I'm trying to use a service account to allow a web app to upload files periodically to Cloud Storage with "gsutil cp". During the installation of the gcloud utilities on the web server, I ran a gcloud init and logged in with my main Google account (the owner of the project). After, I successfully credentialed with my service account, so that part of it is fine.
But it's trivial to now just switch to my main account ("gcloud auth list" shows it, and "gcloud config set account ..." lets me switch to it easily with no further authentication), which for security reasons I want to avoid the possibility of someone being able to do if they break into that server. But "gcloud auth revoke" scares me a bit - in the documentation, it states that when given a user account, it revokes the user account token on the server, then removes the credential from the local machine.
Will this revoke access to my main account on other machines I have access to it from? The idea of it removing the user account token on the server implies it may not be just a simple "log out" from that machine, but rather than the user account's privileges in general are revoked. The very last thing I want to do is somehow disable my user account that's the owner of the project; I just want to disallow the one specific machine from which I logged in from being able to do so. To me, that might imply just removing credential from the local machine, not revoking the user account token on the server as the documentation suggests. Unless somehow there are several tokens stored on the server - one for each computer I've signed in from, and signing out from one machine doesn't revoke my privileges on others signed into the same account.
Thanks for clarification!
Dan