="danger" onClick={openModal} title="Delete Token">
+            <div className="text-white dark:text-red-500 flex items-center gap-1 p-1">
+              <FaTrashAlt />
+            </div>
+          </Button>
+        </div>
+
+        <Transition appear show={isOpen} as={Fragment}>
+          <Dialog as="div" className="relative z-10" onClose={closeModal}>
+            <Transition.Child
+              as={Fragment}
+              enter="ease-out duration-300"
+              enterFrom="opacity-0"
+              enterTo="opacity-100"
+              leave="ease-in duration-200"
+              leaveFrom="opacity-100"
+              leaveTo="opacity-0"
+            >
+              <div className="fixed inset-0 bg-black/25 backdrop-blur-md" />
+            </Transition.Child>
+
+            <div className="fixed inset-0 overflow-y-auto">
+              <div className="flex min-h-full items-center justify-center p-4 text-center">
+                <Transition.Child
+                  as={Fragment}
+                  enter="ease-out duration-300"
+                  enterFrom="opacity-0 scale-95"
+                  enterTo="opacity-100 scale-100"
+                  leave="ease-in duration-200"
+                  leaveFrom="opacity-100 scale-100"
+                  leaveTo="opacity-0 scale-95"
+                >
+                  <Dialog.Panel className="w-full max-w-2xl transform overflow-hidden rounded-2xl bg-neutral-100 dark:bg-neutral-900 p-6 text-left align-middle shadow-xl transition-all">
+                    <Dialog.Title as="div" className="flex w-full justify-between">
+                      <h3 className="text-lg font-medium leading-6 text-black dark:text-white ">
+                        Delete{' '}
+                        <span className="text-zinc-700 dark:text-zinc-200 font-mono">
+                          {token.name}
+                        </span>
+                      </h3>
+
+                      <Button variant="text" onClick={closeModal}>
+                        <FaTimes className="text-zinc-900 dark:text-zinc-400 hover:text-zinc-700 dark:hover:text-zinc-300" />
+                      </Button>
+                    </Dialog.Title>
+
+                    <div className="space-y-6 p-4">
+                      <p className="text-neutral-500">
+                        Are you sure you want to delete this token?
+                      </p>
+                      <div className="flex items-center gap-4">
+                        <Button variant="secondary" type="button" onClick={closeModal}>
+                          Cancel
+                        </Button>
+                        <Button variant="danger" onClick={() => onDelete(token.id)}>
+                          Delete
+                        </Button>
+                      </div>
+                    </div>
+                  </Dialog.Panel>
+                </Transition.Child>
+              </div>
+            </div>
+          </Dialog>
+        </Transition>
+      </>
+    )
+  }
+
+  const CreatedToken = (props: {
+    token: ServiceTokenType | UserTokenType
+    deleteHandler: Function
+  }) => {
+    const { token, deleteHandler } = props
+
+    const isExpired = token.expiresAt === null ? false : new Date(token.expiresAt) < new Date()
+
+    return (
+      <tr className="group">
+        <td className="flex items-center gap-4 p-2">
+          <FaKey className="text-teal-500/50 text-lg" />
+          <div className="space-y-0">
+            <div className="text-lg font-medium">{token.name}</div>
+            <div className="flex items-center gap-8 text-sm text-neutral-500">
+              <div className="flex items-center gap-2">
+                <div>Created {relativeTimeFromDates(new Date(token.createdAt))}</div>
+              </div>
+            </div>
+          </div>
+        </td>
+
+        <td className={clsx('p-2', isExpired && 'text-red-500')}>
+          {isExpired ? 'Expired' : 'Expires'}{' '}
+          {token.expiresAt ? relativeTimeFromDates(new Date(token.expiresAt)) : 'never'}
+        </td>
+
+        <td className="opacity-0 group-hover:opacity-100 transition-opacity ease p-2 justify-end flex">
+          <DeleteConfirmDialog token={token} onDelete={deleteHandler} />
+        </td>
+      </tr>
+    )
+  }
+
+  return (
+    <section className="h-screen overflow-y-auto">
+      {organisation && <UnlockKeyringDialog organisationId={organisation.id} />}
+      <div className="w-full space-y-8 p-8 text-black dark:text-white">
+        <div className="space-y-1">
+          <h1 className="text-3xl font-semibold">User tokens</h1>
+          <p className="text-neutral-500">
+            Tokens used to authenticate with the CLI from personal devices. Used for development and
+            manual configuration.
+          </p>
+        </div>
+        <div className="space-y-6 pb-6 divide-y-2 divide-neutral-500/40">
+          <div className="space-y-4">
+            <div className="flex justify-end py-4">
+              <CreateUserTokenDialog organisationId={organisationId!} />
+            </div>
+            <table className="table-auto min-w-full divide-y divide-zinc-500/40">
+              <thead>
+                <tr>
+                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+                    token
+                  </th>
+
+                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">
+                    expiry
+                  </th>
+                  <th className="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider"></th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-zinc-500/40">
+                {userTokens.map((userToken: UserTokenType) => (
+                  <CreatedToken
+                    key={userToken.id}
+                    token={userToken}
+                    deleteHandler={handleDeleteUserToken}
+                  />
+                ))}
+              </tbody>
+            </table>
+          </div>
+        </div>
+      </div>
+    </section>
+  )
+}
diff --git a/frontend/app/invite/[invite]/page.tsx b/frontend/app/invite/[invite]/page.tsx
index 15e355e2..8d2b4c61 100644
--- a/frontend/app/invite/[invite]/page.tsx
+++ b/frontend/app/invite/[invite]/page.tsx
@@ -3,7 +3,7 @@
 import { cryptoUtils } from '@/utils/auth'
 import VerifyInvite from '@/graphql/queries/organisation/validateOrganisationInvite.gql'
 import AcceptOrganisationInvite from '@/graphql/mutations/organisation/acceptInvite.gql'
-import { useMutation, useQuery } from '@apollo/client'
+import { useLazyQuery, useMutation, useQuery } from '@apollo/client'
 import { HeroPattern } from '@/components/common/HeroPattern'
 import { Button } from '@/components/common/Button'
 import { FaArrowRight } from 'react-icons/fa'
@@ -39,9 +39,7 @@ const InvalidInvite = () => (
 )
 
 export default function Invite({ params }: { params: { invite: string } }) {
-  const { data, loading } = useQuery(VerifyInvite, {
-    variables: { inviteId: cryptoUtils.decodeInvite(params.invite) },
-  })
+  const [verifyInvite, { data, loading }] = useLazyQuery(VerifyInvite)
 
   const [acceptInvite] = useMutation(AcceptOrganisationInvite)
 
@@ -59,6 +57,19 @@ export default function Invite({ params }: { params: { invite: string } }) {
   const [mnemonic, setMnemonic] = useState('')
   const [isloading, setIsLoading] = useState<boolean>(false)
 
+  useEffect(() => {
+    const handleVerifyInvite = async () => {
+      const inviteId = await cryptoUtils.decodeInvite(params.invite)
+
+      await verifyInvite({
+        variables: { inviteId },
+      })
+    }
+
+    if (params.invite) handleVerifyInvite()
+    // eslint-disable-next-line react-hooks/exhaustive-deps
+  }, [params.invite])
+
   const steps: Step[] = [
     {
       index: 0,
diff --git a/frontend/components/apps/NewAppDialog.tsx b/frontend/components/apps/NewAppDialog.tsx
index aea84af3..97d86c9b 100644
--- a/frontend/components/apps/NewAppDialog.tsx
+++ b/frontend/components/apps/NewAppDialog.tsx
@@ -1,9 +1,9 @@
-import { cryptoUtils } from '@/utils/auth'
+import { OrganisationKeyring, cryptoUtils } from '@/utils/auth'
 import { copyToClipBoard } from '@/utils/clipboard'
 import { getLocalKeyring } from '@/utils/localStorage'
 import { Dialog, Transition } from '@headlessui/react'
 import { useSession } from 'next-auth/react'
-import { Fragment, ReactNode, useEffect, useState } from 'react'
+import { Fragment, ReactNode, useContext, useEffect, useState } from 'react'
 import { FaCopy, FaCross, FaExclamationTriangle, FaEye, FaEyeSlash, FaTimes } from 'react-icons/fa'
 import { toast } from 'react-toastify'
 import { Button } from '../common/Button'
@@ -17,6 +17,7 @@ import {
 } from '@/apollo/graphql'
 import { splitSecret } from '@/utils/keyshares'
 import { UpgradeRequestForm } from '../forms/UpgradeRequestForm'
+import { KeyringContext } from '@/contexts/keyringContext'
 
 const FREE_APP_LIMIT = 5
 const PRO_APP_LIMIT = 10
@@ -44,6 +45,8 @@ export default function NewAppDialog(props: {
     variant: 'primary',
   }
 
+  const { keyring, setKeyring } = useContext(KeyringContext)
+
   const complete = () => appId && appSecret
 
   const reset = () => {
@@ -67,6 +70,21 @@ export default function NewAppDialog(props: {
     toast.info('Copied')
   }
 
+  const validateKeyring = async (password: string) => {
+    return new Promise<OrganisationKeyring>(async (resolve) => {
+      if (keyring) resolve(keyring)
+      else {
+        const decryptedKeyring = await cryptoUtils.getKeyring(
+          session?.user?.email!,
+          organisation!.id,
+          password
+        )
+        setKeyring(decryptedKeyring)
+        resolve(decryptedKeyring)
+      }
+    })
+  }
+
   const handleCreateApp = async () => {
     const APP_VERSION = 1
 
@@ -78,18 +96,8 @@ export default function NewAppDialog(props: {
         const id = crypto.randomUUID()
 
         try {
-          const deviceKey = await cryptoUtils.deviceVaultKey(pw, session?.user?.email!)
-          const encryptedKeyring = getLocalKeyring(session?.user?.email!, organisation.id)
-          if (!encryptedKeyring) throw 'Error fetching local encrypted keys from browser'
-          const decryptedKeyring = await cryptoUtils.decryptAccountKeyring(
-            encryptedKeyring!,
-            deviceKey
-          )
-          if (!decryptedKeyring) throw 'Failed to decrypt keys'
-          const encryptedAppSeed = await cryptoUtils.encryptedAppSeed(
-            appSeed,
-            decryptedKeyring.symmetricKey
-          )
+          const keyring = await validateKeyring(pw)
+          const encryptedAppSeed = await cryptoUtils.encryptedAppSeed(appSeed, keyring.symmetricKey)
           const appKeys = await cryptoUtils.appKeyring(appSeed)
           const appKeyShares = await splitSecret(appKeys.privateKey)
 
@@ -121,6 +129,7 @@ export default function NewAppDialog(props: {
           setAppId(`phApp:v${APP_VERSION}:${appKeys.publicKey}`)
 
           resolve(true)
+          closeModal()
         } catch (error) {
           reject(error)
         }
@@ -235,33 +244,35 @@ export default function NewAppDialog(props: {
                           />
                         </div>
 
-                        <div className="flex flex-col justify-center max-w-md mx-auto">
-                          <label
-                            className="block text-gray-700 text-sm font-bold mb-2"
-                            htmlFor="password"
-                          >
-                            Sudo password
-                          </label>
-                          <div className="relative">
-                            <input
-                              id="password"
-                              value={pw}
-                              onChange={(e) => setPw(e.target.value)}
-                              type={showPw ? 'text' : 'password'}
-                              minLength={16}
-                              required
-                              className="w-full "
-                            />
-                            <button
-                              className="absolute inset-y-0 right-4"
-                              type="button"
-                              onClick={() => setShowPw(!showPw)}
-                              tabIndex={-1}
+                        {!keyring && (
+                          <div className="flex flex-col justify-center max-w-md mx-auto">
+                            <label
+                              className="block text-gray-700 text-sm font-bold mb-2"
+                              htmlFor="password"
                             >
-                              {showPw ? <FaEyeSlash /> : <FaEye />}
-                            </button>
+                              Sudo password
+                            </label>
+                            <div className="relative">
+                              <input
+                                id="password"
+                                value={pw}
+                                onChange={(e) => setPw(e.target.value)}
+                                type={showPw ? 'text' : 'password'}
+                                minLength={16}
+                                required
+                                className="w-full "
+                              />
+                              <button
+                                className="absolute inset-y-0 right-4"
+                                type="button"
+                                onClick={() => setShowPw(!showPw)}
+                                tabIndex={-1}
+                              >
+                                {showPw ? <FaEyeSlash /> : <FaEye />}
+                              </button>
+                            </div>
                           </div>
-                        </div>
+                        )}
                       </div>
 
                       <div className="mt-8 flex items-center w-full justify-between">
diff --git a/frontend/components/apps/tokens/SecretTokens.tsx b/frontend/components/apps/tokens/SecretTokens.tsx
index 719e2239..a3890dad 100644
--- a/frontend/components/apps/tokens/SecretTokens.tsx
+++ b/frontend/components/apps/tokens/SecretTokens.tsx
@@ -538,7 +538,7 @@ const CreateServiceTokenDialog = (props: { organisationId: string; appId: string
                                 </label>
                               </Listbox.Label>
                               <Listbox.Button as={Fragment} aria-required>
-                                <div className="p-2 flex items-center justify-between bg-zinc-300 dark:bg-zinc-800 rounded-md cursor-pointer h-10">
+                                <div className="p-2 flex items-center justify-between bg-zinc-100 dark:bg-zinc-800 rounded-md border border-neutral-500/40 cursor-pointer h-10">
                                   <span className="text-black dark:text-white">
                                     {envScope
                                       .map((env: Partial<EnvironmentType>) => env.name)
@@ -561,7 +561,7 @@ const CreateServiceTokenDialog = (props: { organisationId: string; appId: string
                                 leaveTo="transform scale-95 opacity-0"
                               >
                                 <Listbox.Options>
-                                  <div className="bg-zinc-300 dark:bg-zinc-800 p-2 rounded-md shadow-2xl absolute z-10 w-full">
+                                  <div className="bg-zinc-100 dark:bg-zinc-800 p-2 rounded-md border border-neutral-500/40 shadow-2xl absolute z-10 w-full">
                                     {envOptions.map((env: Partial<EnvironmentType>) => (
                                       <Listbox.Option key={env.id} value={env} as={Fragment}>
                                         {({ active, selected }) => (
@@ -574,7 +574,7 @@ const CreateServiceTokenDialog = (props: { organisationId: string; appId: string
                                             {selected ? (
                                               <FaCheckSquare className="text-emerald-500" />
                                             ) : (
-                                              <FaSquare />
+                                              <FaSquare className="text-neutral-500" />
                                             )}
                                             <span className="text-black dark:text-white">
                                               {env.name}
diff --git a/frontend/components/auth/UnlockKeyringDialog.tsx b/frontend/components/auth/UnlockKeyringDialog.tsx
index 5b064d92..59f8bb43 100644
--- a/frontend/components/auth/UnlockKeyringDialog.tsx
+++ b/frontend/components/auth/UnlockKeyringDialog.tsx
@@ -94,14 +94,14 @@ export default function UnlockKeyringDialog(props: { organisationId: string }) {
                       </p>
                     </div>
                     <div className="flex justify-between items-end gap-4">
-                      <div className="space-y-4 w-full">
+                      <div className="space-y-1 w-full">
                         <label
                           className="block text-gray-700 text-sm font-bold mb-2"
                           htmlFor="password"
                         >
                           Sudo password
                         </label>
-                        <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-sm p-px">
+                        <div className="flex justify-between w-full bg-zinc-100 dark:bg-zinc-800 ring-1 ring-inset ring-neutral-500/40 roudned-md focus-within:ring-1 focus-within:ring-inset focus-within:ring-emerald-500 rounded-md p-px">
                           <input
                             id="password"
                             value={password}
@@ -110,10 +110,10 @@ export default function UnlockKeyringDialog(props: { organisationId: string }) {
                             minLength={16}
                             required
                             autoFocus
-                            className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800"
+                            className="custom w-full text-zinc-800 font-mono dark:text-white bg-zinc-100 dark:bg-zinc-800 rounded-md"
                           />
                           <button
-                            className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500"
+                            className="bg-zinc-100 dark:bg-zinc-800 px-4 text-neutral-500 rounded-md"
                             type="button"
                             onClick={() => setShowPw(!showPw)}
                             tabIndex={-1}
diff --git a/frontend/components/common/Alert.tsx b/frontend/components/common/Alert.tsx
index 39cd9469..4e35a56c 100644
--- a/frontend/components/common/Alert.tsx
+++ b/frontend/components/common/Alert.tsx
@@ -1,15 +1,33 @@
 import clsx from 'clsx'
 import { ReactNode } from 'react'
+import { FaCheck, FaExclamationTriangle, FaInfoCircle } from 'react-icons/fa'
 
-export const Alert = (props: { children: ReactNode; variant: 'success' | 'warning' | 'info' }) => {
-  const variants = {
+export const Alert = (props: {
+  children: ReactNode
+  variant: 'success' | 'warning' | 'info'
+  icon?: boolean
+}) => {
+  const variantStyles = {
     success: 'bg-emerald-200/60 dark:bg-emerald-400/10 ring-emerald-500 text-emerald-500',
-    warning: 'bg-orange-800/20 dark:bg-orange-800/30 ring-orange-500 text-orange-500',
-    info: 'bg-sky-800/30 ring-sky-500 text-sky-500',
+    warning:
+      'bg-amber-300/40 dark:bg-amber-400/10 ring-amber-500/40 text-black dark:text-amber-400',
+    info: 'bg-cyan-300/40 dark:bg-cyan-800/30 ring-cyan-400/10 text-black dark:text-cyan-400',
+  }
+
+  const variantIcons = {
+    success: <FaCheck />,
+    warning: <FaExclamationTriangle className="shrink-0" />,
+    info: <FaInfoCircle className="shrink-0" />,
   }
 
   return (
-    <div className={clsx('rounded-lg ring-1 ring-inset p-4', variants[props.variant])}>
+    <div
+      className={clsx(
+        'rounded-lg ring-1 ring-inset p-4 flex items-center gap-4',
+        variantStyles[props.variant]
+      )}
+    >
+      {props.icon && variantIcons[props.variant]}
       {props.children}
     </div>
   )
diff --git a/frontend/components/layout/Sidebar.tsx b/frontend/components/layout/Sidebar.tsx
index d8f3b132..6c419f54 100644
--- a/frontend/components/layout/Sidebar.tsx
+++ b/frontend/components/layout/Sidebar.tsx
@@ -1,10 +1,9 @@
 'use client'
 
 import Link from 'next/link'
-import UserMenu from '../UserMenu'
 import { usePathname } from 'next/navigation'
 import clsx from 'clsx'
-import { FaCog, FaCubes, FaHome, FaUsersCog } from 'react-icons/fa'
+import { FaCog, FaCubes, FaHome, FaKey, FaUsersCog } from 'react-icons/fa'
 
 export type SidebarLinkT = {
   name: string
@@ -53,6 +52,12 @@ const Sidebar = () => {
       icon: <FaUsersCog size="20" />,
       active: usePathname() === `/${team}/members`,
     },
+    {
+      name: 'Tokens',
+      href: `/${team}/tokens`,
+      icon: <FaKey size="20" />,
+      active: usePathname() === `/${team}/tokens`,
+    },
     {
       name: 'Settings',
       href: `/${team}/settings`,
@@ -64,7 +69,7 @@ const Sidebar = () => {
   return (
     <nav className="h-screen flex flex-col divide-y divide-neutral-300 dark:divide-neutral-800 items-start justify-between pt-20 bg-neutral-100 dark:bg-zinc-900 text-black dark:text-white">
       <div className="gap-4 p-4 grid grid-cols-1">
-        {links.slice(0, 3).map((link) => (
+        {links.slice(0, 4).map((link) => (
           <SidebarLink
             key={link.name}
             name={link.name}
@@ -77,11 +82,11 @@ const Sidebar = () => {
       <div className="p-4">
         {
           <SidebarLink
-            key={links[3].name}
-            name={links[3].name}
-            href={links[3].href}
-            icon={links[3].icon}
-            active={links[3].active}
+            key={links[4].name}
+            name={links[4].name}
+            href={links[4].href}
+            icon={links[4].icon}
+            active={links[4].active}
           />
         }
       </div>
diff --git a/frontend/graphql/mutations/organisation/deleteInvite.gql b/frontend/graphql/mutations/organisation/deleteInvite.gql
index 9472ef37..aa19e849 100644
--- a/frontend/graphql/mutations/organisation/deleteInvite.gql
+++ b/frontend/graphql/mutations/organisation/deleteInvite.gql
@@ -1,4 +1,4 @@
-mutation DeleteInvite($inviteId: ID!) {
+mutation DeleteOrgInvite($inviteId: ID!) {
   deleteInvitation(inviteId: $inviteId) {
     ok
   }
diff --git a/frontend/utils/auth.ts b/frontend/utils/auth.ts
index 86805fd9..027f81cb 100644
--- a/frontend/utils/auth.ts
+++ b/frontend/utils/auth.ts
@@ -394,7 +394,8 @@ export namespace cryptoUtils {
     return `${hostname}/invite/${encodedInvite}`
   }
 
-  export const decodeInvite = (hash: string) => {
+  export const decodeInvite = async (hash: string) => {
+    await _sodium.ready
     const sodium = _sodium
 
     return sodium.to_string(sodium.from_base64(hash, sodium.base64_variants.ORIGINAL))