|
|
|
|
|
|
by rupert-m-a
1263 days ago
|
|
|
I've created a tool due to this incident to help you find your secrets in CircleCi. https://github.com/rupert-madden-abbott/circleci-audit It can:
* List env vars attached to your repos and contexts
* List SSH keys attached to your repos
* List which repos are configured with Jira (a secret that might need rotating) |
|
|
Circle CI have also released something similar [0] linked to near the bottom of their blog post[1].
[0]: https://github.com/CircleCI-Public/CircleCI-Env-Inspector
[1]: https://circleci.com/blog/january-4-2023-security-alert/