Is there a way to automate this instead of having to check it manually for each keyring and key. I want a script that will go through all the keyring and give me a list of keys that do not have rotation or versioning enabled.
This script just iterates through all the locations, lists all the keyrings, then all the keys, then describes each to get the rotation period and prints out the key URI, then a tab, then the rotation period or "DISABLED" if none.
#!/bin/bash
set -e
for LOC in $(gcloud kms locations list --format="get(LOCATION_ID)") ; do
for KEYRING in $(gcloud kms keyrings list --location $LOC --format="get(NAME)") ; do
for KEY in $(gcloud kms keys list --keyring $KEYRING --format="get(NAME)") ; do
ROTATION=$(gcloud kms keys describe $KEY --format "get(rotationPeriod)")
if [ -z "$ROTATION" ] ; then
ROTATION="DISABLED"
fi
echo -e "$KEY\t$ROTATION"
done
done
done
Feel free to offer feedback on my rusty bash scripting style.