Work with service accounts

Service accounts are created for automation purposes, such as to authenticate bots that operate on your organization. This document describes how to create, check, authenticate, and delete service accounts using the StreamNative Console.

Create a service account

To create a service account, follow these steps.

On the left navigation pane, click Service Accounts.
Click Create Service Account and a dialog box displays.
Select Super Admin to grant the service account access to a namespace or tenant.
Enter a name for the service account and then click Confirm.

Check service account details

On the left navigation pane, click Service Accounts. Then, you can check the details about the service account.

Field	Description
Name	The name of the service account.
Token	The token for the service account.
Organization	The organization where the service account is created.
Status	The status of the service account.
Admin	Whether the service account is the Admin role of a namespace or tenant.
Actions	The actions that can be performed on the service account.

Authenticate a service account

You can use a token to authenticate a service account. To authenticate service accounts, follow these steps.

On the left navigation pane, click Service Accounts.
Click Generate new token to generate a token for the service account to your local directory.

Then, you can use the token to authenticate the service account when connecting to a Pulsar cluster.

Configure the OIDC token for a service account

StreamNative Platform allows you to set the rotation period, verification period, and Time To Live (TTL) of the OpenID Connect (OIDC) token for a service account.

vault:
  component: 'vault'
  replicaCount: 3
  serviceAccount:
    created: true
    name: ''
  oidcToken:
    rotation_period: 24h # --- [1]
    verification_ttl: 24h # --- [2]
    ttl: 12h # --- [3]

[1] rotation_period: specify how often to generate a new key. By default, it is set to 24h (24 hours).
[2] verification_ttl: specify how long the public portion of a key will be available for verification after being rotated. The verification_ttl should be greater than ttl but not greater than 10 times of rotation_period. By default, it is set to 24h (24 hours).
[3] ttl: specify the TTL for the OIDC token for the service account. By default, it is set to 12h (12 hours).

Delete a service account

To delete a service account, follow these steps.

On the left navigation pane, click Service Accounts.
Click Delete in the Actions column and a dialog box displays.
Click Confirm.