diff --git a/internal/signer/signer.go b/internal/signer/signer.go
index 18480de..bd8d8e4 100644
--- a/internal/signer/signer.go
+++ b/internal/signer/signer.go
@@ -14,6 +14,7 @@ import (
 	jose "github.com/go-jose/go-jose/v3"
 	jwt "github.com/go-jose/go-jose/v3/jwt"
 	"golang.org/x/oauth2"
+	"gopkg.in/yaml.v3"
 )
 
 const serviceAccountIssuer = "mondoo/ams"
@@ -26,11 +27,11 @@ var (
 )
 
 type serviceAccountCredentials struct {
-	Mrn         string `json:"mrn,omitempty"`
-	ParentMrn   string `json:"parent_mrn,omitempty"`
-	PrivateKey  string `json:"private_key,omitempty"`
-	Certificate string `json:"certificate,omitempty"`
-	ApiEndpoint string `json:"api_endpoint,omitempty"`
+	Mrn         string `json:"mrn,omitempty" yaml:"mrn,omitempty"`
+	ParentMrn   string `json:"parent_mrn,omitempty" yaml:"parent_mrn,omitempty"`
+	PrivateKey  string `json:"private_key,omitempty" yaml:"private_key,omitempty"`
+	Certificate string `json:"certificate,omitempty" yaml:"certificate,omitempty"`
+	ApiEndpoint string `json:"api_endpoint,omitempty" yaml:"api_endpoint,omitempty"`
 }
 
 // privateKeyFromBytes loads a .p8 certificate from an in memory byte array and
@@ -56,7 +57,11 @@ func NewServiceAccountTokenSource(data []byte) (*serviceAccountTokenSource, *ser
 	var credentials *serviceAccountCredentials
 	err := json.Unmarshal(data, &credentials)
 	if credentials == nil || err != nil {
-		return nil, nil, errors.New("valid service account needs to be provided")
+		// if JSON format didn't work, try YAML
+		err = yaml.Unmarshal(data, &credentials)
+		if credentials == nil || err != nil {
+			return nil, nil, errors.New("valid service account needs to be provided")
+		}
 	}
 
 	// verify that we can read the private key