Skip to content

Service Accounts

Used for programmatic access to TruEra APIs, service accounts:

  • automate recurring and/or scheduled tasks
  • provide indefinite authentication for long-running processes.

Service accounts DO NOT:

  • provide access to the UI
  • replace user credentials in user workflows.

Note

Service accounts are supported in deployments with Keycloak enabled only, and only the Admin role is permitted to create/refresh/delete service accounts.

Creating a Service Account

Service accounts can be created via the UI at http://<your-truera-deployment-url>/service-accounts.

A service account can also be created by the API with a POST request to /api/rbac/user/service-account. For additional details, including service account naming, see API Admin Service.

Either method will result in new service account credentials, consisting of a client_id and a client_secret. Please keep these credentials safe, as the secret will not be available anytime else.

Using Service Account Credentials

Select the tab below appropriate for your environment.

EA/BETA users only: see Authentication.

TRUERA_URL = "<TRUERA_URL>"
SERVICE_ACCOUNT_CLIENT_ID = "<CLIENT_ID>"
SERVICE_ACCOUNT_CLIENT_SECRET = "<CLIENT_SECRET>"

from truera.client.truera_workspace import TrueraWorkspace
from truera.client.truera_authentication import ServiceAccountAuthentication

auth = ServiceAccountAuthentication
(
  SERVICE_ACCOUNT_CLIENT_ID,
  SERVICE_ACCOUNT_CLIENT_SECRET
)
tru = TrueraWorkspace(TRUERA_URL, auth)

Refresh Service Sccount Credentials

To receive new credentials for a service account:

  1. Refresh the service credentials via the UI, or
  2. Make a POST request to /api/rbac/user/service-account/<client_id>/refresh.

Caution

Once refreshed/replaced, previous credentials for the service account will no longer work.

Delete Service Account

Service accounts can be deleted via the Web App or by making a DELETE call to /api/rbac/user/service-account/<client_id>.