- StreamNative Platform
- Administer
Work with service accounts
Service accounts are created for automation purposes, such as to authenticate bots that operate on your organization. This document describes how to create, check, authenticate, and delete service accounts using the StreamNative Console.
Create a service account
To create a service account, follow these steps.
On the left navigation pane, click Service Accounts.
Click Create Service Account and a dialog box displays.
Select Super Admin to grant the service account access to a namespace or tenant.
Enter a name for the service account and then click Confirm.
Check service account details
On the left navigation pane, click Service Accounts. Then, you can check the details about the service account.
Field | Description |
---|---|
Name | The name of the service account. |
Token | The token for the service account. |
Organization | The organization where the service account is created. |
Status | The status of the service account. |
Admin | Whether the service account is the Admin role of a namespace or tenant. |
Actions | The actions that can be performed on the service account. |
Authenticate a service account
You can use a token to authenticate a service account. To authenticate service accounts, follow these steps.
On the left navigation pane, click Service Accounts.
Click Generate new token to generate a token for the service account to your local directory.
Then, you can use the token to authenticate the service account when connecting to a Pulsar cluster.
Configure the OIDC token for a service account
StreamNative Platform allows you to set the rotation period, verification period, and Time To Live (TTL) of the OpenID Connect (OIDC) token for a service account.
vault:
component: 'vault'
replicaCount: 3
serviceAccount:
created: true
name: ''
oidcToken:
rotation_period: 24h # --- [1]
verification_ttl: 24h # --- [2]
ttl: 12h # --- [3]
- [1]
rotation_period
: specify how often to generate a new key. By default, it is set to24h
(24 hours). - [2]
verification_ttl
: specify how long the public portion of a key will be available for verification after being rotated. Theverification_ttl
should be greater thanttl
but not greater than 10 times ofrotation_period
. By default, it is set to24h
(24 hours). - [3]
ttl
: specify the TTL for the OIDC token for the service account. By default, it is set to12h
(12 hours).
Delete a service account
To delete a service account, follow these steps.
On the left navigation pane, click Service Accounts.
Click Delete in the Actions column and a dialog box displays.
Click Confirm.