Cleaning Up AWS EKM keys

❗️
Warning: This will delete all Doppler created secrets
Only perform this operation if you have successfully migrated your secrets back to Doppler

#! /usr/bin/env bash

# Requires jq and the AWS CLI v2

aws secretsmanager list-secrets |  jq -rc '.SecretList[] | select(.Name | startswith("dopplertoken_")) .Name' | xargs -L1 -I'{}' aws secretsmanager delete-secret --secret-id {} --force-delete-without-recovery

import boto3

sm_client = boto3.sm_client('secretsmanager')


def delete_secrets(next_token=None):
    next_results_token = None

    if next_token is None:
        result = sm_client.list_secrets(MaxResults=1)
    else:
        result = sm_client.list_secrets(NextToken=next_token)

    if result.get('NextToken'):
        next_results_token = result['NextToken']

    doppler_secrets = [
        secret for secret in result['SecretList']
        if 'doppler_' in secret['Name']
    ]

    for secret in doppler_secrets:
        print(f'Deleting {secret["Name"]}')
        sm_client.delete_secret(SecretId=secret['Name'],
                             ForceDeleteWithoutRecovery=True)

    if next_results_token:
        delete_secrets(next_token=next_results_token)


delete_secrets()

❗️Warning: This will delete all Doppler created secrets

❗️
Warning: This will delete all Doppler created secrets