Service accounts

This page describes how create and use Lenses Service Accounts.

Service accounts require an authentication token to be authenticated and must belong to at least one group for authorization.

Service accounts are commonly used for automation, for example, when using Lenses CLI or APIs, or any other application or service to interact with Lenses.

Service account tokens are not recoverable. You can edit, revoke or delete a Service Account, but you can never retrieve the original token.

Creating a service account

To create a new Service Account, navigate to the Admin and select Users and New Service Account.

Authentication token

You can manually enter the authentication token or autogenerate it. If you select to auto-generate tokens, then you will receive a one-time token for this service account. Follow the instructions and copy and store this token. You can now use this token to authenticate via API and CLI.

Editing a service account

You can only change the groups and owner of services accounts. Go to the service account and select Edit Info, from the Actions menu.

Revoking a service account

To change the token, go to the service account and select Revoke Token from the Actions menu.

Using a service account

To use the service account you need to prefix the token with its name separated by a colon. You then include that in the corresponding header.

Example

For a service account named myservice and a token da6bad50-55c8-4ed4-8cad-5ebd54a18e26 then the combination looks like this:

myservice:28ab4195-18cf-426a-abda-c41a451e001a

To use the CLI with a service account for CI/CD you need to pass these options:

lenses-cli topics \
  --token=<service-account-name>:<service-account-token> \
  --host=<lenses-url-host>

# Real Example
lenses-cli topics \
  --token=ci:58d86476-bcc6-47e2-a57e-0c6bbd9c88b9 \
  --host=http://<your-lenses-url>:9991

PreviousUsers NextPermission Reference

Last updated 2 months ago