Services offer a way to provide programmatic, centrally-controlled, and consistent access controls for automated processes such as CI/CD pipelines and custom applications.

Any Resource that is defined in Twingate can be assigned to a Service, User, or both. This allows you to create consistent zero trust access controls across your infrastructure.

More specific details are described below, but the following summarizes the capabilities of Services in Twingate:

  • Any Resource in Twingate may be assigned directly to a Service.
  • Security Policies do not apply to Services, and instead, access is granted by a valid Service Key.
  • Either the Linux or Windows clients may be run in “headless” mode to automate connection and access to Resources assigned to a Service.

Service Components

  • The Service
    This is the container object that is used to configure the Service. You can find Services under the “Team” tab in the Admin console.
  • One or more Service Keys
    Service Keys are used to authorize access to all Resources assigned to a Service. Any Service Key that has not been revoked or has not expired can be used to access Resources assigned to a Service. Service Key expiration can be configured at creation time and expire after 365 days by default.
  • One or more Resources assign to a Service.
    Any Resource defined in Twingate can be assigned to a Service.

Create a New Service

1. Navigate to Team > Services, and select “Create Service Account”

2. Select “Generate Key” to create a new Service Key

3. Save the new Service Key.

This is the only time that the Service Key can be viewed and copied.

4. Select “Add Resource” to assign Resource(s) to the Service.

Any Service Key authorizes access to all Resources assigned to the Service.

Service Key lifecycle

Valid Service Key states are summarized in the table below.

StateAllowed SectionsValid?Notes
ActiveRevoke Edit nameYesThis is the default state for a new Service Key. Service Keys are only valid and usable when active. Service Key expiry can only be set at creation time; unlimited expiration is allowed.The Service Key’s name may also be edited while active.
RevokedDeleteNoService Keys must be revoked before they are deleted. Once revoked, keys cannot be made active again.
ExpiredDeleteNoService Keys expire automatically unless created with an unlimited expiration.
DeletedN/ANoService Keys that are deleted are permanently deleted and cannot be recovered.

Last updated 3 hours ago