Skip to content

Create a Firefly or Kubernetes service account

Both Firefly and Kubernetes Agent service accounts are used to connect your Venafi Firefly instance or Kubernetes Agent with Venafi Control Plane. In both cases, the connection relies on user-generated key pairs rather than passwords. When you create either type of service account, you use your public key.

Before you get started

Before you create a Firefly or Kubernetes service account, review and complete the following:

  • (Conditional) If you plan to provide your own keypair, generate your own keypair and be ready to upload the public key when you're prompted.

    For your public key to be valid, it must be in PEM format and no longer than 2000 characters. The supported key algorithms are:

    - RSA in 2048, 3072, or 4096 key lengths
- ECDSA: P256, P384, or P521
- EDDSA: ED25519

To create a Firefly or Kubernetes service account

  1. Sign in to Venafi Control Plane.
  2. Click Settings > Service Accounts.
  3. Click New.
  4. Choose the desired use case from the Use case list, and click Continue. The use cases available for you to choose depend on which Venafi Control Plane components you have licenses for.
  5. Enter a Name for your new service account.

  6. Select an Owning Team. This team owns the machine you want to create the service account for.

  7. (Conditional) Enter the number of days for which you want the account to remain valid in the Validity (days) field. You can select any number from 1 to 365 days. This step doesn't apply when creating a Custom API Integration service account.

  8. Select the desired Scope, and click Continue. Learn more

  9. Select one of the following key generation options as required:

    1. Click the Auto-generate a keypair and download the private key radio button, and click Create.

    2. In the Credentials section, copy the public and private keys.

      Important

      Copy and store this private key securely as it cannot be recovered if lost. This is your only opportunity to copy this private key.

      Or:

    3. Click the Generate your own keypair and upload the public key radio button, and click Continue.

    4. In the Credentials section, provide the public key corresponding to the private key that your service will use. For your public key to be valid, it must be in PEM format and no longer than 2000 characters. The supported key algorithms are:

      • RSA in 2048, 3072, or 4096 key lengths
      • ECDSA: P256, P384, or P521
      • EDDSA: ED25519

  10. Click Finish to create the service account and return to the Service Accounts page.

API Reference