Secrets ManagerYour Secrets

Service Accounts

Service accounts represent non-human machine users, like applications or deployment pipelines, that require programmatic access to a discreet set of secrets. Service accounts are used to:

  • Appropriately scope the selection of secrets a machine user has access to.

  • Issue access tokens to facilitate programmatic access to, and the ability to decrypt, secrets.

Secrets that your user account has access to are listed in the primary Secrets Manager view as well as by selecting Service accounts from the navigation:

Service accounts |
Service accounts

Opening a service account will list the Secrets and People the service account has access to, as well as any generated Access tokens:

Inside a service account |
Inside a service account

Create a service account

To create a new service account:

  1. Use the New dropdown to select Service account:

    New service account |
    New service account
  2. Enter a Service account name and, in the Access section, type or select the name of the project(s) that this service account should be able to access.

備考

For the beta, service accounts will be restricted to read-only access to projects.

Add people to a service account

Adding organization members to a service account will allow those people to generate access tokens for the service account and interact with all secrets the service account has access to. To add people to your service account:

  1. In the service account, select the People tab.

  2. From the people dropdown, type or select the members or groups to add to the project. Once you've selected the right people, select the Add button:

    Add people to a service account |
    Add people to a service account

During the beta, all members will be given Can read, write access to a service account and associated secrets when assigned.

Add projects to a service account

Adding projects to a service account will allow programmatic access to included secrets using access tokens. You can add both new and existing projects to a service account:

To add existing projects to your service account:

  1. In the service account, select the Projects tab.

  2. From the Projects dropdown, type or select the project(s) to add to the service account. Once you've chosen the right projects, select the Add button:

    Add a project |
    Add a project

備考

For the beta, service accounts will be restricted to read-only access to projects.

To add a new service account for this project:

  1. Use the New dropdown to select Service account:

    New service account |
    New service account
  2. Enter a Service account name and, in the Access section, type or select the name of the project(s) that this service account should be able to access.

備考

For the beta, service accounts will be restricted to read-only access to projects.

Delete a service account

To delete a service account, use the () options menu for the service account to delete to select Delete service account. Deleting a service account will not delete the secrets associated with it. Service accounts are fully removed once deleted and do not get sent to the trash like secrets do.