Example of rotating github repo deploy key in bash

rotate-deploy-key.sh

#!/usr/bin/env bash

set -euo pipefail

: "${GITHUB_USER:?Need to set GITHUB_USER}"
: "${GITHUB_PERSONAL_ACCESS_TOKEN:?Need to set GITHUB_PERSONAL_ACCESS_TOKEN}"

CREDS="${GITHUB_USER}:${GITHUB_PERSONAL_ACCESS_TOKEN}"
URL=https://api.github.com
KEY_NAME=foo

DEPLOY_KEY_IDS="$(curl -u $CREDS $URL/repos/govau/deploy-kops/keys | jq -r .[].id)"

# Delete old key if we find it
for deploy_key_id in $DEPLOY_KEY_IDS; do
  deploy_key_title="$(curl -u $CREDS $URL/repos/govau/deploy-kops/keys/${deploy_key_id} | jq -r .title)"
  if [[ $deploy_key_title == ${KEY_NAME} ]]; then
    curl \
      -X DELETE \
      -u $CREDS \
      $URL/repos/govau/deploy-kops/keys/${deploy_key_id}
  fi
done

#Create new key
rm -f ./deploy-key*
ssh-keygen -t rsa -C "concourse.m.cld.gov.au" -b 4096 -f deploy-key -N '' >&2

DEPLOY_KEY="$(cat ./deploy-key)"
DEPLOY_KEY_PUB="$(cat ./deploy-key.pub)"
rm -f ./deploy-key*

curl \
  -u $CREDS \
  -H "Content-Type: application/json" \
  -d@- \
  $URL/repos/govau/deploy-kops/keys >&2 <<EOF
  {
    "title": "${KEY_NAME}",
    "key":"${DEPLOY_KEY_PUB}",
    "read_only": true
  }