Delete former credentials when rotating (granted credentials rotate) (

#582) * delete former credentials when rotating (`granted credentials rotate`) closes #388 * rotate credentials delete opt-in behaviour introduced
common-fate · Mar 1, 2024 · 8847355 · 8847355
1 parent 794a48e
commit 8847355
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/pkg/granted/credentials.go b/pkg/granted/credentials.go
@@ -519,7 +519,10 @@ var ExportCredentialsCommand = cli.Command{
 var RotateCredentialsCommand = cli.Command{
 	Name:  "rotate",
 	Usage: "Generates new access key for the profile in AWS, and updates the profile",
-	Flags: []cli.Flag{&cli.StringFlag{Name: "profile", Usage: "If provided, generates new access key for the specified profile"}},
+	Flags: []cli.Flag{
+		&cli.StringFlag{Name: "profile", Usage: "If provided, generates new access key for the specified profile"},
+		&cli.BoolFlag{Name: "delete", Usage: "delete the previous active key"},
+	},
 	Action: func(c *cli.Context) error {
 		profileName := c.String("profile")
 
@@ -583,6 +586,13 @@ var RotateCredentialsCommand = cli.Command{
 			return err
 		}
 
+		if c.Bool("delete") {
+			_, err = iamClient.DeleteAccessKey(c.Context, &iam.DeleteAccessKeyInput{AccessKeyId: &t.AccessKeyID})
+			if err != nil {
+				return err
+			}
+		}
+
 		clio.Successf("Access Key of '%s' profile has been successfully rotated and updated in secure storage\n", profileName)
 
 		return nil