Skip to main content

A package for auditing CircleCI

Project description

CircleCI Audit

This tool is intended to help you audit any secrets that you may have configured in CircleCI.

It was developed specifically to assist with the recommendations of this security alert.

Pre-requisites:

  • Python 3.7+

Setup

Create a CircleCI Personal Token

Follow these instructions.

This token is used by circleci-audit to authenticate with the CircleCI API. circleci-audit can only access repositories that are accessible to the account that owns this personal API token.

Install circleci-audit:

$ python3 -m pip install circleci-audit
$ export CIRCLECI_AUDIT_TOKEN="your personal token"
$ circleci-audit --help

Commands

Organizations

List Organizations

$ circleci-audit orgs
org-1 github
org-2 bitbucket

Repositories

List Repositories

For all organizations:

$ circleci-audit repos
org-1 example https://github.com/your-org/example
org-2 another-example https://github.com/your-org/another-example

For a specific organization:

$ circleci-audit repos --org=org-1
example https://github.com/your-org/example
another-example https://github.com/your-org/another-example

List Repositories' Environment Variables

For all organizations and repositories:

$ circleci-audit repos vars
org-1 repo-1 env-1
org-2 repo-2 env-2

For all repositories in a specific organization:

$ circleci-audit repos vars --org=org-1
repo-1 env-1
repo-2 env-2

For a specific repository:

$ circleci-audit repos vars --org=org-1 --repo=repo-1
env-1
env-2

List Repositories' SSH Keys

For all organizations and repositories:

$ circleci-audit repos keys
org-1 repo-1 github-deploy-key key:finger:print
org-2 repo-2 ssh-key key:finger:print

For all repositories in a specific organization:

$ circleci-audit repos keys --org=org-1
repo-1 github-deploy-key key:finger:print
repo-2 ssh-key key:finger:print

For a specific repository:

$ circleci-audit repos keys --org=org-1 --repo=repo-1
github-deploy-key key:finger:print
ssh-key key:finger:print

List Repositories' Configured With Jira

List all repositories that have been configured with a secret token to authenticate to Jira.

For all organizations and repositories:

$ circleci-audit repos jira
org-1 repo-1
org-2 repo-2

For all repositories in a specific organization:

$ circleci-audit repos keys --org=org-1
repo-1
repo-2

Contexts

List

For all organizations:

$ circleci-audit contexts
org-1 example
org-2 another-example

For a specific organization:

$ circleci-audit contexts --org=org-1
example
another-example

List Contexts' Environment Variables

For all organizations and contexts:

$ circleci-audit contexts vars
org-1 context-1 env-1
org-2 context-2 env-2

For all contexts in a specific organization:

$ circleci-audit repos vars --org=org-1
context-1 env-1
context-2 env-2

For a specific context:

$ circleci-audit repos vars --org=org-1 --context=context-1
env-1
env-2

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

circleci-audit-1.0.1.tar.gz (8.5 kB view details)

Uploaded Source

Built Distribution

circleci_audit-1.0.1-py3-none-any.whl (9.8 kB view details)

Uploaded Python 3

File details

Details for the file circleci-audit-1.0.1.tar.gz.

File metadata

  • Download URL: circleci-audit-1.0.1.tar.gz
  • Upload date:
  • Size: 8.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.8.10

File hashes

Hashes for circleci-audit-1.0.1.tar.gz
Algorithm Hash digest
SHA256 f21820678149c25bf76fd23fb6924ab60c3605f8ee0f2aa42f4e89712aa29106
MD5 eda6c2ffc360f07a81b8dfcd7696634a
BLAKE2b-256 4ed189b62400b7eb46dc44be18b63db2659c5ab2b3876ba028e7883f681a24c2

See more details on using hashes here.

File details

Details for the file circleci_audit-1.0.1-py3-none-any.whl.

File metadata

File hashes

Hashes for circleci_audit-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e80b1a95e8adb5de166936de4672e79341d3cab5668164120174d82656b50fb5
MD5 47947d9abcb4f6e8cabfc266b6f75119
BLAKE2b-256 290eed5fdb46f95747ec9ee2dd7f1037aee92c283919426aea9e7789b93376e0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page