Hacker News new | ask | show | jobs
by __MatrixMan__ 1263 days ago
Right. You'd need lock-down-all-AWS-controlled-by-the-foo-key because CircleCI got hacked and it had the foo-key.

Sounds like a separate product (something about breaches and blast radii) and not a CircleCI feature.
2 comments
p-e-w 1263 days ago
The product already exists, it's called OAuth. All you need is an additional role that you can authorize:

    CircleCI would like to:
    
    - Upload build artifacts
    - Report security incidents
Then in GitHub (or wherever), you have the aforementioned checkbox. So when CircleCI reports the incident, the GitHub account is locked down.
link
namaria 1262 days ago
You mean hanging whole sections of our value chain on other companies' assets was not the best idea?
link