Service Accounts

🚧

This feature is in Beta

Service Accounts are currently in beta. To request access, reach out to support.

A service account is an authorization mechanism that facilitates programmatic access to secrets. Users typically programmatically access secrets through a personal token or CLI token, but this ties any action to that user's identity. In the case of almost all other workloads, the events shouldn't be tied to a user and instead are tied to a service account. Unlike service tokens, service accounts can be assigned to any more of projects.

Requirements

  • Team or Enterprise plan
  • Admin role or the Manage Service Accounts permission

Overview

A service account consists of roles and tokens.

  • Roles define what actions a service account can take on a Doppler projects and workplaces
  • A token is the means of authenticating the request. A service account can contain 0..n tokens

Create a Service Account

  • From the left navigation, select Team
  • Select the Service Accounts tab
  • Click the + button
  • Name your service account and click Create Service Account

Assign Roles to a Service Account

By default, service accounts do not have roles attached to them and thus can't do anything. Assigning roles to service accounts dictates what permission they have and what actions they can take.

  • Workplace Role determines what actions the service account can take on workplace-level settings
  • Project Role determines what actions the service account can take on the projects it is assigned to.

To assign a workplace or project role, click the pencil icon to the right of the corresponding scope

For both scopes, clicking the pencil opens a pane where the appropriate role can be selected. As well, you can define an inline role by manually selecting permissions.

Assign a Service Account to a Project

  1. Navigate to project the service account should access
  2. From the left navigation, select Members
  3. In the input under Add Members, search for the service account and select it
  4. It now appears in the table below where the appropriate role and environments can be selected

πŸ‘

Adding service accounts to user groups is coming soon

Create a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Click the + button next to Service Account API Tokens
  3. Enter a name for the token
  4. Copy the token to use later. It will not be shown again

Roll a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Scroll to the Service Account API Tokens table
  3. Locate the token you would like to roll. Click the three-dot menu on the far right, and from the menu, select roll
  4. The new token will only be shown once

Delete a Service Account Token

  1. Navigate to the details page of the service token to create a token for
  2. Scroll to the Service Account API Tokens table
  3. Locate the token you would like to delete. Click the three-dot menu on the far right, and from the menu, select delete