diff --git a/go.mod b/go.mod
index c8977cc..7738419 100644
--- a/go.mod
+++ b/go.mod
@@ -7,11 +7,11 @@ require (
 	github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466
 	github.com/stretchr/testify v1.9.0
 	golang.org/x/oauth2 v0.23.0
+	gopkg.in/yaml.v3 v3.0.1
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/internal/signer/signer.go b/internal/signer/signer.go
index 18480de..bd8d8e4 100644
--- a/internal/signer/signer.go
+++ b/internal/signer/signer.go
@@ -14,6 +14,7 @@ import (
 	jose "github.com/go-jose/go-jose/v3"
 	jwt "github.com/go-jose/go-jose/v3/jwt"
 	"golang.org/x/oauth2"
+	"gopkg.in/yaml.v3"
 )
 
 const serviceAccountIssuer = "mondoo/ams"
@@ -26,11 +27,11 @@ var (
 )
 
 type serviceAccountCredentials struct {
-	Mrn         string `json:"mrn,omitempty"`
-	ParentMrn   string `json:"parent_mrn,omitempty"`
-	PrivateKey  string `json:"private_key,omitempty"`
-	Certificate string `json:"certificate,omitempty"`
-	ApiEndpoint string `json:"api_endpoint,omitempty"`
+	Mrn         string `json:"mrn,omitempty" yaml:"mrn,omitempty"`
+	ParentMrn   string `json:"parent_mrn,omitempty" yaml:"parent_mrn,omitempty"`
+	PrivateKey  string `json:"private_key,omitempty" yaml:"private_key,omitempty"`
+	Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`
+	ApiEndpoint string `json:"api_endpoint,omitempty" yaml:"api_endpoint,omitempty"`
 }
 
 // privateKeyFromBytes loads a .p8 certificate from an in memory byte array and
@@ -56,7 +57,11 @@ func NewServiceAccountTokenSource(data []byte) (*serviceAccountTokenSource, *ser
 	var credentials *serviceAccountCredentials
 	err := json.Unmarshal(data, &credentials)
 	if credentials == nil || err != nil {
-		return nil, nil, errors.New("valid service account needs to be provided")
+		// if JSON format didn't work, try YAML
+		err = yaml.Unmarshal(data, &credentials)
+		if credentials == nil || err != nil {
+			return nil, nil, errors.New("valid service account needs to be provided")
+		}
 	}
 
 	// verify that we can read the private key