AWS Account Secret Key Rotation

(stellerm) #1

Is there a way thru the Octopus API to update an AWS Account’s secret key stored in octopus? We are wanting to implement a AWS key rotation process and would like to be able to update the secret key programmatically once it has been updated in AWS. I can’t seem to find any api documentation on this. Any guidance would be appreciated.

(Justin Walsh) #3

Hi @Stellerm!

Indeed you can, updating your account resource credentials can be done via the accounts endpoint in the API. You can access the documentation and run sample queries against your own instance via the Swagger interface that ships with Octopus - simple visit <your_octopus_server>/swaggerui.

An easy way of determining what the calls are, and what the post body requirements are is to open up the dev tools in your browser and watch for the API calls when you update the setting in the web interface.

Hope this helps!

(stellerm) #4

Thanks for the quick reply. I was able to use the PUT method http://{YourOctopusServer}/api/Accounts/{AccountResourceId} using the following json body:

{
“AccountType”: “AmazonWebServicesAccount”,
“Name”: “Test”,
“AccessKey”: “{YourAccessKey}”,
“SecretKey”: {
“NewValue”: “{enterSecretKeyHere}”
}
}

This updated the secret key with the new value. I was then able to test it by going to the Infrastructure/Accounts page and clicking on the AWS Account in question. I then clicked the “Save and Test” button on the AWS Account to verify the change.