Rotate any secrets stored in CircleCI

• terraform-aws-oidc-github

  2 90 7.1 HCL

  Terraform module to configure GitHub Actions as an IAM OIDC identity provider in AWS.

A bit of a shameless plug for a relevant Terraform module I made (specific to GitHub in this case): https://github.com/unfunco/terraform-aws-oidc-github

• wait-for-secrets

  4 273 0.0 TypeScript

  Publish from GitHub Actions using multi-factor authentication

  

While OIDC is a good option, at StepSecurity, we are building an open-source project that allows using your MFA tokens for deployments in CI/ CD. So far, it is implemented for GitHub Actions - https://github.com/step-security/wait-for-secrets. In this method, you get a link in the build log, click the link, and can enter credentials at run time, which then gets used in the next step in the pipeline for deployment. So there are no persistent secrets stored in the CI/ CD pipeline and no need for managing/ rotating separate deployment credentials.

• InfluxDB

  www.influxdata.com featured

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• circleci-audit

  3 3 0.0 Python

I've created a tool due to this incident to help you find your secrets in CircleCi.

https://github.com/rupert-madden-abbott/circleci-audit

It can:

• CircleCI-Env-Inspector

  2 73 3.7 TypeScript

  A NodeJS tool for discovering all your secrets on CircleCI

  

Thanks for taking the initiative!

Circle CI have also released something similar linked to near the bottom of their blog post.

[0]: https://github.com/CircleCI-Public/CircleCI-Env-Inspector

[1]: https://circleci.com/blog/january-4-2023-security-alert/

Suggest a related project