Created
May 14, 2025 12:44
-
-
Save islishude/5277fd268485741ae753e91f9a553c15 to your computer and use it in GitHub Desktop.
Force to delete all items from aws secret manager
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| import ( | |
| "context" | |
| "fmt" | |
| "log" | |
| "github.com/aws/aws-sdk-go-v2/aws" | |
| "github.com/aws/aws-sdk-go-v2/config" | |
| "github.com/aws/aws-sdk-go-v2/service/secretsmanager" | |
| ) | |
| func DeleteAllSecrets(ctx context.Context, region string) error { | |
| // 加载 AWS 配置 | |
| cfg, err := config.LoadDefaultConfig(ctx, config.WithRegion(region)) | |
| if err != nil { | |
| return fmt.Errorf("failed to load AWS config: %w", err) | |
| } | |
| client := secretsmanager.NewFromConfig(cfg) | |
| count := 0 | |
| // 分页列出所有 secrets | |
| paginator := secretsmanager.NewListSecretsPaginator(client, &secretsmanager.ListSecretsInput{}) | |
| for paginator.HasMorePages() { | |
| page, err := paginator.NextPage(ctx) | |
| if err != nil { | |
| return fmt.Errorf("failed to list secrets: %w", err) | |
| } | |
| for _, secret := range page.SecretList { | |
| // 如果是副本 Secret,跳过 | |
| if secret.PrimaryRegion != nil && *secret.PrimaryRegion != region { | |
| log.Printf("skip replica secret: %s", aws.ToString(secret.Name)) | |
| continue | |
| } | |
| desc, err := client.DescribeSecret(ctx, &secretsmanager.DescribeSecretInput{ | |
| SecretId: secret.ARN, | |
| }) | |
| if err != nil { | |
| return fmt.Errorf("failed to describe secret %s: %v", aws.ToString(secret.Name), err) | |
| } | |
| if len(desc.ReplicationStatus) > 0 { | |
| replicas := []string{} | |
| for _, status := range desc.ReplicationStatus { | |
| if status.Region != nil { | |
| replicas = append(replicas, *status.Region) | |
| log.Println("Removing regions from replication:", *status.Region) | |
| } | |
| } | |
| _, err = client.RemoveRegionsFromReplication(ctx, &secretsmanager.RemoveRegionsFromReplicationInput{ | |
| SecretId: secret.ARN, | |
| RemoveReplicaRegions: replicas, | |
| }) | |
| if err != nil { | |
| return err | |
| } | |
| } | |
| _, err = client.DeleteSecret(ctx, &secretsmanager.DeleteSecretInput{ | |
| SecretId: secret.ARN, | |
| ForceDeleteWithoutRecovery: aws.Bool(true), // 立即删除 | |
| }) | |
| if err != nil { | |
| return fmt.Errorf("failed to delete secret %s: %v", aws.ToString(secret.Name), err) | |
| } | |
| log.Printf("deleted secret: %s", aws.ToString(secret.Name)) | |
| count++ | |
| } | |
| } | |
| log.Println("Successfully deleted all secrets.", "Total deleted:", count) | |
| return nil | |
| } | |
| func main() { | |
| ctx := context.Background() | |
| region := "us-east-2" | |
| err := DeleteAllSecrets(ctx, region) | |
| if err != nil { | |
| log.Fatalf("failed to delete all secrets: %v", err) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment