GCP: Secret Manager secrets inventory
Motivation
Secrets stored in Secret Manager can be deceptively pricey and are easy to forget that you created them and why. It would be awesome if we can run a query to find all secrets that have not been accessed in n days and possibly clean them up.
Desired Behavior
After provisioning GCP, I would like to run workflow run collect_and_cleanup and have secrets stored in the graph. The secrets should have last_accessed so that an end user can run a query to find stale/old secrets.
The secret values should not be accessed or stored in the graph. Only metadata about the secrets should be collected.
Additional Context
No response
Very useful I agree. For clarity: the secret itself should not be revealed.
I updated the Desired Behavior section to explicitly call that out, good catch 😅
I was digging through the code last night and think this would be reasonable to pick up if the team doesn't have the bandwidth to start it. I managed to lock my Discord account while trying to register, but once I have access to Discord I can spin up a conversation there as well.
@Pokom You are happily invited to take this task. And yes discussion on discord would be much easier ;)
@aquamatthias awesome! I'll try to take a stab at it tonight. Now for the more fun part, proving to Discord that I am a real person with no ill intent, I just happened to get stuck in a weird authentication state 🤦