Skip to main content
API resource reference for ServiceAccount, part of the IAM service. To create or change one, see Changing resources; to inspect, see Reading resources.
This resource is part of the v1alpha1 API and is subject to change. Fields and behavior may change in future releases.

Identity

Groupiam.miloapis.com
Versionv1alpha1
KindServiceAccount
ScopePlatform

Overview

A ServiceAccount represents a non-human identity that can authenticate to Datum Cloud, for use by automation, CI pipelines, and other machine-to-machine workloads. Once created, the platform computes a stable email address for the identity, and you control whether it can authenticate by setting its state. Set the state to Inactive to immediately prohibit new authentication and revoke existing sessions, then back to Active to restore access.

Spec fields

FieldTypeRequiredDescription
spec.statestringNoThe activation state of the service account, one of Active or Inactive. Active allows the service account to authenticate; Inactive prohibits authentication and revokes all existing sessions. This state can be safely changed as needed.

Status fields (read-only)

FieldTypeDescription
status.conditions[]ObjectConditions that represent the current status of the ServiceAccount.
status.emailstringThe computed email of the service account, following the pattern {name}@{namespace}.{project}.{global-suffix}.
status.statestringThe current activation state (Active or Inactive) as observed from the auth provider. Tracks the state from the previous generation and is updated once a state change is successfully propagated.

Usage

apiVersion: iam.miloapis.com/v1alpha1
kind: ServiceAccount
metadata:
  name: ci-deployer
spec:
  state: Active
datumctl apply -f serviceaccount.yaml
datumctl get serviceaccounts.iam.miloapis.com
datumctl describe serviceaccounts.iam.miloapis.com ci-deployer
Run datumctl explain serviceaccounts.iam.miloapis.com --recursive to see the full, live field tree for this resource.
Last modified on July 2, 2026