Service accounts and API keys

A service account is a non-human user that can be used to interact with Airplane. Just like regular users, service accounts can be assigned permissions which they can use to execute tasks, interact with the Airplane API, kick of deployments, and more.

To authenticate as a service account, for example to use the Airplane API or to Deploy from a CI/CD system , you'll need to attach one or more API keys to the service account. Using an API key let's you interact with Airplane on behalf of the service account.

Service accounts are created and managed on the Service account settings page. Here, you can create new service accounts, view existing service accounts, suspend service accounts, and manage API keys and permissions.

A service account authenticates with Airplane using an API key. A service account can have zero or more API keys which can be deleted at any time.

API keys are used to call the Airplane API, Deploy from a CI/CD system, or call tasks via Webhooks, all on behalf of the service account.

Create an API key by selecting the service account on the Service account settings page.

A service account can be assigned elevated permissions via roles which determine what the service account can do in Airplane. For example, a service account can be assigned the Deploy creator role which allows the service account to create and update tasks and views via deployments.

Service accounts without roles still have standard user permissions, such as the ability to execute tasks and runbooks set to "team access".

Just like regular users, service accounts can be assigned permissions as a task viewer, requester, executer or admin. This is useful for service accounts that are meant to execute specific task(s).

Task and runbook permissions can be set in the UI or in code using the service account's email.