Skip to content

Commit e35b75c

Browse files
kneemaakneemaa
authored
Merge pull request #2 from seekingalpha/master
Only delete the old key after secret successfully updated on github
2 parents 1769bd0 + 089088e commit e35b75c

File tree

1 file changed

+7
-7
lines changed

1 file changed

+7
-7
lines changed

rotate_keys.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
# checks if values set to override default
1010
if 'GITHUB_ACCESS_KEY_NAME' in os.environ:
1111
access_key_name = os.environ['GITHUB_ACCESS_KEY_NAME']
12-
12+
1313
if 'GITHUB_SECRET_KEY_NAME' in os.environ:
1414
secret_key_name = os.environ['GITHUB_SECRET_KEY_NAME']
1515

@@ -25,7 +25,7 @@ def main_function():
2525
iam_username = os.environ['IAM_USERNAME']
2626
github_token = os.environ['GITHUB_TOKEN']
2727
owner_repository = os.environ['OWNER_REPOSITORY']
28-
28+
2929
list_ret = iam.list_access_keys(UserName=iam_username)
3030
starting_num_keys = len(list_ret["AccessKeyMetadata"])
3131

@@ -42,9 +42,6 @@ def main_function():
4242
#generate new credentials
4343
(new_access_key, new_secret_key) = create_new_keys(iam_username)
4444

45-
#delete old keys
46-
delete_old_keys(iam_username, current_access_id)
47-
4845
#get repo pub key info
4946
(public_key, pub_key_id) = get_pub_key(owner_repository, github_token)
5047

@@ -56,6 +53,9 @@ def main_function():
5653
upload_secret(owner_repository,access_key_name,encrypted_access_key,pub_key_id,github_token)
5754
upload_secret(owner_repository,secret_key_name,encrypted_secret_key,pub_key_id,github_token)
5855

56+
#delete old keys
57+
delete_old_keys(iam_username, current_access_id)
58+
5959
sys.exit(0)
6060

6161
def create_new_keys(iam_username):
@@ -87,7 +87,7 @@ def delete_old_keys(iam_username,current_access_id):
8787
if delete_ret['ResponseMetadata']['HTTPStatusCode'] != 200:
8888
print("deletion of original key failed")
8989
sys.exit(1)
90-
90+
9191
## Update Actions Secret
9292
# https://developer.github.com/v3/actions/secrets/#create-or-update-a-secret-for-a-repository
9393
def encrypt(public_key: str, secret_value: str) -> str:
@@ -117,7 +117,7 @@ def get_pub_key(owner_repo, github_token):
117117

118118
return (public_key, public_key_id)
119119

120-
def upload_secret(owner_repo,key_name,encrypted_value,pub_key_id,github_token):
120+
def upload_secret(owner_repo,key_name,encrypted_value,pub_key_id,github_token):
121121
#upload encrypted access key
122122
updated_secret = requests.put(
123123
f'https://api.github.com/repos/{owner_repo}/actions/secrets/{key_name}',

0 commit comments

Comments
 (0)