Remove unused secrets - Githubissues

nextstrain / nextstrain.org

The Nextstrain website

https://nextstrain.org

GNU Affero General Public License v3.0

87 stars 49 forks source link

Remove unused secrets #821

Closed jameshadfield closed 2 months ago

jameshadfield commented 2 months ago

The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY repo level secrets as unused as far as I can understand.

They were first referenced by d98838543e036c06332014c5bf17e639e0bc98c4 and their last usage removed by a pair of commits a couple of days apart: a75539ac59d4441024d97b77b2798ec43425b34b and 86956ef380ad0134d1fe18e40fdd18dadcaafa42

victorlin commented 2 months ago

+1 for removing. Out of curiosity, I tested which IAM user it is with 836edc6a359f6df480853d4dbdde74dff9ed4dec (apparently I also checked 2 years ago):

{
    "UserId": "AIDA4BL5UZTAVYVAS2CPU",
    "Account": "82758158252[9](https://github.com/nextstrain/nextstrain.org/actions/runs/8639540697/job/23686030220#step:2:10)",
    "Arn": "arn:aws:iam::827581582529:user/github-actions-nextstrain-data"
}

I think we can remove the user github-actions-nextstrain-data and the group nextstrain-data (the user is the only member of this group).

jameshadfield commented 2 months ago

I think we can remove

Agreed. It's friday here, so I'll pick this up on monday morning so I can monitor if anything unexpected happens.

victorlin commented 2 months ago

Just deleted them from AWS IAM as part of https://github.com/nextstrain/private/issues/104

victorlin commented 2 months ago

Deleted AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from repository secrets

jameshadfield commented 2 months ago

[2 weeks ago] It's friday here, so I'll pick this up on monday morning

Did not age well! Thanks @victorlin 🙏