Service Account
Overview
A service account is one of the principal types of an org that can be granted specific access permissions to perform headless operations against the API.
A service account can be mapped to a cpln profile and execute CLI commands on behalf of that account.
Create a Service Account
Refer to the Create a Service Account guide for additional details.
Built-in Service Accounts
The following service accounts are built-in and cannot be modified or deleted:
| Service Account Name | Description |
|---|---|
| controlplane | Built-in service account used by Control Plane to interact with this org's resources |
Map a Service Account with a profile
Using the following CLI command, a profile will be created and mapped to a service account:
copycpln profile create PROFILE_NAME --token GENERATED_KEY
This profile can be set as the default profile by using the command cpln profile set-default PROFILE_NAME or by using
the CLI option --profile PROFILE_NAME to override the default when executing a command.
Service Account Keys
A service account can be associated with one or more keys that are generated by the platform. They are used to authenticate and authorize the service account to the API.
When a new key is created, it will only be displayed and available for download one time.
It cannot be retrieved again. If a key is lost, misplaced, or forgotten, it must be removed and regenerated.
After a new key has been generated and saved, the UI will display the name of the key (which matches the first sixteen characters of the key) and the description entered.
Individual keys can be removed if they are no longer used or have been compromised.
Permissions
The permissions below are used to define policies together with one or more of the four principal types:
| Permission | Description | Implies |
|---|---|---|
| addKey | Add key to an existing service account | |
| create | Create new service accounts | |
| delete | Delete service accounts | |
| edit | Modify existing resources | view |
| manage | Full access | addKey, create, delete, edit, manage, view |
| view | Read-only access |
Access Report
Displays the permissions granted to principals for the service account.
CLI
To view the CLI documentation for Service Accounts, click here.