I am looking for a way to automate auditing and rotating of SSH keys, personal access tokens and deploy keys. We use GitHub Org so I want to do this for my entire user population. I was thinking to regularly scan for these kinds of credentials and examine their age. If they are approaching a certain age I want to notify the owner so he/she can generate a new key and use that. If they are above the age limit I want to disable or delete them.
So far I have only been able to identify SSH keys through the v3 API using the /users/:user/keys endpoint. Is there a way to discover the other credentials?
Also what methods exist to actually delete or disable these type of credentials? If that is not possible just reporting on the keys would be better than nothing.