We create many secrets in AWS secret manager. I need help to know how can i delete all the AWS Secrets (under secret manager) which are not used /retrieved in last 60 days in bulk. I tried to find a AWS CLI command to do so but nothing really worked.
Asked
Active
Viewed 844 times
1 Answers
1
Calling list_secrets() returns:
{
'SecretList': [
{
'ARN': 'string',
'Name': 'string',
'Description': 'string',
'KmsKeyId': 'string',
'RotationEnabled': True|False,
'RotationLambdaARN': 'string',
'RotationRules': {
'AutomaticallyAfterDays': 123
},
'LastRotatedDate': datetime(2015, 1, 1),
'LastChangedDate': datetime(2015, 1, 1),
'LastAccessedDate': datetime(2015, 1, 1),
'DeletedDate': datetime(2015, 1, 1),
...
},
],
'NextToken': 'string'
}
The LastAccessedDate looks like it will be useful for you. You can use it with the AWS CLI like this:
aws secretsmanager list-secrets --query 'SecretList[?LastAccessedDate<`2021-06-01`].ARN'
If you are good at writing shell scripts, you could write a script then deletes the secrets that are returned. Otherwise, I'd recommend doing it in a programming language (eg Python) since it can be a bit easier than Shell Script.
John Rotenstein
- 241,921
- 22
- 380
- 470