Service Accounts
This feature is in Beta
Service Accounts are currently in beta. To request access, reach out to support.
A service account is an authorization mechanism that facilitates programmatic access to secrets. Users typically programmatically access secrets through a personal token or CLI token, but this ties any action to that user's identity. In the case of almost all other workloads, the events shouldn't be tied to a user and instead are tied to a service account. Unlike service tokens, service accounts can be assigned to any more of projects.
Requirements
- Team or Enterprise plan
- Admin role or the Manage Service Accounts permission
Overview
A service account consists of roles and tokens.
- Roles define what actions a service account can take on a Doppler projects and workplaces
- A token is the means of authenticating the request. A service account can contain
0..n
tokens
Create a Service Account
- From the left navigation, select Team
- Select the Service Accounts tab
- Click the
+
button

- Name your service account and click Create Service Account
Assign Roles to a Service Account
By default, service accounts do not have roles attached to them and thus can't do anything. Assigning roles to service accounts dictates what permission they have and what actions they can take.
- Workplace Role determines what actions the service account can take on workplace-level settings
- Project Role determines what actions the service account can take on the projects it is assigned to.
To assign a workplace or project role, click the pencil icon to the right of the corresponding scope

For both scopes, clicking the pencil opens a pane where the appropriate role can be selected. As well, you can define an inline role by manually selecting permissions.
Assign a Service Account to a Project
- Navigate to project the service account should access
- From the left navigation, select Members
- In the input under Add Members, search for the service account and select it
- It now appears in the table below where the appropriate role and environments can be selected
Adding service accounts to user groups is coming soon
Create a Service Account Token
- Navigate to the details page of the service token to create a token for
- Click the
+
button next to Service Account API Tokens - Enter a name for the token
- Copy the token to use later. It will not be shown again
Roll a Service Account Token
- Navigate to the details page of the service token to create a token for
- Scroll to the Service Account API Tokens table
- Locate the token you would like to roll. Click the three-dot menu on the far right, and from the menu, select roll
- The new token will only be shown once
Delete a Service Account Token
- Navigate to the details page of the service token to create a token for
- Scroll to the Service Account API Tokens table
- Locate the token you would like to delete. Click the three-dot menu on the far right, and from the menu, select delete
Updated about 8 hours ago