- StreamNative Console
Work with service accounts
Service accounts are created for automation purposes, such as to authenticate bots that operate on your organization.
Create a service account
Note
Currently, you can't edit a service account. If you need a service account to have Super Admin access, make sure to enable it when creating the service account. By default, service accounts do not have Super Admin enabled.
To create a service account, follow these steps.
On the left navigation pane, click Service Accounts.
Click Create Service Account.
(Optional) Select Super Admin to grant the service account with Super admin access to a namespace or tenant.
Enter a name for the service account, and then click Confirm.
Check service account details
After you have created a service account, you can check the details of the account.
- On the left navigation pane, click Service Accounts. The Service Accounts page displays all of the created service accounts.
The table below describes the details that you can view about the service account.
| Item | Description |
|---|---|
| Name | The name of the service account. |
| Token | The token for the service account. |
| Organization | The organization that the service account was created in. |
| Status | The status of the service account. |
| Admin | Whether the service account has Super Admin enabled or not. |
| ... | Click the ellipsis to display the delete icon. |
Get a service account token
The token is used for authentication. Tokens are only valid for seven days. When a token expires, you need to generate a new token for authentication.
Note
- Before getting the token of a service account, verify that the service account is authorized as a superuser or an admin of the tenants and namespaces.
- A token has a system-defined Time-To-Live (TTL) of 7 days. Before a token expires, ensure that you generate a new token for your service account.
To get a token using the StreamNative Console, follow these steps.
On the left navigation pane, click Service Accounts.
In the row of the service account you want to use, in the Token column, click Generate new token, then click the Copy icon to copy the token to your clipboard.
Delete a service account
To delete a service account, follow these steps.
On the left navigation pane, click Service Accounts.
Click the ellipsis at the end of the row of the service account you want to delete, and then select Delete.
On the dialog box asking, Are you sure you want to delete this service account?, click Confirm.
Configure the OIDC token for a service account
StreamNative Platform allows you to set the rotation period, verification period, and Time To Live (TTL) of the OpenID Connect (OIDC) token for a service account.
vault:
component: 'vault'
replicaCount: 3
serviceAccount:
created: true
name: ''
oidcToken:
rotation_period: 24h # --- [1]
verification_ttl: 24h # --- [2]
ttl: 12h # --- [3]
- [1]
rotation_period: specify how often to generate a new key. By default, it is set to24h(24 hours). - [2]
verification_ttl: specify how long the public portion of a key will be available for verification after being rotated. Theverification_ttlshould be greater thanttlbut not greater than 10 times ofrotation_period. By default, it is set to24h(24 hours). - [3]
ttl: specify the TTL for the OIDC token for the service account. By default, it is set to12h(12 hours).