while getopts b:p: flag do case "${flag}" in b) S3_BUCKET=${OPTARG};; p) PROFILE=${OPTARG};; esac done PACKAGE_CUR="$(aws s3api list-objects-v2 \ --bucket "${S3_BUCKET}" \ --prefix 'data/master/master-' \ --profile "${PROFILE}" \ --output json | jq -r '[.Contents[].Key|select(endswith(".tgz"))]|max_by(.)| ltrimstr("data/master/")|rtrimstr(".tgz")')" echo "PACKAGE_CUR=${PACKAGE_CUR}" aws s3api get-object \ --bucket "${S3_BUCKET}" \ --key "data/master/${PACKAGE_CUR}.tgz" "${PACKAGE_CUR}.tgz" \ --profile "${PROFILE}" # Generate the new package name PACKAGE_NEW="${PACKAGE_CUR}.tgz.$(date -u '+%F-%H-%M-%S')" echo "PACKAGE_NEW=${PACKAGE_NEW}" # Generate the new package by excluding # the secret files to be rotated gzip -d -c "${PACKAGE_CUR}.tgz" | tar --delete \ './config' './basic_auth.csv' \ './known_tokens.csv' './kubecfg.crt' './kubecfg.key' \ | gzip - > "${PACKAGE_NEW}.tgz" aws s3api put-object \ --bucket "${S3_BUCKET}" \ --key "data/master/${PACKAGE_NEW}.tgz" \ --body "${PACKAGE_NEW}.tgz" \ --profile "${PROFILE}"