Service Accounts

This page describes service accounts in Lenses.

Service accounts are intended for programmatic access to Lenses.

Service accounts are assigned to groups. The groups inherit permissions from the roles assigned to the groups.

Each service account has a token used to authenticate and identify it.

You can also set:

Description
Resource name (must be unique across Lenses)
Token expiry
Regenerate the token

Token expiry can be 7, 30, 60, 90 days, 1 year, a custom expiry, or no expiry.

Create a Service Account

To create a service account, go to IAM → Service Accounts → New Service Account. After creation, assign the service account to one or more groups.

You can also manage service accounts via the CLI and YAML, for CI/CD automation.

terminal

➜  hq service-accounts
Manage ServiceAccounts.

Usage:
  hq service-accounts [command]

Aliases:
  service-accounts, sa

Available Commands:
  create      Creates a new ServiceAccount.
  delete      Deletes a ServiceAccount.
  get         Returns a specific ServiceAccount.
  list        Returns all ServiceAccounts.
  metadata    Manages service-account metadata.
  renew-token Renews the service account's token. The current token is invalidated and a new one is generated. An optional expiration timestamp can be provided.
  set-groups  Assigns the given service account exactly to the provided groups, ensuring they are not part of any other groups.
  update      Updates a service account.

API Calls

When calling the Lenses APIs, send the service account token in the Authorization header:

Authorization: Bearer <service_account_token>

PreviousRoles NextIAM Reference

Last updated 1 day ago

Was this helpful?

Good evening

hashtagCreate a Service Account

hashtagAPI Calls

Create a Service Account

API Calls