Service Account Setup
Service accounts allow trusted platform services to authenticate without a human user. They are intended for platform components and approved backend integrations.
When to Use a Service Account
Section titled “When to Use a Service Account”Use a service account when a platform service must call another platform service as part of normal operations. Use a user API key when a customer-managed integration should be accountable to a user or integration owner.
Setup Responsibilities
Section titled “Setup Responsibilities”Operators are responsible for configuring service accounts, storing service-account secrets, rotating credentials, and limiting where those credentials can be used.
Service-account setup should be part of deployment operations, not an ad hoc user workflow.
Validation
Section titled “Validation”After setup, confirm the service account can perform only the workflow it was created for. If a service account fails, check its configured secret, service name, role expectations, and Auth Service health.
Security Guidance
Section titled “Security Guidance”Store service-account credentials in the deployment secret system. Do not reuse service-account secrets across unrelated integrations, and rotate credentials after suspected exposure.