Service Accounts on macOS and Linux

Last modified on August 26, 2022

Service accounts allow for programmatic access to strongDM resources. This is useful for continuous-integration pipelines, extract-transform-load jobs, or any automated function that would need resource access. Check the Admin UI Guide to see how to create service accounts. The rest of this guide covers how to authenticate with a service account.

Using the CLI

Pass the service account token to the CLI login command.

sdm login --admin-token='<service_account_token>'

Using the GUI (macOS only)

  1. Select the GUI from the top nav menu on your screen
  2. Press the <esc> key 3 times
  3. The prompt will change from email to service account token
  4. Paste the service account token and click continue

Environment Variables

The strongDM client will check the local environment for the variable SDM_ADMIN_TOKEN. This variable can be added to the environment in a few ways.


export SDM_ADMIN_TOKEN=<token>
sdm login

Shell Profile

You can add the environment variable during a login event by specifying the previous command in your shell profile. This approach is similar among all of the shells.

echo 'export SDM_ADMIN_TOKEN=<token>' >> ~/.bash_profile

In line

Environment variable can also be read when specified before a command.

SDM_ADMIN_TOKEN=<token> sdm login

Check that it is working

From this point you should see any assigned resources in your GUI or from the CLI.

For the GUI simply click on the strongDM icon at the top of your screen.

For the CLI type the command sdm status

$ sdm status
pgsql_1_31          not connected     5432      postgres

SSH SERVER          STATUS            PORT      TYPE
server-245a         not connected     61334     ssh

General usage

Once authenticated the CLI and GUI will behave the same as they would for a normal user.