This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-01-06
Channels
- # aleph (13)
- # announcements (1)
- # babashka (89)
- # beginners (23)
- # calva (14)
- # circleci (7)
- # clj-kondo (39)
- # clj-on-windows (1)
- # cljdoc (5)
- # cljsrn (29)
- # clojure (98)
- # clojure-art (3)
- # clojure-conj (5)
- # clojure-europe (14)
- # clojure-nl (1)
- # clojure-norway (9)
- # clojurescript (18)
- # clr (39)
- # code-art (3)
- # community-development (3)
- # cursive (3)
- # emacs (11)
- # events (1)
- # fulcro (12)
- # graalvm-mobile (16)
- # graphql (3)
- # gratitude (1)
- # honeysql (19)
- # java (7)
- # joyride (23)
- # lsp (22)
- # malli (2)
- # missionary (25)
- # off-topic (15)
- # polylith (15)
- # rdf (5)
- # reagent (9)
- # reitit (3)
- # scittle (3)
- # shadow-cljs (37)
- # slack-help (2)
- # sql (10)
I don't have a ton of projects using CircleCI, but found https://github.com/CircleCI-Public/CircleCI-Env-Inspector to report where secrets live.
README currently is weak, but https://github.com/CircleCI-Public/CircleCI-Env-Inspector/issues/6.
For those who do have a ton of projects like my workplace (589 repos!) here is a little #CLX41ASCS thing to rotate all of your CircleCI deploy SSH keys in GitHub: https://gist.github.com/lispyclouds/7752a72f388ad5136f3a1d3843ceb9e8 hopefully this is helpful to someone! 😄
@U7ERLH6JX some of us had guessed if the GitHub deploy keys were read-only that maybe we could not bother rotating them. Thoughts?
well its fine for OSS repos i think. kinda big deal for proprietary things like company code. attackers can clone stuff