Headless authentication with service accounts

2 December 2022

zli v. 6.14.3


  • Service accounts. Beginning with zli v. 6.14.3 and bzero v. 7.3.0, BastionZero supports headless authentication via service accounts. Generic, Google, and Microsoft service accounts are all supported. You can learn more about service accounts on
  • Connect to multiple Kubernetes targets. The zli supports multiple Kubernetes connections and can be used to support all your Kubernetes workflows. Some quick how-to's > To view open Kubernetes connections, use zli list-connections -t kube or zli lc to see what Kubernetes connections exist > To display a list of your Kube connections and their corresponding context name, use zli list-daemons kube or zli ld kube > To close a Kubernetes connection, use zli close <connection-id> for a specific connection or zli close -t kube to close all Kubernetes connections > To disconnect from the Kubernetes daemon, use zli disconnect kube


  • zli send-logs. Resolved issue so zli send-logs sends zli logs when no daemon logs exist

bzero v. 7.3.0

Important reminder: For those who use Helm to install the Kubernetes bzero agent, you must update the Helm repository before upgrading. You can do this with helm repo update.


  • Service accounts. To use service accounts, you must be running a minimum of zli v. 6.14.3 and bzero v. 7.3.0. Older versions of bzero do not support the service account feature

Web app & backend


  • Service accounts. Event logs, policy, and user management have been updated to include service accounts


  • Last login. Resolved issue with login records that caused intermittent issues with the onboarding tool
For questions or to give us feedback on how we can make our updates better, reach out to [email protected].