Overview
Service accounts are non-human identities used for automation, CI/CD pipelines, and server-to-server integrations. They provide secure, programmatic access without requiring human authentication.
When to Use Service Accounts
Service accounts are ideal for:
- CI/CD pipelines: Automated builds and deployments
- Backend workers: Background jobs and scheduled tasks
- Microservices: Service-to-service communication
- Automated testing: Integration and end-to-end tests
- Data processing: ETL pipelines and batch jobs
Creating Service Accounts
Service accounts are created at the organization level and can be assigned specific quotas and API keys.
Steps
- Navigate to your organization settings at console.compilelabs.com
- Go to the Service Accounts section
- Click “Create Service Account”
- Provide a descriptive name (e.g., “Production Worker”, “CI/CD Pipeline”)
- Optionally set credit limits and reset periods
- Create API keys for the service account
Example Workflow
- Create a service account named “Production Worker”
- Set a monthly credit limit of $500
- Generate an API key for the service account
- Copy the API key and store it securely (you won’t be able to see it again)
- Use the API key in your application’s environment variables
- Monitor usage and adjust limits as needed
Best Practices
Naming
Use descriptive names that indicate the service account’s purpose:
- ✅ “Production Worker”
- ✅ “CI/CD Pipeline”
- ✅ “Data Processing Bot”
- ❌ “SA1”
- ❌ “Test”
Quotas
Set appropriate credit limits for automated workloads:
- Consider expected usage patterns
- Factor in peak load scenarios
- Review and adjust regularly
API Key Management
- Multiple Keys: Create separate API keys for different environments (dev, staging, production)
- Rotation: Regularly rotate API keys for security
- Naming: Name keys descriptively (e.g., “Production API Key - Backend Service”)
- Limits: Set per-key quotas for granular control
Security
- Never commit API keys to version control
- Use environment variables or secret management systems
- Monitor usage for unexpected patterns
- Disable unused keys immediately
Service Account Management
Service accounts can be managed throughout their lifecycle through the dashboard:
Update a Service Account
To modify a service account:
- Navigate to the Service Accounts section in your organization settings
- Click on the service account you want to modify
- Update the name, credit limit, or reset period
- Save your changes
Managing API Keys
To create API keys for a service account:
- Navigate to the service account’s detail page
- Click “Create API Key”
- Provide a descriptive name for the key
- Optionally set credit limits and reset periods
- Copy the API key immediately (it won’t be shown again)
- Store it securely in your environment variables or secret management system
To view API keys:
- API keys are listed on the service account detail page
- Each key shows its name, creation date, and current status
- You can disable or delete keys from this page
Delete a Service Account
To remove a service account:
- Navigate to the Service Accounts section
- Select the service account you want to delete
- Click the delete button
- Confirm the deletion
Deleting a service account will also delete all associated API keys. Make sure you have backups of any keys you need.
Usage Tracking
Track service account usage through your dashboard:
- Monitor credit usage by service account
- View API key usage within each service account
- Set up alerts for quota warnings
- Review historical usage patterns
Service Account vs User
| Feature | Service Account | User |
|---|
| Authentication | API keys only | Username/password, 2FA |
| Purpose | Automation | Human interaction |
| Dashboard access | No | Yes |
| Quota inheritance | Service account → Org | Member → Org |
| Use case | CI/CD, workers, bots | Interactive apps, dashboards |
Next Steps
