About Robot Accounts
Robot accounts are accounts created in the Nectar Clouds accounts database that are intended for automated operations.
Unlike normal user accounts, which may be disabled when a user leaves the institution or becomes inactive, robot accounts belong to a project and is active for the lifetime of the project.
Use of Robot Accounts
Robot accounts are useful for certain scenarios:
- Automated, periodic system tasks. An example may be a reporting script.
- Creating Magnum clusters. A Magnum cluster created by a user has a "trust" embedded in it. This trust is used to create resources like Volumes and Load Balancers on behalf of the user. The trust stops working when the user is disabled, and the Magnum cluster will not be able to create/delete/update such resources anymore.
How to apply
To maintain accountability, we require that each robot account is associated with a single user.
To request a robot account, submit a request to firstname.lastname@example.org with the Cloud project id. Please submit your request from an email address that matches your Nectar account ID (this is your email shown in the top right hand corner of the dashboard, when logged in).
- Keep robot account credentials secure. This may include putting it in a password manager.
- Limit sharing of robot account credentials.
- Use Application Credentials. Instead of using the robot account credentials directly, you should generate Application Credentials for each application that uses the robot account.
- Rotate credentials when a user leaves. Robot account credentials remind valid even after removing users from the project.