filipeandre · March 13, 2025 14:44 · filipeandre · Mar 13, 2025 · filipeandre · Mar 13, 2025
diff --git a/revet_secret.sh b/revet_secret.sh
 #!/bin/bash
 set -euo pipefail

 # Check for required commands: aws and jq.
 command -v aws >/dev/null 2>&1 || { echo "aws CLI is required but not installed. Exiting." >&2; exit 1; }
 command -v jq >/dev/null 2>&1 || { echo "jq is required but not installed. Exiting." >&2; exit 1; }

 usage() {
  cat <<EOF
 Usage: $0 [secret_name]

 This script lists versions of an AWS Secrets Manager secret and allows you to revert to a previous version.
 EOF
 }

 # If a secret name is passed as an argument, use it; otherwise, prompt the user.
 if [[ $# -ge 1 ]]; then
  secret_name="$1"
 else
  read -rp "Enter the AWS secret name: " secret_name
 fi

 if [[ -z "$secret_name" ]]; then
  echo "Secret name cannot be empty. Exiting." >&2
  exit 1
 fi

 # Function to list secret versions using AWS CLI and jq.
 list_secret_versions() {
  local secret=$1
  echo "Fetching versions for secret: $secret..."
  
  # Fetch the versions as JSON.
  secret_json=$(aws secretsmanager list-secret-version-ids --secret-id "$secret" --query "Versions[]" --output json)
  
  if [[ -z "$secret_json" || "$secret_json" == "null" ]]; then
    echo "No versions found for secret: $secret. Exiting." >&2
    exit 1
  fi
  
  # Parse JSON to extract version IDs and creation dates.
  mapfile -t versions < <(echo "$secret_json" | jq -r '.[] | "\(.VersionId) \(.CreatedDate)"')
  
  if [[ ${#versions[@]} -eq 0 ]]; then
    echo "No secret versions available."
    exit 1
  fi
  
  echo "Available Versions:"
  for i in "${!versions[@]}"; do
    version_line=${versions[$i]}
    version_id=$(echo "$version_line" | awk '{print $1}')
    created_date=$(echo "$version_line" | cut -d' ' -f2-)
    echo "[$((i+1))] Version ID: $version_id, Created: $created_date"
  done
  
  # Export the versions array as a global variable for later use.
  SECRET_VERSIONS=("${versions[@]}")
 }

 # List versions for the provided secret.
 list_secret_versions "$secret_name"

 # Prompt the user to select a version to revert to.
 while true; do
  read -rp "Enter the number corresponding to the version you want to revert to (or 'q' to quit): " selection
  if [[ "$selection" =~ ^[Qq]$ ]]; then
    echo "Quitting."
    exit 0
  fi
  
  if ! [[ "$selection" =~ ^[0-9]+$ ]]; then
    echo "Invalid input. Please enter a number."
    continue
  fi
  
  if (( selection < 1 || selection > ${#SECRET_VERSIONS[@]} )); then
    echo "Selection out of range. Please select a number between 1 and ${#SECRET_VERSIONS[@]}."
    continue
  fi
  
  # Retrieve the chosen version.
  selected_entry="${SECRET_VERSIONS[$((selection-1))]}"
  selected_version=$(echo "$selected_entry" | awk '{print $1}')
  echo "You selected version: $selected_version"
  break
 done

 # Get the current AWSCURRENT version
 current_version=$(aws secretsmanager list-secret-version-ids --secret-id "$secret_name" --query "Versions[?contains(VersionStages, 'AWSCURRENT')].VersionId" --output text)

 if [[ -z "$current_version" ]]; then
  echo "Could not determine the current AWSCURRENT version for secret $secret_name. Exiting." >&2
  exit 1
 fi

 # Check if the selected version is already current.
 if [[ "$selected_version" == "$current_version" ]]; then
  echo "The selected version is already the AWSCURRENT version. No action is needed."
  exit 0
 fi

 # Confirm the action before reverting.
 read -rp "Are you sure you want to revert secret '$secret_name' from version '$current_version' to version '$selected_version'? (y/N): " confirm
 if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
  echo "Operation cancelled."
  exit 0
 fi

 # Revert the secret by updating the AWSCURRENT stage.
 echo "Reverting secret '$secret_name' from version '$current_version' to version '$selected_version'..."
 update_output=$(aws secretsmanager update-secret-version-stage \
  --secret-id "$secret_name" \
  --version-stage AWSCURRENT \
  --move-to-version-id "$selected_version" \
  --remove-from-version-id "$current_version" 2>&1) || {
  echo "Failed to update secret: $update_output" >&2
  exit 1
 }

 echo "Secret successfully reverted to version '$selected_version'."
	#!/bin/bash
	set -euo pipefail

	# Check for required commands: aws and jq.
	command -v aws >/dev/null 2>&1 \|\| { echo "aws CLI is required but not installed. Exiting." >&2; exit 1; }
	command -v jq >/dev/null 2>&1 \|\| { echo "jq is required but not installed. Exiting." >&2; exit 1; }

	usage() {
	cat <<EOF
	Usage: $0 [secret_name]

	This script lists versions of an AWS Secrets Manager secret and allows you to revert to a previous version.
	EOF
	}

	# If a secret name is passed as an argument, use it; otherwise, prompt the user.
	if [[ $# -ge 1 ]]; then
	secret_name="$1"
	else
	read -rp "Enter the AWS secret name: " secret_name
	fi

	if [[ -z "$secret_name" ]]; then
	echo "Secret name cannot be empty. Exiting." >&2
	exit 1
	fi

	# Function to list secret versions using AWS CLI and jq.
	list_secret_versions() {
	local secret=$1
	echo "Fetching versions for secret: $secret..."

	# Fetch the versions as JSON.
	secret_json=$(aws secretsmanager list-secret-version-ids --secret-id "$secret" --query "Versions[]" --output json)

	if [[ -z "$secret_json" \|\| "$secret_json" == "null" ]]; then
	echo "No versions found for secret: $secret. Exiting." >&2
	exit 1
	fi

	# Parse JSON to extract version IDs and creation dates.
	mapfile -t versions < <(echo "$secret_json" \| jq -r '.[] \| "\(.VersionId) \(.CreatedDate)"')

	if [[ ${#versions[@]} -eq 0 ]]; then
	echo "No secret versions available."
	exit 1
	fi

	echo "Available Versions:"
	for i in "${!versions[@]}"; do
	version_line=${versions[$i]}
	version_id=$(echo "$version_line" \| awk '{print $1}')
	created_date=$(echo "$version_line" \| cut -d' ' -f2-)
	echo "[$((i+1))] Version ID: $version_id, Created: $created_date"
	done

	# Export the versions array as a global variable for later use.
	SECRET_VERSIONS=("${versions[@]}")
	}

	# List versions for the provided secret.
	list_secret_versions "$secret_name"

	# Prompt the user to select a version to revert to.
	while true; do
	read -rp "Enter the number corresponding to the version you want to revert to (or 'q' to quit): " selection
	if [[ "$selection" =~ ^[Qq]$ ]]; then
	echo "Quitting."
	exit 0
	fi

	if ! [[ "$selection" =~ ^[0-9]+$ ]]; then
	echo "Invalid input. Please enter a number."
	continue
	fi

	if (( selection < 1 \|\| selection > ${#SECRET_VERSIONS[@]} )); then
	echo "Selection out of range. Please select a number between 1 and ${#SECRET_VERSIONS[@]}."
	continue
	fi

	# Retrieve the chosen version.
	selected_entry="${SECRET_VERSIONS[$((selection-1))]}"
	selected_version=$(echo "$selected_entry" \| awk '{print $1}')
	echo "You selected version: $selected_version"
	break
	done

	# Get the current AWSCURRENT version
	current_version=$(aws secretsmanager list-secret-version-ids --secret-id "$secret_name" --query "Versions[?contains(VersionStages, 'AWSCURRENT')].VersionId" --output text)

	if [[ -z "$current_version" ]]; then
	echo "Could not determine the current AWSCURRENT version for secret $secret_name. Exiting." >&2
	exit 1
	fi

	# Check if the selected version is already current.
	if [[ "$selected_version" == "$current_version" ]]; then
	echo "The selected version is already the AWSCURRENT version. No action is needed."
	exit 0
	fi

	# Confirm the action before reverting.
	read -rp "Are you sure you want to revert secret '$secret_name' from version '$current_version' to version '$selected_version'? (y/N): " confirm
	if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then
	echo "Operation cancelled."
	exit 0
	fi

	# Revert the secret by updating the AWSCURRENT stage.
	echo "Reverting secret '$secret_name' from version '$current_version' to version '$selected_version'..."
	update_output=$(aws secretsmanager update-secret-version-stage \
	--secret-id "$secret_name" \
	--version-stage AWSCURRENT \
	--move-to-version-id "$selected_version" \
	--remove-from-version-id "$current_version" 2>&1) \|\| {
	echo "Failed to update secret: $update_output" >&2
	exit 1
	}

	echo "Secret successfully reverted to version '$selected_version'."