fixinventory icon indicating copy to clipboard operation
fixinventory copied to clipboard
verified publisher icon someengineering

GCP: Secret Manager secrets inventory

Open Pokom opened this issue 3 years ago • 4 comments

Motivation

Secrets stored in Secret Manager can be deceptively pricey and are easy to forget that you created them and why. It would be awesome if we can run a query to find all secrets that have not been accessed in n days and possibly clean them up.

Desired Behavior

After provisioning GCP, I would like to run workflow run collect_and_cleanup and have secrets stored in the graph. The secrets should have last_accessed so that an end user can run a query to find stale/old secrets.

The secret values should not be accessed or stored in the graph. Only metadata about the secrets should be collected.

Additional Context

No response

Pokom avatar May 17 '22 13:05 Pokom

Very useful I agree. For clarity: the secret itself should not be revealed.

aquamatthias avatar May 17 '22 13:05 aquamatthias

I updated the Desired Behavior section to explicitly call that out, good catch 😅

I was digging through the code last night and think this would be reasonable to pick up if the team doesn't have the bandwidth to start it. I managed to lock my Discord account while trying to register, but once I have access to Discord I can spin up a conversation there as well.

Pokom avatar May 17 '22 13:05 Pokom

@Pokom You are happily invited to take this task. And yes discussion on discord would be much easier ;)

aquamatthias avatar May 17 '22 14:05 aquamatthias

@aquamatthias awesome! I'll try to take a stab at it tonight. Now for the more fun part, proving to Discord that I am a real person with no ill intent, I just happened to get stuck in a weird authentication state 🤦

Pokom avatar May 17 '22 14:05 Pokom