Platform-lane service-account management. Create machine credentials that carry platform permissions, list them, and revoke them. The plaintext key is returned once at creation. Requires a platform credential, not a tenant bearer.
import { GatekeeperCore, PlatformServiceAccountsService } from '@orkait/sdk';
const serviceAccounts = new PlatformServiceAccountsService(core);Methods#
| Method | Returns | Notes |
|---|---|---|
create(input) | PlatformServiceAccountCreateResult | { serviceAccount, plainTextKey }; plainTextKey shown once. input: { name?, permissions, expiresInSeconds? } |
list() | Page<PlatformServiceAccount> | keys stripped; only keyPrefix exposed |
revoke(id) | PlatformServiceAccount | marks the account revoked |
Example#
const { serviceAccount, plainTextKey } = await serviceAccounts.create({
name: 'ci-runner',
permissions: ['platform:jobs:read'],
expiresInSeconds: 60 * 60 * 24 * 30,
});
// store plainTextKey now - it is never shown again
const page = await serviceAccounts.list();
await serviceAccounts.revoke(serviceAccount.id);