{"id":37151366,"url":"https://github.com/mycodeself/aws-key-rotator","last_synced_at":"2026-01-14T17:52:49.201Z","repository":{"id":89567112,"uuid":"338810147","full_name":"mycodeself/aws-key-rotator","owner":"mycodeself","description":"Golang program that helps you with the repetitive task of rotating the AWS IAM credentials ","archived":true,"fork":false,"pushed_at":"2021-03-04T19:52:38.000Z","size":29,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-04-11T15:26:40.714Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mycodeself.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-14T13:20:51.000Z","updated_at":"2024-06-19T10:17:40.458Z","dependencies_parsed_at":"2023-06-29T03:00:59.715Z","dependency_job_id":null,"html_url":"https://github.com/mycodeself/aws-key-rotator","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mycodeself/aws-key-rotator","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mycodeself%2Faws-key-rotator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mycodeself%2Faws-key-rotator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mycodeself%2Faws-key-rotator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mycodeself%2Faws-key-rotator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mycodeself","download_url":"https://codeload.github.com/mycodeself/aws-key-rotator/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mycodeself%2Faws-key-rotator/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28428963,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T16:38:47.836Z","status":"ssl_error","status_checked_at":"2026-01-14T16:34:59.695Z","response_time":107,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T17:52:48.663Z","updated_at":"2026-01-14T17:52:49.195Z","avatar_url":"https://github.com/mycodeself.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Key Rotator\n\nAWS Key Rotator is a golang program that helps you with the repetitive task of rotating the credentials of your AWS IAM system accounts.\n\nThe process is simple, configure the credentials that you want to rotate and those targets that should be rotated when rotating these credentials.\n\nA target is a entity that makes use of these credentials and must be updated (often manually) to continue working properly. As an example, an AWS IAM user used in CircleCI to upload an image to the ECR. When the AWS credentials are rotated, the environment variables in CircleCI must be updated with the new ones.\n\n# Usage\n\n## Available targets\n\n### AWS Secrets Manager\n\nAWS Secrets Manager targets automatically update a secret stored in AWS Secrets Manager service.\n\n_Note: This uses the default AWS credentials configured in the system, so no extra configuration is needed_\n\n#### AWS Secrets Manager JSON Target\n\nThis target will automatically update a secret stored in AWS Secrets Manager in JSON format. It updates the Access Key Id and Secret Access Key in the specified JSON properties and keeps the rest of the JSON.\n\n```yaml\naws_iam_users:\n  - username: user-to-rotate\n    days: 60\n    targets:\n      - aws_secrets_manager_json:\n          secret_arn: arn:aws:secretsmanager:eu-west-1:123456789:secret:mysecret-12345\n          access_key_id_property: AWS_SECRET_KEY_ID\n          secret_access_key_property: AWS_SECRET_ACCESS_KEY\n          kms_key_id: # (Optional) Specifies an updated ARN or alias of the AWS KMS customer master key\n```\n\n### CircleCI\n\nEnsure `CIRCLECI_TOKEN` environment variable is present with a valid API token to access the projects or contexts you want to automatically update, see https://circleci.com/docs/2.0/managing-api-tokens/\n\n#### CircleCI Context Target\n\n```yaml\naws_iam_users:\n  - username: user-to-rotate\n    days: 60\n    targets:\n      - circleci_context:\n          context_id: 8cea5754-907d-4425-9b7f-8493de1efbfa\n          access_key_id_var_name: AWS_SECRET_KEY_ID\n          secret_access_key_var_name: AWS_SECRET_ACCESS_KEY\n```\n\n#### CircleCI Project Target\n\n```yaml\naws_iam_users:\n  - username: user-to-rotate\n    days: 60\n    targets:\n      - circleci_project:\n          project_slug: github/user/project\n          access_key_id_var_name: AWS_SECRET_KEY_ID\n          secret_access_key_var_name: AWS_SECRET_ACCESS_KEY\n```\n\n## Notifiers\n\nThe notifiers are in charge of communicating to you how the key rotation process has gone.\n\nTo activate a notifier it is necessary to add it in the configuration file, moreover each notifier needs a different configuration, generally provided through environment variables.\n\n```yaml\nnotifiers:\n  - slack\n  - email\n```\n\n### Slack notifier\n\nSend a message via slack to the chosen channel to communicate the results of the rotation process.\n\nIt is necessary to create a Slack app with permissions to send messages (`chat:write` under Bot Token Scopes), add this app to the desired workspace and add the app to the channel where it should send notifications.\n\nYou can learn more about how to create your own Slack app here https://api.slack.com/start\n\nAfter you have your app in the channel, just configure the following environment variables:\n\n- `SLACK_TOKEN`: Bot User OAuth Token found under \"OAuth \u0026 Permissions\"\n- `SLACK_CHANNEL`: Channel on which the bot is added and must send messages\n\n### Mail notifier\n\nSends an e-mail with the results of the key rotation process. The following environment variables need to be set:\n\n- `SMTP_USERNAME`\n- `SMTP_PASSWORD`\n- `SMTP_HOST`\n- `SMTP_PORT`\n- `SMTP_FROM`\n- `SMTP_TO`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmycodeself%2Faws-key-rotator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmycodeself%2Faws-key-rotator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmycodeself%2Faws-key-rotator/lists"}