Due to a change in our internal security policies we recently decided to take a look at Circle’s user security and found some fairly serious issues.
CircleCI authentication is tied to Github and generally someone with read access to a repository has unrestricted access in Circle from the context of that repository, meaning, re-building, modifying environment vars or other settings, or invoking SSH debug.
Unrestricted SSH debug is especially troubling since secrets (e.g. SSH keys) can be accessed in plain text after accessing a container.
Lack of granular security control may not be an issue for a small startup environment with an implied level of trust, but as a company grows, the need for least privilege access and security compliance in general becomes paramount.
Please consider improving user authentication system to allow for levels of access based on user role and at the very least gate the use of the SSH debug feature ASAP.