Close
logodocs

Service Accounts on macOS and Linux

Service Accounts allow for programatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs or any automated function that would need resource access. Check the Admin UI Guide to see how to create Service Accounts. The rest of this guide will cover how to authentication with a service account.

Using the CLI

Pass the service account token to the CLI login command.

sdm login --admin-token='<service_account_token>'

Using the GUI (macOS only)

  1. Select the GUI from the top nav menu on your screen
  2. Press the <esc> key 3 times
  3. The prompt will change from email to service account token
  4. Paste the service account token and click continue

Environment Variables

The strongDM client will check the local environment for the variable SDM_ADMIN_TOKEN. This variable can be added to the environment in a few ways.

Export

export SDM_ADMIN_TOKEN=<token>
sdm login

Shell Profile

You can add the environment variable during a login event by specifying the previous command in your shell profile. This approach is similar among all of the shells.

echo 'export SDM_ADMIN_TOKEN=<token>' >> ~/.bash_profile

In line

Environment variable can also be read when specified before a command.

SDM_ADMIN_TOKEN=<token> sdm login

Check that it is working

From this point you should see any assigned resources in your GUI or from the CLI.

For the GUI simply click on the strongDM icon at the top of your screen.

For the CLI type the command sdm status

$ sdm status
DATASOURCE NAME STATUS PORT TYPE
pgsql_1_31 not connected 5432 postgres
SSH SERVER STATUS PORT TYPE
server-245a not connected 61334 ssh

General usage

Once authenticated the CLI and GUI will behave the same as they would for a normal user.

User Guide — Previous
Client Authentication
Next — User Guide
Service Accounts on Windows