Service Accounts
With Garden Cloud you can create service accounts that act as users. These can be e.g. used when running Garden Core from CI and when running Cloud Workflows or Automatic Environment Cleanups.
Start by going to the team page.
Go to team page
From here, click the "Add user" button and check the "Service account" checkbox.
Add user modal
In the screenshot above we've added the service account to the "Developers" group but you can of course choose whatever group has the permission that meet your needs.
In general you should always ensure that users and service accounts don't have more permissions than they need. You can learn more in our guide on roles and permissions.
Once created, you can create secrets for your service account just like for any other user.
To authenticate as the service account when running Garden you need to create an access token.
Click the edit pencil next to the service account to open the "Update user" modal and create the access token.
Make sure to note it down because it's only displayed once.
Creating an access token
Now you can use this access token to authenticate against Garden Cloud when running Garden, e.g. in CI, with the
GARDEN_AUTH_TOKEN environment variable.Note that you should not add the token in plain text to your CI configuration. Instead store it as a secret with your CI provider.
For example, in your CI pipeline, you might run the following command (where
my-auth-token-reference refers to a variable not the plain text value):GARDEN_AUTH_TOKEN=<my-auth-token-reference> garden deploy
You can use service accounts to run Cloud Workflows and AEC jobs.
Simply go the settings page for the given project, click the gear icon for the relevant environment and select the service account.
Use service account for environment
Last modified 5mo ago