aws-rotate-key
by stefansundin
A CLI tool that simplifies and automates the secure rotation of AWS IAM user access keys.
Easily rotate your AWS access key. :key:
Primary Use Case
This tool is used by AWS IAM users and administrators to periodically rotate their AWS access keys as a security best practice, reducing the risk of compromised credentials. It automates the process of listing, deleting, creating, and deactivating access keys, ensuring compliance and minimizing manual errors during key rotation.
- Lists current access keys associated with the IAM user
- Automates deletion or deactivation of old access keys
- Creates new access keys and updates AWS credentials file
- Supports MFA authentication for enhanced security
- Allows use of different AWS CLI profiles
- Provides confirmation prompts before making changes
- Supports automatic confirmation to enable scripting
- Cross-platform installation via binaries, Homebrew, PPA, or Go
Installation
- Download binaries from the GitHub releases section
- Install on macOS using Homebrew: brew install aws-rotate-key
- Install on Ubuntu Linux using PPA: sudo add-apt-repository ppa:stefansundin/aws-rotate-key
- Then run: sudo apt install aws-rotate-key
- Build and install using Go: go install github.com/stefansundin/aws-rotate-key@latest
Usage
>_ aws-rotate-key --helpDisplays usage information and available command line options.
>_ aws-rotate-key --profile workRotates access keys for the AWS CLI profile named 'work', listing keys and prompting for confirmation.
>_ aws-rotate-key -yRuns the key rotation process with automatic 'yes' to all prompts, enabling non-interactive use.
>_ aws-rotate-key -mfaEnables MFA support during the rotation process for enhanced security.
>_ aws-rotate-key -dDeletes the old access key instead of just deactivating it after creating a new key.
- Integrate aws-rotate-key into CI/CD pipelines to automate credential rotation and reduce human error.
- Combine with AWS CloudTrail monitoring to detect anomalous access key usage and enforce rotation policies.
- Use MFA enforcement with this tool to strengthen authentication and prevent unauthorized key usage.
- Leverage scripting mode (-y flag) for scheduled rotation jobs to maintain compliance without manual intervention.
- In purple team exercises, simulate compromised keys and test the effectiveness of automated rotation in reducing dwell time.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about aws-rotate-key. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
This tool hasn't been indexed yet. Request indexing to enable AI chat.
Admin will review your request within 24 hours
Related Tools
vaultwarden
dani-garcia/vaultwarden
Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs
authelia
authelia/authelia
The Single Sign-On Multi-Factor portal for web apps, now OpenID Certified™
keepassxc
keepassxreboot/keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “KeePass Password Safe”.
infisical
Infisical/infisical
Infisical is the open-source platform for secrets, certificates, and privileged access management.
authentik
goauthentik/authentik
The authentication glue you need.
teleport
gravitational/teleport
The easiest, and most secure way to access and protect all of your infrastructure.