First off. I appreciate all the efforts CircleCI’s full team is taking to keep us as up to date as possible. I empathize with all of you during these times.
Question:
Can we expect guidance on IOC’s / things to monitor related to the events that led to the recommendation for customers to rotate their keys?
I am looking to empower our SOC w/ as much information as possible. Appreciate a prompt response.
Yes, please rotate deploy and user keys.
Deploy keys should also be rotated. This support doc should help with understanding what has been impacted: https://support.circleci.com/hc/en-us/articles/11816211460891
We will be sending updates as we’re able via email and our blog.
So deploy keys were possibly compromised? So we would have to assume that our repositories could have been accessed?
Yes, please also rotate deploy keys. Here is a support article listing what was affected and how to rotate them: https://support.circleci.com/hc/en-us/articles/11816211460891
Does this incident impact self-hosted CircleCI environments in addition to the SaaS version?
https://support.circleci.com/hc/en-us/articles/11816211460891 is saying we should rotate CircleCI user access tokens
Is there a way to audit which users have access tokens that should be rotated?
Yes, all secrets should be rotated. For more information, you can view the Support Article posted
We recommend viewing the security audit logs of your VCS for any unauthorized access.
That is correct
Same question
Yes, this would apply as well.
You can read more about how we encrypt secrets and sensitive data in our security policy. We cannot share details about what was leaked and any remediation actions at this time outside of what has already been publicly disclosed. We are committed to sharing more details with customers in the coming days."
For those asking about CircleCI server customers (full self-hosted installation), this alert does not apply. @SlowIsSmoothIsFast @H4ZM47
Thank you!
We advise that you check the logs of any systems which had secrets stored in CircleCI.
Hi jerdog. With this failure of CircleCI, the organization I work for has more than 270 projects, and each one with its own secrets -aws, ssh, deployment, auth tokens… Can you give me some idea of what we can do? Is there any solution other than going from one to one changing all these secrets?
Is there any chance that this breach occur again or are we safe to rotate everything?
For CircleCI server customers (full self-hosted installation), this alert does not apply