Skip to main content

Application users

An application user is a type of user that provides programmatic access to the Aiven platform and services through the Aiven API, CLI, Aiven Terraform Provider, and Aiven Kubernetes Operator. They're intended for non-human users that need to access Aiven.

info

You must be a super admin to access this feature.

Application user permissions

You create and manage application users at the organization level. Application users are granted access to projects and services in the same way as organization users by adding them to projects and assigning them a role. You can also make application users super admin, giving them full access to your organization, its organizational units, projects, services, and billing and other settings.

Unlike organization users, application users can't log in to the Aiven Console and the authentication policies don't apply to them.

Security best practices

Because application users can have the same level of access to projects and services it's important to secure these accounts and their tokens to avoid abuse. The following are some suggested best practices for using Aiven application users.

Create dedicated application users for each application

Try to create a different application user for each tool or application. For example, if you have an application that needs to connect to services in one of your projects and you're using Aiven Terraform Provider in the same project, create two application users. Use the description field for each user to clearly indicate what it's used for.

This helps you manage the lifecycle of the users and ensure the access permissions are correct for each use case.

Keep tokens secure and rotate them regularly

Make sure tokens are securely stored and only accessible by people who need them. Tokens should also be routinely revoked and replaced with new tokens.

Delete unused users and tokens

Regularly audit your list of application users to delete unused users. You can view a list of your organization's application users and the last time they were used in Admin > Application users. Click Actions > View profile to see a user's tokens.

You can delete unused users and revoke specific tokens.