Service Accounts

This page describes Service account in Lenses.

Service accounts are intended for programmatic access to Lenses.

Service accounts are assigned to groups. The groups inherit permissions from the roles assigned to the groups.

Each service account has a key that is used to authenticate and identify the service account.

In addition you can set:

Description
Resource name - Must be unique across Lenses.
Key expiry
Regenerate the key

Key expiry can be 7, 30, 60, 90 days, 1 year or a custom expiration or no expiration at all.

Creating a Service Account

To Create Service Account go to IAM->Service Accounts->New Service Account, once created you can then assign service accounts to groups.

You can also manage Users via the CLI and YAML, for integration in your CI/CD pipelines.

terminal

➜  hq service-accounts
Manage ServiceAccounts.

Usage:
  hq service-accounts [command]

Aliases:
  service-accounts, sa

Available Commands:
  create      Creates a new ServiceAccount.
  delete      Deletes a ServiceAccount.
  get         Returns a specific ServiceAccount.
  list        Returns all ServiceAccounts.
  metadata    Manages service-account metadata.
  renew-token Renews the service account's token. The current token is invalidated and a new one is generated. An optional expiration timestamp can be provided.
  set-groups  Assigns the given service account exactly to the provided groups, ensuring they are not part of any other groups.
  update      Updates a service account.

API Calls

When interacting with Lenses via APIs set the service account token as in the header:

"Authorization": "Bearer sa_token"

PreviousRoles NextIAM Reference

Last updated 10 months ago

Was this helpful?