Skip to content

Service Account Setup

Service accounts allow trusted platform services to authenticate without a human user. They are intended for platform components and approved backend integrations.

Use a service account when a platform service must call another platform service as part of normal operations. Use a user API key when a customer-managed integration should be accountable to a user or integration owner.

Operators are responsible for configuring service accounts, storing service-account secrets, rotating credentials, and limiting where those credentials can be used.

Service-account setup should be part of deployment operations, not an ad hoc user workflow.

After setup, confirm the service account can perform only the workflow it was created for. If a service account fails, check its configured secret, service name, role expectations, and Auth Service health.

Store service-account credentials in the deployment secret system. Do not reuse service-account secrets across unrelated integrations, and rotate credentials after suspected exposure.