A service account is one of the principal types of an org that can be granted specific access permissions to perform headless operations against the API.

A service account can be mapped to a cpln profile and execute CLI commands on behalf of that account.

Create a Service Account

Refer to the Create a Service Account guide for additional details.

Built-in Service Accounts

The following service accounts are built-in and cannot be modified or deleted:

Service Account NameDescription
controlplaneBuilt-in service account used by Control Plane to interact with this org’s resources

Map a Service Account with a profile

Using the following CLI command, a profile will be created and mapped to a service account:

cpln profile create PROFILE_NAME --token GENERATED_KEY

This profile can be set as the default profile by using the command cpln profile set-default PROFILE_NAME or by using the CLI option --profile PROFILE_NAME to override the default when executing a command.

Service Account Keys

A service account can be associated with one or more keys that are generated by the platform. They are used to authenticate and authorize the service account to the API.

When a new key is created, it will only be displayed and available for download one time.

It cannot be retrieved again. If a key is lost, misplaced, or forgotten, it must be removed and regenerated.

After a new key has been generated and saved, the UI will display the name of the key (which matches the first sixteen characters of the key) and the description entered.

Individual keys can be removed if they are no longer used or have been compromised.


The permissions below are used to define policies together with one or more of the four principal types:

addKeyAdd key to an existing service account
createCreate new service accounts
deleteDelete service accounts
editModify existing resourcesview
manageFull accessaddKey, create, delete, edit, manage, view
viewRead-only access

Access Report

Displays the permissions granted to principals for the service account.


To view the CLI documentation for Service Accounts, click here.