Service Account
What is Service Account?
Service AccountA non-human identity used by an application, script, or service to authenticate to other systems, typically without interactive login.
A service account represents a workload rather than a person. It is provisioned for backend processes that need to call databases, APIs, message queues, or operating-system services — for example, a backup job, a Kubernetes pod, or a SaaS connector. Service accounts often hold long-lived secrets (passwords, API keys, certificates) and broad permissions, which makes them attractive lateral-movement targets when poorly managed. Best practices include strong vaulting, automated rotation, scoped permissions following least-privilege, workload identity federation in cloud environments (so credentials are short-lived), audit logging, and removing standing keys in favour of OIDC or mTLS-based authentication.
● Examples
- 01
A Kubernetes ServiceAccount used by a pod to call the cluster API with limited RBAC permissions.
- 02
An Azure managed identity that allows a virtual machine to read from Key Vault without storing secrets.
● Frequently asked questions
What is Service Account?
A non-human identity used by an application, script, or service to authenticate to other systems, typically without interactive login. It belongs to the Identity & Access category of cybersecurity.
What does Service Account mean?
A non-human identity used by an application, script, or service to authenticate to other systems, typically without interactive login.
How do you defend against Service Account?
Defences for Service Account typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Service Account?
Common alternative names include: Non-human identity, Application account.