Simple application to rotate AWS Keys into Github Secrets
The command takes a single argument, a path to a YML file. If this is not provided, then an example is given.
./aws-keys-rotate-into-github-secrets -c ~/.aws-keys-rotate-into-github.ymlThe command will bail if the AWS User has more than one key/secret pair - if that happens, something has probably gone wrong.
Create a YML file like the one below, but change the relevant key/secret values. A Github token must be generated that has access to the relevant repositories.
github:
token: ghp_sausages
keys:
identifier:
aws:
user: automaton
maxKeyAge: P7D
config:
region: moon-north-1
version: latest
credentials:
key: KEY
secret: SECRET
keyDestinations:
- owner: sdrycroft
repo: aws-keys-rotate-into-github-secrets
secretType: actions # Not required, as this is the default
key: AWS_KEY
- owner: sdrycroft
repo: another-repo
secretType: dependabot
key: AWS_KEY
secretDestinations:
- owner: sdrycroft
repo: aws-keys-rotate-into-github-secrets
secretType: actions
key: AWS_SECRET
- owner: sdrycroft
repo: another-repo
secretType: dependabot
key: AWS_SECRET
identifier2:
aws:
user: barry
maxKeyAge: P7D
config:
region: moon-north-1
version: latest
credentials:
key: KEY
secret: SECRET
keyDestinations:
- owner: sdrycroft
repo: aws-keys-rotate-into-github-secrets
secretType: actions
key: BARRY_AWS_KEY
- owner: sdrycroft
repo: another-repo
secretType: actions
key: BARRY_AWS_KEY
secretDestinations:
- owner: sdrycroft
repo: aws-keys-rotate-into-github-secrets
secretType: actions
key: BARRY_AWS_SECRET
- owner: sdrycroft
repo: another-repo
secretType: actions
key: BARRY_AWS_SECRET