Service Account
An identity used by NodeActor to execute nodes
A ServiceAccount defines the authentication and authorization context for node execution. It provides credentials and context variables that nodes need to access external services and resources.
Specification
kind: ServiceAccount
name: string
context?: Context
# Either one of the options below is allowed
credentials_provider?: CredentialsProvider
credentials_providers?: CredentialsProvider[]| Prop | Type | Default |
|---|---|---|
kind | ServiceAccount | - |
name | string | - |
context? | - | |
credentials_provider? | - | |
credentials_providers? | - |
Inlined
ServiceAccount can be declared in inlined format, in this case name and kind are not required
kind: Node | LLMNode | ToolNode
---
auth:
service_account:
name?: string
context?: Context
credentials_provider?: CredentialsProvider
credentials_providers?: CredentialsProvider[]Context
Context is a set of variables that can be injected into the service account from the external state. It can be used to provide additional information to the service account, such as user ID or organization ID. This way, only the data needed for node execution is used. Context declaration is always inlined
context:
strict: boolean
inject: var[]| Prop | Type | Default |
|---|---|---|
strict? | boolean | true |
inject | var[] | - |
Example
context:
strict: true
inject:
- user_id: user.id
- organization.idBoth notations are supported, so you can use var: user.id or organization.id to inject values from the state.
These would be available in the service account as context.user_id and context.organization.id variables.
Example
This example creates a ServiceAccount that injects project and region variables from the external state and uses both GCP and AWS S3 credentials providers:
kind: ServiceAccount
name: MyServiceAccount
context:
inject: [project_id, region]
credentials_providers:
- GCPCredentials
- AWSS3CredentialsLast updated on