Created
December 4, 2018 05:54
-
-
Save gordcorp/6e22364ba1c5b1d990ae2d631d885f29 to your computer and use it in GitHub Desktop.
Example of rotating github repo deploy key in bash
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -euo pipefail | |
: "${GITHUB_USER:?Need to set GITHUB_USER}" | |
: "${GITHUB_PERSONAL_ACCESS_TOKEN:?Need to set GITHUB_PERSONAL_ACCESS_TOKEN}" | |
CREDS="${GITHUB_USER}:${GITHUB_PERSONAL_ACCESS_TOKEN}" | |
URL=https://api.github.com | |
KEY_NAME=foo | |
DEPLOY_KEY_IDS="$(curl -u $CREDS $URL/repos/govau/deploy-kops/keys | jq -r .[].id)" | |
# Delete old key if we find it | |
for deploy_key_id in $DEPLOY_KEY_IDS; do | |
deploy_key_title="$(curl -u $CREDS $URL/repos/govau/deploy-kops/keys/${deploy_key_id} | jq -r .title)" | |
if [[ $deploy_key_title == ${KEY_NAME} ]]; then | |
curl \ | |
-X DELETE \ | |
-u $CREDS \ | |
$URL/repos/govau/deploy-kops/keys/${deploy_key_id} | |
fi | |
done | |
#Create new key | |
rm -f ./deploy-key* | |
ssh-keygen -t rsa -C "concourse.m.cld.gov.au" -b 4096 -f deploy-key -N '' >&2 | |
DEPLOY_KEY="$(cat ./deploy-key)" | |
DEPLOY_KEY_PUB="$(cat ./deploy-key.pub)" | |
rm -f ./deploy-key* | |
curl \ | |
-u $CREDS \ | |
-H "Content-Type: application/json" \ | |
-d@- \ | |
$URL/repos/govau/deploy-kops/keys >&2 <<EOF | |
{ | |
"title": "${KEY_NAME}", | |
"key":"${DEPLOY_KEY_PUB}", | |
"read_only": true | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment