Skip to content

Discover all keys that hold a specific value across AWS SSM Parameter Store and Secrets Manager.

License

Notifications You must be signed in to change notification settings

khalidx/himitsu

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

himitsu

A simple command line application to discover all keys that hold a specific value across AWS SSM Parameter Store and Secrets Manager.

What can you do with this tool?

Simply provide a value, like a password, to discover all keys in your AWS account that equal that value. This is useful during password changes, or when you believe that a secret value has been compromised.

What is "himitsu"?

The Japanese word for "secret".

usage

himitsu

You'll be prompted for the value to search for.

himitsu uses the currently logged in AWS account by default, and will only be able to search the keys the currently logged in user has access to. It also only compares the value of the current version of the secret. It searches only the following AWS regions (for now):

  • us-east-1 | US East (N. Virginia)
  • us-east-2 | US East (Ohio)
  • us-west-1 | US West (N. California)
  • us-west-2 | US West (Oregon)

The implementation is simple, and contained in src/index.ts.

You'll need at least the following IAM policy associated with currently logged in user. Of course, if you're logged in as an administrator user or root, you won't need to add this policy. You can also further restrict the resources section of the policy to only allow the logged in user and himitsu to have access to certain secrets in your AWS account.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ssm:DescribeParameters"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "secretsmanager:ListSecrets"
      ],
      "Resource": "*"
    }
  ]
}

support

Your comments, concerns, suggestions, and feedback are all appreciated. Help maintain this project by opening an issue or pull request!

About

Discover all keys that hold a specific value across AWS SSM Parameter Store and Secrets Manager.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published