slmcmahon · June 7, 2025 19:24
diff --git a/checksecrets.ps1 b/checksecrets.ps1
 #!/usr/bin/env pwsh

 $thresholdDays = 30

 Write-Host "Extracting all AZURE_CLIENT_IDs..."

 # Get all unique AZURE_CLIENT_ID values from deployments
 $clientIds = kubectl get deployments -o json | ConvertFrom-Json |
    ForEach-Object { $_.items } |
    ForEach-Object {
        $_.spec.template.spec.containers |
        ForEach-Object {
            if ($_.env) {
                $_.env | Where-Object { $_.name -eq "AZURE_CLIENT_ID" } | ForEach-Object { $_.value }
            }
        }
    } | Where-Object { $_ } | Sort-Object -Unique

 foreach ($clientId in $clientIds) {

    # Get objectId
    $objectId = az ad app list --filter "appId eq '$clientId'" --query "[0].id" -o tsv

    if ([string]::IsNullOrWhiteSpace($objectId)) {
        Write-Warning "App with appId $clientId not found"
        continue
    }

    # Get app name
    $appName = az ad app show --id $objectId --query "displayName" -o tsv

    Write-Host ""
    Write-Host "Checking app: '$appName'"

    # Get credentials
    $creds = az ad app credential list --id $objectId --query "[?endDateTime!=null]" -o json | ConvertFrom-Json

    foreach ($cred in $creds) {
        $rawDate = $cred.endDateTime
        # Remove fractional seconds to avoid parsing errors
        $cleanDate = $rawDate -replace "\.\d+Z$", "Z"

        try {
            $expiry = [DateTime]::Parse($cleanDate)
            $now = Get-Date
            $daysRemaining = ($expiry - $now).TotalDays

            if ($daysRemaining -lt $thresholdDays) {
                $name = if ($cred.displayName) { $cred.displayName } else { "Unnamed credential" }
                Write-Host "`"$name`" expiring on $expiry"
            }
        } catch {
            Write-Warning "Could not parse date: $rawDate"
        }
    }

    Write-Host ""
 }
	#!/usr/bin/env pwsh

	$thresholdDays = 30

	Write-Host "Extracting all AZURE_CLIENT_IDs..."

	# Get all unique AZURE_CLIENT_ID values from deployments
	$clientIds = kubectl get deployments -o json \| ConvertFrom-Json \|
	ForEach-Object { $_.items } \|
	ForEach-Object {
	$_.spec.template.spec.containers \|
	ForEach-Object {
	if ($_.env) {
	$_.env \| Where-Object { $_.name -eq "AZURE_CLIENT_ID" } \| ForEach-Object { $_.value }
	}
	}
	} \| Where-Object { $_ } \| Sort-Object -Unique

	foreach ($clientId in $clientIds) {

	# Get objectId
	$objectId = az ad app list --filter "appId eq '$clientId'" --query "[0].id" -o tsv

	if ([string]::IsNullOrWhiteSpace($objectId)) {
	Write-Warning "App with appId $clientId not found"
	continue
	}

	# Get app name
	$appName = az ad app show --id $objectId --query "displayName" -o tsv

	Write-Host ""
	Write-Host "Checking app: '$appName'"

	# Get credentials
	$creds = az ad app credential list --id $objectId --query "[?endDateTime!=null]" -o json \| ConvertFrom-Json

	foreach ($cred in $creds) {
	$rawDate = $cred.endDateTime
	# Remove fractional seconds to avoid parsing errors
	$cleanDate = $rawDate -replace "\.\d+Z$", "Z"

	try {
	$expiry = [DateTime]::Parse($cleanDate)
	$now = Get-Date
	$daysRemaining = ($expiry - $now).TotalDays

	if ($daysRemaining -lt $thresholdDays) {
	$name = if ($cred.displayName) { $cred.displayName } else { "Unnamed credential" }
	Write-Host "`"$name`" expiring on $expiry"
	}
	} catch {
	Write-Warning "Could not parse date: $rawDate"
	}
	}

	Write-Host ""
	}