> How do you handle service account credentials in a good way?
Passwordless. If someone can log into a service account then it's not secure.
If you need direct access to systems then you grant temporary rights to individual users. To make this smooth you need to create a service to do it. Basically the flow would be for a user to request access and for the service to ask their direct manager (or whoever has the rights) for permission.
I know it's common for organisations to let IT operations handle this, but this is a terrible practice. Your IT department will almost never be in a position where they are the ones who have authority to grant access to anything without manager permission, a permission they should basically ask for every time. Also it's a massive waste of time for everyone. Yes, I know it's extremely common to just let IT operations do it anyway, but well, you shouldn't.
Passwordless. If someone can log into a service account then it's not secure.
If you need direct access to systems then you grant temporary rights to individual users. To make this smooth you need to create a service to do it. Basically the flow would be for a user to request access and for the service to ask their direct manager (or whoever has the rights) for permission.
I know it's common for organisations to let IT operations handle this, but this is a terrible practice. Your IT department will almost never be in a position where they are the ones who have authority to grant access to anything without manager permission, a permission they should basically ask for every time. Also it's a massive waste of time for everyone. Yes, I know it's extremely common to just let IT operations do it anyway, but well, you shouldn't.