wait-for-secrets
Publish from GitHub Actions using multi-factor authentication (by step-security)
CircleCI-Env-Inspector
A NodeJS tool for discovering all your secrets on CircleCI (by CircleCI-Public)
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
wait-for-secrets | CircleCI-Env-Inspector | |
---|---|---|
4 | 2 | |
273 | 73 | |
2.2% | - | |
0.0 | 3.7 | |
10 months ago | about 1 year ago | |
TypeScript | TypeScript | |
Apache License 2.0 | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wait-for-secrets
Posts with mentions or reviews of wait-for-secrets.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-04.
-
How to publish on npm with `--provenance` using Lerna-Lite
To deal with the OTP (or any other 2FA), we can use wait-for-secrets. Compared to the previous basic usage, we are splitting the Lerna-Lite Version & Publish into 2 separate tasks. The reason is simple, calling the OTP too early would timeout even before reaching the publish phase, so calling the OTP just before the publish is the best way to avoid invalid pin.
-
Rotate any secrets stored in CircleCI
While OIDC is a good option, at StepSecurity, we are building an open-source project that allows using your MFA tokens for deployments in CI/ CD. So far, it is implemented for GitHub Actions - https://github.com/step-security/wait-for-secrets. In this method, you get a link in the build log, click the link, and can enter credentials at run time, which then gets used in the next step in the pipeline for deployment. So there are no persistent secrets stored in the CI/ CD pipeline and no need for managing/ rotating separate deployment credentials.
- A way to publish from GitHub Actions using multi-factor authentication
- Show HN: Publish from GitHub Actions using multi-factor authentication
CircleCI-Env-Inspector
Posts with mentions or reviews of CircleCI-Env-Inspector.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-01-06.
-
Managing CircleCI secrets via Terraform
Jokes aside, when one of your clients - and their 10s or more repositories - is affected by this, it can get hairy pretty quickly. Worst case, you have to click your way through the UI and collect all secrets stored in contexts or, even better, in project/repository-specific settings. In the meantime, CircleCI has published a repository to help those unlucky ones: CircleCI-Public/CircleCI-Env-Inspector. Using this, you can get at least a high-level overview of all used secrets in your organization, e.g. name, location and anonymized value.
-
Rotate any secrets stored in CircleCI
Thanks for taking the initiative!
Circle CI have also released something similar linked to near the bottom of their blog post.
[0]: https://github.com/CircleCI-Public/CircleCI-Env-Inspector
[1]: https://circleci.com/blog/january-4-2023-security-alert/
What are some alternatives?
When comparing wait-for-secrets and CircleCI-Env-Inspector you can also consider the following projects:
FTP-Deploy-Action - Deploys a GitHub project to a FTP server using GitHub actions
circleci-audit
pr-compliance-action - Check PR for compliance on title, linked issues, and files changed
terraform-aws-oidc-github - Terraform module to configure GitHub Actions as an IAM OIDC identity provider in AWS.
github-pages-deploy-action - 🚀 Automatically deploy your project to GitHub Pages using GitHub Actions. This action can be configured to push your production-ready code into any branch you'd like.