Introduction
This article explains the purpose of internal service accounts in Terraform Enterprise and provides guidance on managing them.
Scenario
The Users page in the admin settings of Terraform Enterprise lists several internal service accounts. These accounts are automatically created to manage permissions for features like team tokens, API access, and VCS webhooks.
The naming convention of these accounts resembles the following examples:
api-org-<organization-name>@hashicorp.com api-<team-name>@hashicorp.com gl-webhooks-code-<organization-name>@hashicorp.com bb-webhooks-<organization-name>@hashicorp.com
Recommendation
You should not remove these internal service accounts. They are directly tied to API tokens and VCS provider configurations. Deleting them can break VCS connections and disrupt organization or workspace functionality.
These accounts are associated with the following features:
- Organization API Tokens:
api-org-<organization-name>@hashicorp.com - Team API Tokens:
api-<team-name>@hashicorp.com - GitLab Webhooks:
gl-webhooks-code-<organization-name>@hashicorp.com - Bitbucket Webhooks:
bb-webhooks-<organization-name>@hashicorp.com