Skip to main content
Virtual accounts are non-user accounts that can be assumed by applications or services to access resources in Truefoundry. They can be created by admins and each virtual account will have a token using which the application can access the resources.
It is usually recommended to create one virtual account per application and scope it to the minimum set of permissions required by the application.

Create Virtual Accounts

You can create and assign permissions to a virtual account as shown below:
Once you create a virtual account, you can get the token for it by clicking on the Get Token button. Get Token button Using a virtual account, you can autorotate the tokens, set notifications on rotation and also sync the token tox a secretmanager of your choice.

Configure auto-rotation of virtual account tokens

You can configure auto-rotate to automatically rotate the token at an interval. In auto-rotation, new token will be generated and can be retrieved using UI or API while the older token will be active for a grace period that is configurable.

Configure notification on token rotation

You can get notified via email or Slack when a token is rotated. To configure notification, you first need to add an integration for email or Slack. You can find the instructions here and here.

Configure secret store sync for virtual account tokens

You can configure Truefoundry to automatically sync the virtual account token to a secret store of your choice. To use this feature, you first need to integrate a secret store with Truefoundry. Truefoundry supports integrations with AWS Parameter Store, AWS Secrets Manager, Google Secret Manager, HashiCorp Vault, Azure Vault, etc. You can find the instructions here.
If you configure the secrets to sync to a secret store, the virtual account token will be stored in the secret store in a secret path of your choice. The token will automatically be synced to the secret store when the token is rotated.