A service account is one of the principal types of an org that can be granted specific access permissions to perform headless operations against the API.
A service account can be mapped to a cpln profile and execute CLI commands on behalf of that account.
Refer to the Create a Service Account guide for additional details.
The following service accounts are built-in and cannot be modified or deleted:
Service Account Name | Description |
---|---|
controlplane | Built-in service account used by Control Plane to interact with this org's resources |
Using the following CLI command, a profile will be created and mapped to a service account:
copycpln profile create PROFILE_NAME --token GENERATED_KEY
This profile can be set as the default profile by using the command cpln profile set-default PROFILE_NAME
or by using
the CLI option --profile PROFILE_NAME
to override the default when executing a command.
A service account can be associated with one or more keys that are generated by the platform. They are used to authenticate and authorize the service account to the API.
When a new key is created, it will only be displayed and available for download one time.
It cannot be retrieved again. If a key is lost, misplaced, or forgotten, it must be removed and regenerated.
After a new key has been generated and saved, the UI will display the name of the key (which matches the first sixteen characters of the key) and the description entered.
Individual keys can be removed if they are no longer used or have been compromised.
The permissions below are used to define policies together with one or more of the four principal types:
Permission | Description | Implies |
---|---|---|
addKey | Add key to an existing service account | |
create | Create new service accounts | |
delete | Delete service accounts | |
edit | Modify existing resources | view |
manage | Full access | addKey, create, delete, edit, manage, view |
view | Read-only access |
Displays the permissions granted to principals for the service account.
To view the CLI documentation for Service Accounts, click here