Only delete the old key after secret successfully updated on github

kneemaa / github-action-rotate-aws-secrets

Github Action to rotate AWS Access Keys stored in a repositories secrets

MIT License

37 stars 19 forks source link

Only delete the old key after secret successfully updated on github #2

Closed kapcod closed 4 years ago

kapcod commented 4 years ago

This covers the corner case where for some reason (e.g. invalid github key), updating secret fails. With the current code, the old key will already be deleted and other workflows that use the secret will stop working. With the proposed code, both the new and the old keys will still exist and other workflows will continue working. If the failure is not handled, the next rotation will also fail because it will have >1 keys.

kneemaa commented 4 years ago

Thanks! This was on my to-do list.

kneemaa commented 4 years ago

@kapcod I'm planning to release this with https://github.com/kneemaa/github-action-rotate-aws-secrets/pull/3