#!/bin/bash

# Set your Conjur settings
CONJUR_ACCOUNT="your-account"
CONJUR_APPLIANCE_URL="https://your-conjur-url"
AUTHN_TOKEN="$(cat /path/to/conjur.token)"  # Already logged-in token

# List all users
USERS=$(curl -s --header "Authorization: Token token=\"$AUTHN_TOKEN\"" \
  "$CONJUR_APPLIANCE_URL/resources/$CONJUR_ACCOUNT?kind=user" | jq -r '.[].id')

# For each user, get the audit event or metadata
for USER_ID in $USERS; do
  # Adjust the following line if you use annotations or custom metadata for password rotation
  LAST_ROTATED=$(curl -s --header "Authorization: Token token=\"$AUTHN_TOKEN\"" \
    "$CONJUR_APPLIANCE_URL/resources/$CONJUR_ACCOUNT/user/$USER_ID" \
    | jq -r '.annotations["last-password-rotated"] // "Unknown"')

  echo "User: $USER_ID, Last Password Rotation: $LAST_ROTATED"
done