Skip to content

Create a TLS Protect Datacenter service account


If you do not see this option in the Venafi Control Plane UI, please contact your Venafi sales representative for information on the correct Venafi Control Plane tier subscription you need.

To create a TLS Protect Datacenter service account

  1. Sign in to Venafi Control Plane.
  2. Click Settings > Service Accounts.
  3. Click New.
  4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Venafi Control Plane components you have licenses for.
  5. Enter a Name for your new service account.
  6. Select an Owning Team. This team owns the machine you want to create the service account for.

  7. Select the desired Scope, and click Continue. Learn more

  1. If you have not done so already, use the terminal on your computer to generate the public/private keypair that your service will employ using ECDSA P-521 by issuing the following commands:

    # Generate a private key
    openssl ecparam -name secp521r1 -genkey -noout -out venafi-service-account-private.pem
    # Generate the public key for it
    openssl ec -in venafi-service-account-private.pem -pubout -out venafi-service-account-public.pem
    # Print the public key
    cat venafi-service-account-public.pem
  2. In the Credentials section, paste the public key corresponding to the private key that your service will use into the Public Key in PEM format field, and then click Finish to create the service account and return to the Service Accounts page.

API Reference