Service accounts are machine identities designed for automated processes and applications. Unlike human users, service accounts authenticate via API keys and are intended for programmatic access.Documentation Index
Fetch the complete documentation index at: https://docs.bytebase.com/llms.txt
Use this file to discover all available pages before exploring further.
Workspace vs Project Level
Service accounts can be created at two levels:- Workspace level — Has access governed by workspace IAM policies. Suitable for cross-project automation.
- Project level — Scoped to a single project, following the principle of least privilege. Suitable for isolated automation within one project.
Create a Service Account
- For workspace-level: go to IAM & Admin > Service Accounts tab and click Add Service Account.
- For project-level: go to Project > Manage > Service Accounts and click Add Service Account.
Service accounts cannot be part of user groups. Since service accounts are for automated processes with specific access needs, including them in groups could grant unintended permissions. This is considered an anti-pattern.
Service Account vs Workload Identity
| Service Account | Workload Identity | |
|---|---|---|
| Credential | Long-lived API key | Short-lived OIDC token |
| Best for | Scripts, Terraform, general API access | CI/CD pipelines (GitHub Actions, GitLab CI) |
| Security | Key must be stored as a secret | No secrets to manage |