Github-secret-rotate NPM

Rotate AWS Github actions secret Keys

This script is designed to rotate secret access keys inside github actions secrets

Create new AWS access key,
Update the github secrets with the new key pair
Remove the old access key

Install

npm i -g github-secret-rotate

export GITHUB_TOKEN=abc123

github-secret-rotate rotate --config config.json --profile project --commit

Github token

A personal access token is required it is supplied via the environment variable GITHUB_TOKEN

This token needs access to the repo scope.

https://developer.github.com/v3/actions/secrets/

Configuration

Everything is configured inside the config json file.

{
    // Profiles to use
    "profiles": {
        // AWS Profile name, must exit inside the ~/.aws/config
        "project-dev": {
            // IAM User to use to replace keys
            "user": "ci"
        },
        "project-prod": {
            "user": "ci",
            // Number of hours that a token is allowed to be alive
            "maxAge": 24
        }
    },
    "repositories": {
        /** Github repository */
        "blacha/project": [
            {
                // Profile to use
                "profile": "project-dev",
                // Github secrets names to use for access keys
                "accessKey": "ST_ACCESS_KEY",
                "secretAccessKey": "ST_SECRET_ACCESS_KEY"
            },
            {
                "profile": "project-prod",
                "accessKey": "ST_ACCESS_KEY_PROD",
                "secretAccessKey": "ST_SECRET_ACCESS_KEY_PROD"
            }
        ]
    }
}

@microsoft/ts-command-line @types/node aws-sdk node-fetch pino pretty-json-log tweetsodium

@zalastax/nolb-github-s

5 years ago

5 years ago

5 years ago

5 years ago