From 88473556681f88f6590adc775e5f0f8b586fb2f6 Mon Sep 17 00:00:00 2001
From: n3s7or <nrmorales.93@gmail.com>
Date: Fri, 1 Mar 2024 04:28:11 -0800
Subject: [PATCH] Delete former credentials when rotating (`granted credentials
 rotate`) (#582)

* delete former credentials when rotating (`granted credentials rotate`)
closes #388

* rotate credentials delete opt-in behaviour introduced
---
 pkg/granted/credentials.go | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/pkg/granted/credentials.go b/pkg/granted/credentials.go
index 500da90e..ab498fe8 100644
--- a/pkg/granted/credentials.go
+++ b/pkg/granted/credentials.go
@@ -519,7 +519,10 @@ var ExportCredentialsCommand = cli.Command{
 var RotateCredentialsCommand = cli.Command{
 	Name:  "rotate",
 	Usage: "Generates new access key for the profile in AWS, and updates the profile",
-	Flags: []cli.Flag{&cli.StringFlag{Name: "profile", Usage: "If provided, generates new access key for the specified profile"}},
+	Flags: []cli.Flag{
+		&cli.StringFlag{Name: "profile", Usage: "If provided, generates new access key for the specified profile"},
+		&cli.BoolFlag{Name: "delete", Usage: "delete the previous active key"},
+	},
 	Action: func(c *cli.Context) error {
 		profileName := c.String("profile")
 
@@ -583,6 +586,13 @@ var RotateCredentialsCommand = cli.Command{
 			return err
 		}
 
+		if c.Bool("delete") {
+			_, err = iamClient.DeleteAccessKey(c.Context, &iam.DeleteAccessKeyInput{AccessKeyId: &t.AccessKeyID})
+			if err != nil {
+				return err
+			}
+		}
+
 		clio.Successf("Access Key of '%s' profile has been successfully rotated and updated in secure storage\n", profileName)
 
 		return nil