[p-e-w]

I want the following option in my account settings for all critical services:

    [X] In case of a "security incident", lock down my account until I take action.

I understand why they can't do that by default, but it's crazy that every time this happens, I have to run in order to secure my assets when in many cases, I'd be perfectly fine with things just shutting down until I have time to take care of them.

Better yet, also give me a button that does this even when there's no official incident reported. That means disabling all access tokens, resetting the password, halting any scheduled jobs, and revoking access for any connected OAuth services until I manually re-enable them.

[VWWHFSfQ]

I don't think locking down the account will do anything. It sounds like secrets were already stolen. GitHub access tokens, etc. Locking the account won't unsteal that stuff.

[__MatrixMan__]

Right. You'd need lock-down-all-AWS-controlled-by-the-foo-key because CircleCI got hacked and it had the foo-key.

Sounds like a separate product (something about breaches and blast radii) and not a CircleCI feature.

[p-e-w]

The product already exists, it's called OAuth. All you need is an additional role that you can authorize:

    CircleCI would like to:
    
    - Upload build artifacts
    - Report security incidents

Then in GitHub (or wherever), you have the aforementioned checkbox. So when CircleCI reports the incident, the GitHub account is locked down.

[namaria]

You mean hanging whole sections of our value chain on other companies' assets was not the best idea?

[p-e-w]

Of course; it's the GitHub account that would need to be locked down in this case, and yes, it should be possible to do this automatically. The problem is that even though OAuth exists (which could be used to specify such an action during authorization), many services still rely on manually copying secrets around, which means that GitHub is not necessarily aware that another service has access to it.