terraform-aws-oidc-github
CircleCI-Env-Inspector
terraform-aws-oidc-github | CircleCI-Env-Inspector | |
---|---|---|
2 | 2 | |
90 | 73 | |
- | - | |
7.1 | 3.7 | |
10 days ago | about 1 year ago | |
HCL | TypeScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
terraform-aws-oidc-github
-
Rotate any secrets stored in CircleCI
A bit of a shameless plug for a relevant Terraform module I made (specific to GitHub in this case): https://github.com/unfunco/terraform-aws-oidc-github
-
GitHub workflow terraform init gives:Error: error configuring S3 Backend: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid
I just got the OIDC bridge working and it is magic. I used the module at https://github.com/unfunco/terraform-aws-oidc-github and was delighted it worked on the first try.
CircleCI-Env-Inspector
-
Managing CircleCI secrets via Terraform
Jokes aside, when one of your clients - and their 10s or more repositories - is affected by this, it can get hairy pretty quickly. Worst case, you have to click your way through the UI and collect all secrets stored in contexts or, even better, in project/repository-specific settings. In the meantime, CircleCI has published a repository to help those unlucky ones: CircleCI-Public/CircleCI-Env-Inspector. Using this, you can get at least a high-level overview of all used secrets in your organization, e.g. name, location and anonymized value.
-
Rotate any secrets stored in CircleCI
Thanks for taking the initiative!
Circle CI have also released something similar linked to near the bottom of their blog post.
[0]: https://github.com/CircleCI-Public/CircleCI-Env-Inspector
[1]: https://circleci.com/blog/january-4-2023-security-alert/
What are some alternatives?
terraform-aws-github-runner - Terraform module for scalable GitHub action runners on AWS
circleci-audit
terraform-aws-eks - Terraform module to create AWS Elastic Kubernetes (EKS) resources 🇺🇦
Ory Hydra - OpenID Certifiedâ„¢ OpenID Connect and OAuth Provider written in Go - cloud native, security-first, open source API security for your infrastructure. SDKs for any language. Works with Hardware Security Modules. Compatible with MITREid.
github-actions-demo - github actions demo
typhoon - Minimal and free Kubernetes distribution with Terraform
wait-for-secrets - Publish from GitHub Actions using multi-factor authentication