Skip to main content
Omni service accounts provide token-based authentication to Omni itself, not to the clusters it manages. Use them to grant programmatic access for tools, scripts, or CI pipelines.
For Kubernetes cluster access, see Kubernetes Service Accounts instead.

Prerequisites

You must install and configure omnictl to create and manage Omni service account.

Create the Omni service account

Run the following command to create an Omni service account: 
omnictl serviceaccount create <sa-name>
By default, the service account has a lifetime of 1 year and inherits the role of the user who created it. To change either of these, pass the --ttl or --role flags. See the command reference for details. The command outputs an OMNI_ENDPOINT and OMNI_SERVICE_ACCOUNT_KEY.
Store the OMNI_SERVICE_ACCOUNT_KEY securely as it will not be displayed again.
Export both values as environment variables: 
export OMNI_ENDPOINT=<output from above command>
export OMNI_SERVICE_ACCOUNT_KEY=<output from above command>
You can now use omnictl with the generated service account.