Audit and revoke service token access

automation & ci

// what it does

show-access lists exactly what a token can touch, list inventories all tokens, delete-access removes a specific grant, and delete kills the token entirely. Together they're your periodic "what can our robots do?" audit.

// shell

$ pscale service-token list
$ pscale service-token show-access <token-id>
$ pscale service-token delete-access <token-id> delete_branch --database mydb
$ pscale service-token delete <token-id>

// gotcha

Deleting a token breaks every pipeline using it immediately — rotate by creating the replacement token first, exactly like password rotation.

// resources