[CircleCI Security Alert] Rotate any secrets stored in CircleCI

UPDATE: We have created a tool for discovering all your secrets on CircleCI.

The difference between this and the BASH script originally posted is that this will support both repositories that are under an individual user’s GitHub account, and repositories that are under a GitHub organization. As mentioned earlier, the BASH script version only works for repositories listed under a given GitHub org.


Original response

We have created the following gist as a guide to output a list of projects and contexts that currently contain env vars, and a link to the “Environment Variables” section of each of these projects, and a link to each context retrieved.

This was created by one of my colleagues on the support team - we are also in the process of creating another script that will be a bit more native, but we are offering this as a preliminary option for your teams to use.

Please be aware this method only works for GitHub users as this time

1 Like