As an admin of a vault, navigate to Vault Settings → Service Accounts.

Click the Add Service Account button.

Enter the desired Name and Email values.

In the public key area, paste the public counterpart of the RSA key that will control the service account.

Should look something like this:

-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr9R9Xpo2mp1O4jHmvdn/
+Fci4brA3nO9aHr3VAPWrW6N1587JhiQMZpB17RZjWWQUvONf1QcDwYHLZOFjXGN
w2xhLOUIVswfHsUENExMiQfeXBIP5e+cNhkJMVCHT8xMAT6IIh2ex33/dwXObiOs
h49GB13Id2hOYCBdOYWpVhr5Pre3Cp2sK0DL4j6B/jkwWesx2+ercqHPLQq+HnOc
ZELKTWbecKKwXWJsyT+gIVcI9zH1h4N3gEuL1Sozw0lJ1ouPLj6WNHHXyb2CplbB
VFbRyV8fl7EvkVhw0bgcLXnYWphnreh1J0TLPI/BXKQmHrxLL1Lx84xPIAXNHHki
TL92I8XswdKoy0gmTgsQM8p7kN81XKD45T2GoMxMsJBTt/fb818cRQ4a8OB2Ii21
gcaPWc58aaYCZuO4Ibiq/ugvqtrmB+WkTeLPDDDFdHKjlmLyjRM5u4a8haigR2s9
zCdNnQgdMktUZGLqbpM1aNNCu12FTHEBF+rT4YHl97NvtAlPGRapDDxTY3S+5CXH
W/KuvtvulNiwjYEzWqUpq1fdGYirI3sblIx6/8wUYI9Gm/IlJyG7qFTJwLc7pPlm
2FaAFIu8YvGsD0Yy0aChMssGCL4w/d2wJNN41VJvNTyRv60xDGuPF9iRVXj+2adn
u+TDNpU/PNelqdqk7j6fPLMCAwEAAQ==
-----END PUBLIC KEY-----

Assign Vault Role

Select the required role within the vault, or skip for now.

This action will trigger a vault action which may require an approval from additional vault admins.