gcloud auth activate-service-account logout / revoke / remove / unset

7
votes

I,ve added my service-account successfuly using below command.

gcloud auth activate-service-account --key-file=mycredentialsialreadyhad.json

Now I can't remove or logout from it.

any help would be greatly appreciated.

edit: i tried this commands and got error

  1. gcloud auth revoke

ERROR: (gcloud.auth.revoke) Cannot revoke GCE-provided credentials.

  1. gcloud config configurations delete default

ERROR: (gcloud.config.configurations.delete) Deleting named configuration failed because configuration [default] is set as active. Use gcloud config configurations activate to change the active configuration.

edit2: this gcloud cli is on GCP ubuntu VM

2
google-cloud-platformgcloud
If your code/application/cli is running on a GCP instance, you cannot revoke the service account assigned to your Compute engine instance. The credentials for that service account derive from metadata. Google creates those credentials. You cannot revoke/cancel them as they are "created' for compute services. Note: you cannot deletes/void/cancel the default service account. Those keys are private to Google and not to your instance/application/cli.John Hanley

2 Answers

6
votes

UPDATE: Try the command with specified account because you can't revoke the compute engine service account(default):

gcloud auth revoke [email protected]

then

gcloud auth list

Then it should display only the default service account:

[PROJECT-NUMBER][email protected]

1
votes

Use the below syntax to activate the service account. Here we need to mention service account ID. gcloud auth activate-service-account [email protected] --key-file=xxxxxx.json --project=xxxxxx

Use the below syntax to revoke the service account: gcloud auth revoke [email protected]
Error encountered in your case because the service account ID was not mentioned in gcloud auth revoke command , which is trying to revoke your active google account.

Permissions are denied if you disable the service account instead of revoke. If you revoke the service account then default account will get activated and that might have permission to storage.