[{"data":1,"prerenderedAt":275},["ShallowReactive",2],{"term-s\u002Fservice-account":3,"related-s\u002Fservice-account":250},{"id":4,"title":5,"acronym":6,"body":7,"category":228,"description":229,"difficulty":230,"extension":231,"letter":232,"meta":233,"navigation":234,"path":235,"related":236,"seo":244,"sitemap":245,"stem":248,"subcategory":6,"__hash__":249},"terms\u002Fterms\u002Fs\u002Fservice-account.md","Service Account",null,{"type":8,"value":9,"toc":222},"minimark",[10,15,19,23,26,30,211,215,218],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"A service account is a special non-human account that your app or service uses to authenticate with cloud APIs. Instead of using your personal login in your code (terrifying), you create a service account with only the permissions the app needs. It's like giving your app its own ID card with limited access.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"A service account is an identity used by applications, VMs, or services — not humans — to authenticate with cloud APIs and access resources. In GCP, they're first-class identities with JSON key files or workload identity federation. In AWS, IAM roles are used instead of service accounts. Principle of least privilege applies.",[11,27,29],{"id":28},"show-me-the-code","Show Me The Code",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","\u002F\u002F GCP — authenticate with a service account\nimport { GoogleAuth } from 'google-auth-library';\nconst auth = new GoogleAuth({\n  keyFilename: '.\u002Fservice-account.json',\n  scopes: ['https:\u002F\u002Fwww.googleapis.com\u002Fauth\u002Fcloud-platform']\n});\nconst client = await auth.getClient();\nconst token = await client.getAccessToken();\n","javascript","",[38,39,40,49,83,108,128,149,160,187],"code",{"__ignoreMap":36},[41,42,45],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"sHwdD","\u002F\u002F GCP — authenticate with a service account\n",[41,50,52,56,60,64,67,70,73,77,80],{"class":43,"line":51},2,[41,53,55],{"class":54},"s7zQu","import",[41,57,59],{"class":58},"sMK4o"," {",[41,61,63],{"class":62},"sTEyZ"," GoogleAuth",[41,65,66],{"class":58}," }",[41,68,69],{"class":54}," from",[41,71,72],{"class":58}," '",[41,74,76],{"class":75},"sfazB","google-auth-library",[41,78,79],{"class":58},"'",[41,81,82],{"class":58},";\n",[41,84,86,90,93,96,99,102,105],{"class":43,"line":85},3,[41,87,89],{"class":88},"spNyl","const",[41,91,92],{"class":62}," auth ",[41,94,95],{"class":58},"=",[41,97,98],{"class":58}," new",[41,100,63],{"class":101},"s2Zo4",[41,103,104],{"class":62},"(",[41,106,107],{"class":58},"{\n",[41,109,111,115,118,120,123,125],{"class":43,"line":110},4,[41,112,114],{"class":113},"swJcz","  keyFilename",[41,116,117],{"class":58},":",[41,119,72],{"class":58},[41,121,122],{"class":75},".\u002Fservice-account.json",[41,124,79],{"class":58},[41,126,127],{"class":58},",\n",[41,129,131,134,136,139,141,144,146],{"class":43,"line":130},5,[41,132,133],{"class":113},"  scopes",[41,135,117],{"class":58},[41,137,138],{"class":62}," [",[41,140,79],{"class":58},[41,142,143],{"class":75},"https:\u002F\u002Fwww.googleapis.com\u002Fauth\u002Fcloud-platform",[41,145,79],{"class":58},[41,147,148],{"class":62},"]\n",[41,150,152,155,158],{"class":43,"line":151},6,[41,153,154],{"class":58},"}",[41,156,157],{"class":62},")",[41,159,82],{"class":58},[41,161,163,165,168,170,173,176,179,182,185],{"class":43,"line":162},7,[41,164,89],{"class":88},[41,166,167],{"class":62}," client ",[41,169,95],{"class":58},[41,171,172],{"class":54}," await",[41,174,175],{"class":62}," auth",[41,177,178],{"class":58},".",[41,180,181],{"class":101},"getClient",[41,183,184],{"class":62},"()",[41,186,82],{"class":58},[41,188,190,192,195,197,199,202,204,207,209],{"class":43,"line":189},8,[41,191,89],{"class":88},[41,193,194],{"class":62}," token ",[41,196,95],{"class":58},[41,198,172],{"class":54},[41,200,201],{"class":62}," client",[41,203,178],{"class":58},[41,205,206],{"class":101},"getAccessToken",[41,208,184],{"class":62},[41,210,82],{"class":58},[11,212,214],{"id":213},"when-youll-hear-this","When You'll Hear This",[16,216,217],{},"\"Create a service account with read-only BigQuery access for the data pipeline.\" \u002F \"Never commit service account JSON keys to your repo.\"",[219,220,221],"style",{},"html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html pre.shiki code .swJcz, html code.shiki .swJcz{--shiki-light:#E53935;--shiki-default:#F07178;--shiki-dark:#F07178}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":51,"depth":51,"links":223},[224,225,226,227],{"id":13,"depth":51,"text":14},{"id":21,"depth":51,"text":22},{"id":28,"depth":51,"text":29},{"id":213,"depth":51,"text":214},"cloud","A service account is a special non-human account that your app or service uses to authenticate with cloud APIs.","intermediate","md","s",{},true,"\u002Fterms\u002Fs\u002Fservice-account",[237,238,239,240,241,242,243],"IAM","GCP","AWS","Authentication","Cloud Function","Security Group","Least Privilege",{"title":5,"description":229},{"changefreq":246,"priority":247},"weekly",0.7,"terms\u002Fs\u002Fservice-account","m9upgl5HzsRfGCmtW1S7wW2ZLOC6qTvv34ScBJeH93M",[251,257,261,264,268,272],{"title":240,"path":252,"acronym":253,"category":254,"difficulty":255,"description":256},"\u002Fterms\u002Fa\u002Fauthentication","AuthN","security","beginner","Authentication is proving you are who you say you are.",{"title":239,"path":258,"acronym":259,"category":228,"difficulty":255,"description":260},"\u002Fterms\u002Fa\u002Faws","Amazon Web Services","AWS is like a giant magical warehouse where you can rent computers, storage, databases, and basically anything tech-related — by the minute.",{"title":241,"path":262,"acronym":6,"category":228,"difficulty":255,"description":263},"\u002Fterms\u002Fc\u002Fcloud-function","A cloud function is a piece of code you deploy to the cloud that runs when triggered — by an HTTP request, a file upload, a timer, or another event.",{"title":238,"path":265,"acronym":266,"category":228,"difficulty":255,"description":267},"\u002Fterms\u002Fg\u002Fgcp","Google Cloud Platform","GCP is Google's version of the giant rental computer warehouse.",{"title":237,"path":269,"acronym":270,"category":228,"difficulty":230,"description":271},"\u002Fterms\u002Fi\u002Fiam","Identity and Access Management","IAM is the permission system for AWS. It controls who (users, roles, services) can do what (read S3, start EC2, invoke Lambda) on which resources.",{"title":242,"path":273,"acronym":6,"category":228,"difficulty":230,"description":274},"\u002Fterms\u002Fs\u002Fsecurity-group","A security group is a firewall for your cloud resources. You write rules like 'allow port 443 from anywhere' or 'allow port 5432 only from the app servers.",1776518312565]