Create a new Venafi Registry service account¶

A Venafi Registry service account retrieves artifacts, including enterprise Kubernetes components, from a Venafi OCI registry.

When using this service account to pull artifacts from a Venafi OCI registry, the service account creation wizard provides commands for creating a secret for Kubernetes or Red Hat OpenShift, along with a Docker Config file.

To create a Venafi OCI Registry service account¶

1. Sign in to Venafi Control Plane.
2. Click Settings > Service Accounts.
3. Click New.
4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Venafi Control Plane components you have licenses for.
5. Enter a Name for your new service account.

6. Select an Owning Team. This team owns the machine you want to create the service account for.

7. (Conditional) Enter the number of days for which you want the account to remain valid in the Validity (days) field. You can select any number from 1 to 365 days. This step doesn't apply when creating a Custom API Integration service account.

8. Select the desired Scope, and click Create. Learn more

9. In the Credentials section, copy and safely store the Venafi OCI registry address as well as the credential Username and Password.

   Important

   Store these authentication credentials securely as they cannot be recovered if lost. This is your only opportunity to copy these authentication credentials.

10. Select the relevant installation option for your system:

    KubernetesRed Hat OpenShiftDocker Config Format

    Note

    You must have kubectl installed on your system to complete the following steps.

    1. From the first text area, copy and run the kubectl create namespace venafi command to create the default namespace.
    2. Next, also from the first text area, copy and run the remaining code for the kubectl apply command to create a secret in Kubernetes.
    3. Copy and use the command in the second text area in this section to update the default Kubernetes service account to use the image pull secret, and enable all workloads in the namespace to use it.

    Note

    You must have the OpenShift CLI tool oc installed on your system to complete the following steps.

    1. From the first text area, copy and run the oc create namespace venafi command to create the default namespace.
    2. Next, also from the first text area, copy and run the remaining code for the oc apply command to create a secret in OpenShift.
    3. Copy and use the command in the second text area in this section to update the default OpenShift service account to use the image pull secret, and enable all workloads in the namespace to use it.

    1. Copy the generated content and save it as venafi_registry_docker_config.json.

11. Click Finish to return to the Service Accounts page.

Related links¶

• Toggling service accounts on or off
• Editing service account settings
• Deleting service accounts
• Overview of service accounts

API Reference

• Reference: Service Account API endpoint
• Reference: creating service accounts
• Reference: regenerate OCI registry token