Secrets ManagerYour Secrets

Service Accounts

Service accounts represent non-human machine users, like applications or deployment pipelines, that require programmatic access to a discrete set of secrets. Service accounts are used to:

  • Appropriately scope the selection of secrets a machine user has access to.

  • Issue access tokens to facilitate programmatic access to, and the ability to decrypt, edit, and create secrets.

Secrets that your user account has access to are listed in the primary Secrets Manager view as well as by selecting Service accounts from the navigation:

Service accounts
Service accounts

Opening a service account will list the Secrets and People the service account has access to, as well as any generated Access tokens:

Inside a service account
Inside a service account

Create a service account

On your organization's Subscription page you are able to assign the number of service accounts available for use in your organization. For additional information regarding your available service accounts, and service account scaling, see here.

To create a new service account:

  1. Use the New dropdown to select Service account:

    New service account
    New service account
  2. Enter a Service account name and select Save.

  3. Open the service account and, in the Projects tab, type or select the name of the project(s) that this service account should be able to access. For each added project, select a level of Permissions:

    • Can read: Service account can retrieve secrets from assigned projects.

    • Can read, write: Service account can retrieve and edit secrets from assigned projects, create new secrets in assigned projects, or create new projects altogether.

Tipp

Fully utilizing write access for service accounts is dependent on a forthcoming CLI release. For now, this simply makes the option available in the UI. Stay tuned to the Release Notes for more information.

Add people to a service account

Adding organization members to a service account will allow those people to generate access tokens for the service account and interact with all secrets the service account has access to. To add people to your service account:

  1. In the service account, select the People tab.

  2. From the people dropdown, type or select the members or groups to add to the project. Once you've selected the right people, select the Add button:

    Add people to a service account
    Add people to a service account

Add projects to a service account

Adding projects to a service account will allow programmatic access to included secrets using access tokens. You can add both new and existing projects to a service account:

To add existing projects to your service account:

  1. In the service account, select the Projects tab.

  2. From the Projects dropdown, type or select the project(s) to add to the service account. Once you've chosen the right projects, select the Add button:

    Add a project
    Add a project
  3. Open the service account and, in the Projects tab, type or select the name of the project(s) that this service account should be able to access. For each added project, select a level of Permissions:

    • Can read: Service account can retrieve secrets from assigned projects.

    • Can read, write: Service account can retrieve and edit secrets from assigned projects, as well as create new secrets in assigned projects or create new projects.

To add a new service account for this project:

  1. Use the New dropdown to select Service account:

    New service account
    New service account
  2. Enter a Service account name and select Save.

  3. Open the service account and, in the Projects section, use the dropdown to type or select the project(s) to add to the service account. Once you've chosen the right projects, select the Add button:

    Add a project
    Add a project
  4. Open the service account and, in the Projects tab, type or select the name of the project(s) that this service account should be able to access. For each added project, select a level of Permissions:

    • Can read: Service account can retrieve secrets from assigned projects.

    • Can read, write: Service account can retrieve and edit secrets from assigned projects, as well as create new secrets in assigned projects or create new projects.

Delete a service account

To delete a service account, use the () options menu for the service account to delete to select Delete service account. Deleting a service account will not delete the secrets associated with it. Service accounts are fully removed once deleted and do not get sent to the trash like secrets do.

Service account events

Timestamped records of actions taken with each service account are available from the service account's Event logs tab:

Service account events
Service account events

Any user that has access to a given service account will be able to view events for that service account. Events that are captured include:

  • Accessed secret secret-identifier. (2100)

Hinweis

Each Event is associated with type code (1000, 1001, etc.) that identifies the action captured by the event. Type codes are used by the Bitwarden Public API to identify the action documented by an event.

Event logs are exportable and are retained indefinitely. Exporting events will create a .csv of all events within the specified date range, which should not exceed 367 days.

Make a Suggestion to this Article...*
Email (optional)

Kontaktieren Sie unser Team vom Kundendienst

Für technische Fragen und bei Fragen zu Rechnungen, Produkten und Familien/Premium-Tarifen.

Name*
E-Mail-Adresse Ihres Bitwarden-Kontos*
Verify account email*
Product*
Are you self-hosting?*
Betreff*
Nachricht...*

Cloud-Status

Check status

© 2023 Bitwarden, Inc.NutzungsbedingungenDatenschutzerklärungSitemap
Diese Website ist auf Deutsch verfügbar.
Go to EnglishStay Here