You love Concourse CI and you've got a dozen or more pipelines running. Each pipeline is configured with secret AWS/Docker/Github credentials so it can test for S3 blobs, new Docker images, and Github repo changes.

Suddenly a friend of yours - not you - accidentally commits your secret credentials into a public repository and now you need to cancel all your credentials and update all your pipelines as soon as possible.

You empathise. You'd never do this. But you understand it can happen.

I created a little repo https://github.com/drnic/rotate-concourse-credentials that includes two scripts that can help. Help your friend, that is. Not you. You didn't do anything.

./fetch_pipelines.sh <target concourse>

This will download every pipeline you have access to into tmp.

You can then edit all the files to change the credentials.

You did cancel/change your credentials already, right?

You can then interactively update the pipelines:

./push_pipelines.sh <target concourse>

Your friend is saved.