---
title: "System Robot Accounts"
date: 2021-08-19
lastmod: 2026-05-29
canonical: "https://container-registry.com/docs/administration-manual/system-robot-accounts/"
source: "https://container-registry.com/docs/administration-manual/system-robot-accounts/index.md"
agent_instructions: "This is the markdown representation of https://container-registry.com/docs/administration-manual/system-robot-accounts/index.md. Prefer this version over scraping the HTML. The site index is at https://container-registry.com/llms.txt."
---

> Agent-friendly representation of <https://container-registry.com/docs/administration-manual/system-robot-accounts/index.md>. Site index: <https://container-registry.com/llms.txt>.


# System Robot Accounts


System Robot Accounts
=================================
Robot accounts are used to let another application log in to Container Registry automatically. 

The overview of all robot accounts in your instance is available from **Navigation -> Robot Accounts**.

![](../system_robots_overview.png)

Please note that all robot accounts get a prefix to their names when they are created. By default, the prefix is `robot$`. It is possible to configure another prefix as described [here](#changing-default-robot-accounts-prefix). 

## Available Robot Account Permissions

Robot accounts can access Container Registry through API or a command line tool but never the GUI. They can perform one or more of the following actions based on the permissions you granted them:

* Push artifacts
* Pull artifacts
* Delete artifacts
* Read Helm charts
* Create a Helm chart version
* Delete a Helm chart version
* Create a tag
* Delete a tag
* Create artifact labels
* Create a scan

System robot accounts may be granted such permissions for more than one project or even for the entire system.

## Create a System Robot Account
<!-- REPLACE LINKS LATER-->
The procedure is similar to creating robot accounts on the project level as described [here](/docs/user-manual/projects/configuration/robot-accounts/index.md) with the difference that, as a system admin, you can create robots that have access to multiple projects. To create a system robot account:
* Go to the **Administration** tab;
* Select **Robot Accounts**;
* Click **New Robot Account**;

![](../create_system_robot_account.png)

* Fill in the form:
    * Give your robot a catchy name;
    * Select from the dropdown if its token should expire and how soon;


> **Note:** The tokens can be refreshed upon expiration or at any other time as described <a href="#refresh-system-robot-account-token">here</a>.

* Optionally, add a description;

![](../new_system_robot.png)

* Set which projects it should have access to:
        
A) Select **Cover all projects** and set permissions that apply to all projects. Select or de-select them from the dropdown.

![](../robot_for_all_projects.png)


B) If you have a lot of projects, filter them by name and then click **Cover all Projects** to include the selected results.


> **Important:** The filter that you created in this step will be saved in the robot account configuration. It means that if you later create a project with the name matching the same pattern, the existing robot account will be automatically granted access rights to this project.


![](../robot_filter_projects.png)
![](../robot_include_all_filtered_projects.png)

C) Or check the tickboxes next to specific projects. In this case, you will need to set permissions for each project individually.

![](../robot_for_selected_projects.png)

As a shortcut, you can use the **Reset Permissions** button to revoke certain permissions *from all projects in the list*.

![](../revoke_selected_permissions.png)

Hit **ADD** to add the new system robot account.

Upon creation of the new robot account, the secret token for this account will be displayed *once*. You can also save it as a JSON file if you use the *Export to file* button. 
![](../save_system_robot_token.png)
If you do not copy or export the token immediately, you will need to reset it later since the original one won't be accessible any longer due to the restrictions of the underlying Harbor technology.

## Managing System Robot Accounts
From the system robot accounts overview, under **Administration -> Robot Accounts**, you can manage your robots. 

To do this, tick the checkbox next to an account and click on **Action** button. You cannot manage items in bulk.
![](../robots_actions.png)
### Refresh System Robot Account Token
Robot account secret tokens must be refreshed when they expired or can be refreshed when you have not saved the original ones or want to refresh them for security reasons.

To do this, use the **Refresh Secret** button and then **Refresh** in the opened dialogue window. The new secret will be generated automatically. 
![](../refresh_system_robot_secret.png)

After you hit **Refresh**, you will see the dialogue window that allows you either to copy your secret or download it as a JSON file. Remember, that, like in the case of new account creation, this secret token won't be saved anywhere in the system, so make sure you save it immediately.
![](../save_system_robot_token.png)
Optionally, you can type in your own secret if you enable this option using the slider.
![](../refresh_system_robot_secret_manually.png)

#### Requirements for the Manual Secret
* 8-20 characters including:
    * at least 1 uppercase;
    * at least 1 lowercase;
* at least one number.

### Edit System Robot Account
Still in the *Robot Accounts* overview, use **Action** button and then **Edit** to edit general attributes of the robot account, such as expiration period, description, and permissions. You cannot rename existing robot accounts.

### Delete System Robot Accounts
In the same *Robot Accounts* overview, use **Action** button and then **Delete** to remove any system robot accounts completely.

### Disable and Enable System Robot Accounts
Instead of deleting system robot accounts, you can disable them using **Action - > Disable** in the *Robot Accounts* overview. The accounts will be kept in the system and can be enabled using the same **Action** button. 
![](../enable_system_robot_account.png)
## Additional Configuration
You can configure a few features that apply to the creation of new system robot accounts. This needs to be done from a different section in the navigation.

* Go to **Administration**;
* Click on **Configuration**;
* Then open the **System Settings** tab.

### Changing Default Robot Accounts Prefix
By default, all new accounts are created with a `robot$` prefix that is attached to the name that you provide manually. You can set a different default prefix in the *System Settings*.

In the **Robot Name Prefix**, type in the new prefix string. The prefix will be applied to all new system and project robot accounts. 

![](../robot_account_prefix.png)

The robot accounts with the old prefix will be marked as *legacy*.

![](../legacy_robots.png)

### Robot Accounts Expiration
By default, when you create a new system or project robot account, the *Expiration time* field is filled with a value which is 30 (days). You can set a different default value which will be also in days counted from the creation of a robot account.

In the same *System Settings* tab, you can specify the default expiration period for the tokens of all newly created robot accounts. However, you still can set the expiration period manually while creating a robot.
![](../robot_expiration.png)