Service Accounts and Automation

A service account is an identity for software. Each one has scoped permissions and a rotatable API key.

Search guides... Ctrl K

A service account is the identity CI tools and automation scripts use to call the Jaws Deploy REST API. It's distinct from a human user: no UI login, no email, no group membership - just an ID, an API key, and a scoped permission set.

Creating one

In Workspace -> Service accounts, click New. Give it a name that describes its job (teamcity-checkout-build, github-actions-platform). Pick the permissions it needs - usually releases.create for a CI integration, plus deployments.create if the integration also triggers deployments.

API keys

Each service account can hold one or more API keys. Keys are rotatable independently - rotate by creating a new one, distributing it to consumers, and revoking the old one. Keys are shown once at creation and never displayed again.

// Using a service account from CI

Same pattern works for any CI tool

The API key is stored in the CI tool's secrets store, never in source.

Connect-JawsDeploy `
    -Url      "https://deploy.acme.internal" `
    -Account  "teamcity-checkout-build" `
    -ApiKey   $env:JAWS_API_KEY

New-JawsDeployRelease `
    -Workspace "default" `
    -Project   "checkout-service" `
    -Version   "$buildNumber"