Service Accounts
Available on: Enterprise Edition
Manage Service Accounts in Kestra.
This feature requires a commercial license.
To create a new service account, go to the Service Accounts page under the Administration section and click on the Create button. Fill in the form with the required information including the name and description, and click Save:
Once you have created a service account, you can add a Role that will grant the service account permissions to specific resources. To do this, click on the Add button and select the role you want to assign to the service account.
Finally, you can generate an API token for the service account by clicking on the Create button. This will generate a token that you can use to authenticate the service account with Kestra from external applications such as CI/CD pipelines (e.g. in Terraform provider configuration or GitHub Actions secrets).
Note how you can configure the token to expire after a certain period of time, or to never expire. Also, there is a toggle called Extended that will automatically prolong the token's expiration date by the specified number of days (Max Age) if the token is actively used. That toggle is disabled by default.
Once you confirm the API token creation via the Generate button, the token will be generated and displayed in the UI. Make sure to copy the token and store it in a secure location as it will not be displayed again.
Note that you can create an API token also as a regular User. While Service Accounts are generally recommended for programmatic API access to Kestra from CI/CD or other external applications, often it's useful to create an API token for a regular user, so that programmatic actions performed by that user can be tracked and audited.
Was this page helpful?