Cleaning Up AWS EKM keys
Warning: This will delete all Doppler created secrets
Only perform this operation if you have successfully migrated your secrets back to Doppler
#! /usr/bin/env bash
# Requires jq and the AWS CLI v2
aws secretsmanager list-secrets | jq -rc '.SecretList[] | select(.Name | startswith("dopplertoken_")) .Name' | xargs -L1 -I'{}' aws secretsmanager delete-secret --secret-id {} --force-delete-without-recovery
import boto3
sm_client = boto3.sm_client('secretsmanager')
def delete_secrets(next_token=None):
next_results_token = None
if next_token is None:
result = sm_client.list_secrets(MaxResults=1)
else:
result = sm_client.list_secrets(NextToken=next_token)
if result.get('NextToken'):
next_results_token = result['NextToken']
doppler_secrets = [
secret for secret in result['SecretList']
if 'doppler_' in secret['Name']
]
for secret in doppler_secrets:
print(f'Deleting {secret["Name"]}')
sm_client.delete_secret(SecretId=secret['Name'],
ForceDeleteWithoutRecovery=True)
if next_results_token:
delete_secrets(next_token=next_results_token)
delete_secrets()
Updated 10 months ago