In order to deploy the whole service declaratively admin needs to be able to declare also the access keys (currently oauth tokens) with specifying optionally permissions of those keys. Removing keys from declaration should revoke them.