Service Accounts
A service account is an authorization mechanism that facilitates programmatic access to secrets. Users typically programmatically access secrets through a personal token or CLI token, but this ties any action to that user's identity. In the case of almost all other workloads, the events shouldn't be tied to a user and instead are tied to a service account. Unlike service tokens, service accounts can be assigned to multiple projects and granted access at the workplace-level.
Service Accounts requires an upgraded subscription
Service accounts is available with our Team and Enterprise plans. View our plans or book a demo for more details.
Requirements
- Team or Enterprise plan
- Admin role or the Manage Service Accounts permission
Overview
A service account consists of a workplace role, project access, and tokens.
- The workplace role defines actions the service account can take at the workplace-level
- Project access grants the service account access to projects and environments
- A token is the means of authenticating the request. A service account can contain
0..n
tokens
Create a Service Account
- From the left navigation, select Team
- Select the Service Accounts tab
- Click the
+
button
- Name your service account and click Create Service Account
By default, service accounts do not have a workplace role or any project access granted to them and thus can't do anything until access is granted.
Assign a Workplace Role to a Service Account
To assign a workplace or project role, click the pencil icon to the right of the corresponding scope
Clicking the pencil opens a pane where the appropriate role can be selected. As well, you can define an inline role by manually selecting permissions.
Assign a Service Account to a Project
- Navigate to project the service account should access
- From the left navigation, select Members
- In the input under Add Members, search for the service account and select it
- It now appears in the table below where the appropriate role and environments can be selected
Adding service accounts to user groups is coming soon
Create a Service Account Token
- Navigate to the details page of the service token to create a token for
- Click the
+
button next to Service Account API Tokens - Enter a name for the token
- Copy the token to use later. It will not be shown again
Roll a Service Account Token
- Navigate to the details page of the service token to create a token for
- Scroll to the Service Account API Tokens table
- Locate the token you would like to roll. Click the three-dot menu on the far right, and from the menu, select roll
- The new token will only be shown once
Delete a Service Account Token
- Navigate to the details page of the service token to create a token for
- Scroll to the Service Account API Tokens table
- Locate the token you would like to delete. Click the three-dot menu on the far right, and from the menu, select delete
Updated about 1 year ago