Service Accounts offer a nice method of integrating external tooling with Grafana without relying on authentication as a particular user, however the story for automated deployment is problematic.

Currently to create a service account via automation, it appears that the only method is via API calls, which requires authentication via an existing user/key, which defeats the purpose of service accounts - we're back to relying on a particular user's credentials being available for the action.

It also requires some not-insignificant plumbing - writing a client that does a multi-stage dance through the API to:

1. Check for an existing SA
2. Create the SA
3. Create an API key for the SA
4. Export the SA ID and API key for use

If I was doing this in Kubernetes, for example, I'd probably have to resort to writing a whole operator or something, backed by user credentials, to make this work with GitOps.

I propose that there should be a filesystem-backed method to provision service accounts, and associated pre-defined API keys, so that user accounts and API round-trips do not need to be involved in the process.