I forgot to follow the best practices for setting up my app with gcloud and I accidentally exposed my client-secret somewhere. However when I try looking for the client-secret anywhere in iam or in the gcloud console, I can't seem to find it anywhere.
The client-secret is not tied to a service account, and gcloud auth application-default revoke just deletes and recreates the token, which disables the file for use, but it still has the same client-secret and client-id. I can't seem to edit or delete it with secrets, or through iam or the cli. I can't even find the client-id attached with it in cli either. Does anybody know where to find this or edit it? Or do I have to contact gcp support to have them reset it?
In summary, based on your post, there is nothing to worry about. You have leaked public information.
However, you should not be using that Client ID for your own purposes as it is reserved for the cloud CLI. Creating credentials from them can result in API Quota and billing failures.
The Client ID 32555940559.apps.googleusercontent.com and the Client Secret ZmssLNjJy2998hD4CTg2ejr2 are NOT secrets. It is a special OAuth Client ID assigned for the Google Cloud SDK.
From the Google Cloud SDK lib/googlecloudsdk/core/config.py:
CLOUD_SDK_VERSION = INSTALLATION_CONFIG.version
# TODO(b/35848109): Distribute a clientsecrets.json to avoid putting it in code.
CLOUDSDK_CLIENT_ID = '32555940559.apps.googleusercontent.com'
CLOUDSDK_CLIENT_NOTSOSECRET = 'ZmssLNjJy2998hD4CTg2ejr2'
You can review these items at the following link