Skip to content

Overview: Service Accounts

Use service accounts to authenticate and manage access for non-user accounts such as APIs, applications, and services, collectively referred to collectively as machines.

These accounts are designed to provide a secure and efficient way to handle machine-based interactions without the need for traditional user credentials.

Types of service accounts

When setting up a new service account, you can select from several predefined use cases, each tailored to specific operational needs within the Venafi environment.

Example use case

Using service accounts instead of user accounts to authenticate helps you maintain access to machines previously managed by employees who leave your organization.

Suppose you had a colleague named Jones who managed your Firefly deployments and another application running on AWS. Jones used his own user accounts (usernames and passwords) to authenticate to those machines. But he decides to move to another team.

After Jones leaves, nobody on your team can authenticate to Jones' machines. However, if Jones had set up service accounts before he left the organization, you and your team would have had uninterrupted access.

Here's a brief overview of each available service accounts:


  • Purpose: Connect a Firefly instance to Venafi Control Plane.
  • Use case: Ideal for scenarios where a dedicated Firefly application needs secure and continuous interaction with Venafi Control Plane without manual authentication.

Kubernetes Agent

  • Purpose: Facilitate secure connection between Venafi Kubernetes agents and Venafi Control Plane.
  • Use case: Used primarily in environments where Kubernetes clusters must autonomously verify and manage certificates or configurations directly through Venafi Control Plane.

Venafi Registry

  • Purpose: Retrieve artifacts like enterprise Kubernetes components from the Venafi OCI registry.
  • Use case: Essential for automated systems that require frequent access to update or pull configurations and components from the registry without human intervention.

Custom API Integration

  • Purpose: Securely authenticate with Venafi Control Plane APIs using Workload Identity Federation.
  • Use case: Supports scenarios where machines require a scalable and secure authentication mechanism to access APIs without traditional API keys. Learn more

Creating service accounts

Creating a service account involves a few straightforward steps:

  1. Select the use case: Choose the type of service account based on your desired use case.
  2. Configure details: Provide necessary details specific to the chosen service account type.
  3. Set credentials: Depending on the service account, you might need to supply credentials like API keys or configure token-based authentication.

To get started, select the service account that best matches your use case:

Not sure which one to use? Learn more

API Reference