Overview
A service account is one of the principal types of an org that can be granted specific access permissions to perform headless operations against the API. A service account can be mapped to a cpln profile and execute CLI commands on behalf of that account.Create a Service Account
Refer to the Create a Service Account guide for additional details.Built-in Service Accounts
The following service accounts are built-in and cannot be modified or deleted:| Service Account Name | Description |
|---|---|
| controlplane | Built-in service account used by Control Plane to interact with this org’s resources |
Map a Service Account with a profile
Using the following CLI command, a profile will be created and mapped to a service account:cpln profile set-default PROFILE_NAME or by using the CLI option --profile PROFILE_NAME to override the default when executing a command.
Service Account Keys
A service account can be associated with one or more keys that are generated by the platform. They are used to authenticate and authorize the service account to the API.When a new key is created, it will only be displayed and available for download one time.It cannot be retrieved again. If a key is lost, misplaced, or forgotten, it must be removed and regenerated.
Permissions
The permissions below are used to define policies together with one or more of the four principal types:| Permission | Description | Implies |
|---|---|---|
| addKey | Add key to an existing service account | |
| create | Create new service accounts | |
| delete | Delete service accounts | |
| edit | Modify existing resources | view |
| manage | Full access | addKey, create, delete, edit, manage, view |
| view | Read-only access |