Skip to content

Accounts

Accounts stores the service accounts and connection profiles used by integrations.

The goal is to keep credentials and connection details governed, reusable, and separate from pipeline logic.

What belongs in Accounts

Accounts may represent:

  • API credentials
  • database connection profiles
  • SFTP profiles
  • OAuth/OIDC-related connection details
  • service accounts for institutional systems
  • system-specific authentication profiles

Why Accounts matters

Pipelines should reference approved accounts instead of embedding secrets directly in node fields. This improves reviewability and reduces the risk of exposing credentials in screenshots, exports, logs, or pipeline JSON.

Accounts stores the approved connection profile.
Workspace references that profile in a node.
Runtime uses the profile when the node executes.

  • Use descriptive account names.
  • Separate production, test, and development credentials.
  • Limit who can create or edit accounts.
  • Rotate credentials according to institutional policy.
  • Avoid sharing one account across unrelated systems unless that is intentional.
  • Review account usage before deleting or changing credentials.

Use environment-specific accounts

A test pipeline should use test credentials, not production credentials. Keep production, test, and development accounts clearly separated.