Member-only story
AWS Secret Scraper
Remove strings from your secrets
I was given a problem on Monday. I needed to remove a certain string from AWS Secrets, the string was a simple encrypt=false which was within config to allow initial connections to a dev database.
Now you see, the problem I had was the fact we had hundreds of secrets, sifting through each and every one of them would have killed my will to live. My solution you ask? Python.
Automation is good, so long as you know exactly where to put the machine — Eliyahu Goldratt
Part and parcel of what I do daily is to automate, usually repetitive tasks that are meaningful but idle. Instead of allocating human resource to the daily task, allocate a script written in the wonderful language of Python instead. Such a script will execute every so often usually in an AWS lambda and tied into an EventBridge schedule.
After writing a fair few scripts in my handful days as a DevOps Engineer. I decided to write a wonderful script which does the following:
- Lists all AWS Secrets within a region
- Iterates through all the AWS Secrets
- Gets secret values for a secret
- Performs a search on values to see if the string matches
