> ## Documentation Index
> Fetch the complete documentation index at: https://docs.siderolabs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create an Omni Service Account

> Generate token-based credentials for programmatic access to Omni.

Omni service accounts provide token-based authentication to Omni itself, not to the clusters it manages. Use them to grant programmatic access for tools, scripts,
or CI pipelines.

<Info>
  For Kubernetes cluster access, see [Kubernetes Service Accounts](./create-a-kubeconfig-for-a-service-account) instead.
</Info>

## Prerequisites

You must install and configure [`omnictl`](../getting-started/install-and-configure-omnictl) to create and manage Omni service account.

## Create the Omni service account

Run the following command to create an Omni service account:

```bash theme={null}
omnictl serviceaccount create <sa-name>
```

By default, the service account has a lifetime of 1 year and inherits the role of the user who created it. To change either of these, pass the `--ttl` or `--role`
flags. See the [command reference](../reference/cli.md#omnictl-serviceaccount-create) for details.

The command outputs an `OMNI_ENDPOINT` and `OMNI_SERVICE_ACCOUNT_KEY`.

<Warning>
  Store the `OMNI_SERVICE_ACCOUNT_KEY` securely as it will not be displayed again.
</Warning>

Export both values as environment variables:

```bash theme={null}
export OMNI_ENDPOINT=<output from above command>
export OMNI_SERVICE_ACCOUNT_KEY=<output from above command>
```

You can now use `omnictl` with the generated service account.