Service Accounts on macOS and Linux
Service Accounts allow for programatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs or any automated function that would need resource access. Check the Admin UI Guide to see how to create Service Accounts. The rest of this guide will cover how to authentication with a service account.
Using the CLI
Pass the service account token to the CLI login command.
sdm login --admin-token='<service_account_token>'
Using the GUI (macOS only)
- Select the GUI from the top nav menu on your screen
- Press the
<esc>key 3 times - The prompt will change from
emailtoservice account token - Paste the service account token and click
continue
Environment Variables
The strongDM client will check the local environment for the variable SDM_ADMIN_TOKEN. This variable can be added to the environment in a few ways.
Export
export SDM_ADMIN_TOKEN=<token>sdm login
Bash Profile
You can add the environment variable during a login event by specifying the previous command in your bash profile. This approach is the same other shells as well.
echo 'export SDM_ADMIN_TOKEN=<token>' >> ~/.bash_profile
In line
Environment variable can also be read when specified before a command.
SDM_ADMIN_TOKEN=<token> sdm login
Check that it is working
From this point you should see any assigned resources in your GUI or from the CLI.
For the GUI simply click on the strongDM icon at the top of your screen.
For the CLI type the command sdm status
$ sdm statusDATASOURCE NAME STATUS PORT TYPEpgsql_1_31 not connected 5432 postgresSSH SERVER STATUS PORT TYPEserver-245a not connected 61334 ssh
General usage
Once authenticated the CLI and GUI will behave the same as they would for a normal user.