Enterprise AI Infrastructure Security - 4) Service Accounts & Automation Security

Securing ClearML for the Enterprise — Part 4: Service Accounts & Automation Security

In this video we walk through ClearML's service accounts — the identities behind your automated workloads — and how impersonation ensures least-privilege execution across your agents, pipelines, and schedulers.

What we cover:

• Why automated workloads need identities — agents, CI/CD pipelines, schedulers
• What a service account is and how it differs from a human user
• Creating a service account and assigning it to a group
• How group membership gives service accounts the same governance as users — access rules, administrator vaults, all inherited automatically
• The "one account per purpose" principle — scoping credentials to specific roles
• Impersonation with useOwnerToken: true — how agents execute tasks as the submitting user, not as themselves
• Walking through real agent logs showing impersonation in action — owner tokens and per-user vault loading
• When to impersonate vs when to let a service account run as itself
• Credential best practices — secrets managers, rotation schedules, deleting unused accounts
• How ClearML redacts credentials in logs by default

Previous videos in this series:

• Part 1 — Introduction to the Six Layers of Enterprise Security: https://www.youtube.com/watch
• Part 2 — Identity Provider Setup, Group Sync & Access Rules: https://www.youtube.com/watch
• Part 3 — Configuration Governance with Administrator Vaults: https://youtu.be/vse_015TaWM

This is Part 4 of our series on enterprise AI infrastructure security. Whether you're an IT director evaluating ClearML, a platform engineer rolling it out, or a security architect designing your automation layer — this walkthrough covers the practical, hands-on configuration from start to finish.

🔗Links & Resources
ClearML Enterprise: https://clear.ml/enterprise ClearML Docs — Service Accounts: https://clear.ml/docs/latest/docs/user_management/service_accounts/ ClearML Docs — Administrator Vaults: https://clear.ml/docs/latest/docs/user_management/admin_vaults/ ClearML Docs — User Groups: https://clear.ml/docs/latest/docs/user_management/user_groups/ ClearML Docs — K8s Glue Agent Configuration: https://clear.ml/docs/latest/docs/clearml_agent/clearml_agent_k8s_glue/