grafana-util access service-account token
What this page covers
Add or delete tokens for a Grafana service account.
When to open this page
- Create a new service-account token.
- Delete an existing service-account token by service-account name or id.
Who this page is for
Best for administrators who work with org, user, team, service account, and token lifecycle operations.
Purpose
Add or delete tokens for a Grafana service account.
When to use
- Create a new service-account token.
- Delete an existing service-account token by service-account name or id.
Before / After
- Before: service-account token work often happens ad hoc in the Grafana UI, with no easy way to repeat the same action in another environment.
- After: token creation and cleanup become explicit CLI steps that can be reviewed, scripted, and repeated for the same service account.
What success looks like
- token creation is tied to one named service account instead of relying on a manual UI lookup
- token cleanup is deliberate and auditable, especially when you script deletion with
--yes - automation can capture the JSON result when it needs to hand the token or delete confirmation to another step
Failure checks
- if token creation fails, confirm whether you targeted the right service account by
--nameor--service-account-id - if deletion looks like a no-op, recheck the token name and whether you are pointing at the correct Grafana org or environment
- if you plan to pass the result into automation, use
--jsonand validate the response shape before storing or forwarding it
Key flags
add:--service-account-idor--name,--token-name,--seconds-to-live,--jsondelete:--service-account-idor--name,--token-name,--yes,--json
Examples
# Purpose: Create a new token for one service account.
grafana-util access service-account token add --profile prod --name deploy-bot --token-name nightly# Purpose: Delete a token after review.
grafana-util access service-account token delete --profile prod --name deploy-bot --token-name nightly --yes --json