LogoLogo
WebsiteGarden Core
Main
Main
  • Welcome!
  • 🌳Getting Started
    • Adding Your First Project
  • 🌺Features
    • Live Mode
    • Insights
    • Secrets
    • One-click Preview Environments
    • Automatic Environment Cleanup
    • User Groups, Roles and Permissions
    • Cloud Workflows
    • Service Accounts
    • Cloud Builder
  • 🌿Guides
    • Setting Up a GitHub App
    • Setting Up a GitLab App
    • Authenticating to Cloud Providers
    • Authentication via SAML
  • 💐Cloud
    • Requirements
  • 🌻Enterprise (Self-Hosted)
    • Requirements
    • Installation
    • Updating Garden Enterprise
    • Vault
    • PostgreSQL Configuration
    • Creating KMS Keys
    • Creating an AWS Load Balancer
    • Monitoring Services
    • Environment Configuration
    • Updating the Admin Console
  • 🌹Misc
    • Release Notes
    • FAQ
    • Troubleshooting
Powered by GitBook
On this page
  • Creating a service account
  • Creating an access token
  • Cloud Workflows and Automatic Environment Cleanup

Was this helpful?

  1. Features

Service Accounts

PreviousCloud WorkflowsNextCloud Builder

Last updated 2 years ago

Was this helpful?

With Garden Cloud you can create service accounts that act as users. These can be e.g. used when running Garden Core from CI and when or .

Creating a service account

Start by going to the team page.

From here, click the "Add user" button and check the "Service account" checkbox.

In the screenshot above we've added the service account to the "Developers" group but you can of course choose whatever group has the permission that meet your needs.

Once created, you can create secrets for your service account just like for any other user.

Creating an access token

To authenticate as the service account when running Garden you need to create an access token.

Click the edit pencil next to the service account to open the "Update user" modal and create the access token.

Make sure to note it down because it's only displayed once.

Now you can use this access token to authenticate against Garden Cloud when running Garden, e.g. in CI, with the GARDEN_AUTH_TOKEN environment variable.

Note that you should not add the token in plain text to your CI configuration. Instead store it as a secret with your CI provider.

For example, in your CI pipeline, you might run the following command (where my-auth-token-reference refers to a variable not the plain text value):

GARDEN_AUTH_TOKEN=<my-auth-token-reference> garden deploy

Cloud Workflows and Automatic Environment Cleanup

You can use service accounts to run Cloud Workflows and AEC jobs.

Simply go the settings page for the given project, click the gear icon for the relevant environment and select the service account.

In general you should always ensure that users and service accounts don't have more permissions than they need. You can learn more in our .

🌺
guide on roles and permissions
running Cloud Workflows
Automatic Environment Cleanups
Go to team page
Add user modal
Creating an access token
Use service account for environment