<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] (or [Application Accounts]) are a [Digital Identity] that is used by an [application] or services to interact with the other [Applications] or the [Operating System].[{$pagename}] may be a [Privileged Identity] within the [context] of the [application]. Local [{$pagename}]s may  interact with a variety of [Operating System] components which makes coordinating [Password Changes] difficult. This challenge usually means the [passwords] are __rarely changed__ – representing a significant [Security Consideration] across an [Organizational Entity].

[{$pagename}] used by [applications] to access [databases], run batch jobs or scripts, or provide access to other [applications]. These [Privileged Identity] usually have broad access to underlying company [data Stores] that resides in [applications] and [databases]. [Passwords] for these accounts are often embedded and stored in [Plaintext] files, a [vulnerability] that is replicated across multiple [servers] to provide greater fault tolerance for [applications]. This [vulnerability] represents a __significant__ [risk] to an [organizational Entity] because the [applications] often host the exact [data] that [Advanced Persistent Threat]s consider as an [Item of Interest].

[{$pagename}] are a [Non-person entity] [Digital Identity] and may be [shared]

!! [{$pagename}] [Google Cloud Platform] [1]
A [{$pagename}] on [Google Cloud Platform] is an account that belongs to your [application] instead of to an individual [end-User]. A [{$pagename}] is used in an [application] that calls [APIs] on behalf of an [application] that __does not__ access user information. This type of [application] needs to prove its own identity, but it does not need a user to [authorize|Authorization] prequests].

For [example], if your [Google Cloud Project] employs server-to-server interactions such as those between a web application and [Google Cloud Storage], then you need a [Private Key] and other [{$pagename}] [credentials]. 

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Service accounts|https://support.google.com/cloud/answer/6158849#serviceaccounts|target='_blank'] - based on information obtained 2017-08-16- 
</pre>