Service Accounts

A service account is an authorization mechanism that facilitates programmatic access to secrets. Users typically programmatically access secrets through a personal token or CLI token, but this ties any action to that user's identity. In the case of almost all other workloads, the events shouldn't be tied to a user and instead are tied to a service account. Unlike service tokens, service accounts can be assigned to multiple projects and granted access at the workplace-level.

📷

Service Accounts requires an upgraded subscription

Service accounts is available with our Team and Enterprise plans. View our plans or book a demo for more details.

Requirements

  • Team or Enterprise plan
  • Admin role or the Manage Service Accounts permission

Overview

A service account consists of a workplace role, project access, and tokens.

  • The workplace role defines actions the service account can take at the workplace-level
  • Project access grants the service account access to projects and environments
  • A token is the means of authenticating the request. A service account can contain 0..n tokens

Create a Service Account

  • From the left navigation, select Team
  • Select the Service Accounts tab
  • Click the + button
  • Name your service account and click Create Service Account

By default, service accounts do not have a workplace role or any project access granted to them and thus can't do anything until access is granted.

Assign a Workplace Role to a Service Account

To assign a workplace or project role, click the pencil icon to the right of the corresponding scope

Clicking the pencil opens a pane where the appropriate role can be selected. As well, you can define an inline role by manually selecting permissions.

Assign a Service Account to a Project

  1. Navigate to project the service account should access
  2. From the left navigation, select Members
  3. In the input under Add Members, search for the service account and select it
  4. It now appears in the table below where the appropriate role and environments can be selected

👍

Adding service accounts to user groups is coming soon

Create a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Click the + button next to Service Account API Tokens
  3. Enter a name for the token
  4. Copy the token to use later. It will not be shown again

Roll a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Scroll to the Service Account API Tokens table
  3. Locate the token you would like to roll. Click the three-dot menu on the far right, and from the menu, select roll
  4. The new token will only be shown once

Delete a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Scroll to the Service Account API Tokens table
  3. Locate the token you would like to delete. Click the three-dot menu on the far right, and from the menu, select delete