A package for auditing CircleCI
Project description
CircleCI Audit
This tool is intended to help you audit any secrets that you may have configured in CircleCI.
It was developed specifically to assist with the recommendations of this security alert.
Pre-requisites:
- Python 3.7+
Setup
Create a CircleCI Personal Token
Follow these instructions.
This token is used by circleci-audit
to authenticate with the CircleCI API. circleci-audit
can only access
repositories that are accessible to the account that owns this personal API token.
Install circleci-audit:
$ python3 -m pip install circleci-audit
$ export CIRCLECI_AUDIT_TOKEN="your personal token"
$ circleci-audit --help
Commands
Organizations
List Organizations
$ circleci-audit orgs
org-1 github
org-2 bitbucket
Repositories
List Repositories
For all organizations:
$ circleci-audit repos
org-1 example https://github.com/your-org/example
org-2 another-example https://github.com/your-org/another-example
For a specific organization:
$ circleci-audit repos --org=org-1
example https://github.com/your-org/example
another-example https://github.com/your-org/another-example
List Repositories' Environment Variables
For all organizations and repositories:
$ circleci-audit repos vars
org-1 repo-1 env-1
org-2 repo-2 env-2
For all repositories in a specific organization:
$ circleci-audit repos vars --org=org-1
repo-1 env-1
repo-2 env-2
For a specific repository:
$ circleci-audit repos vars --org=org-1 --repo=repo-1
env-1
env-2
List Repositories' SSH Keys
For all organizations and repositories:
$ circleci-audit repos keys
org-1 repo-1 github-deploy-key key:finger:print
org-2 repo-2 ssh-key key:finger:print
For all repositories in a specific organization:
$ circleci-audit repos keys --org=org-1
repo-1 github-deploy-key key:finger:print
repo-2 ssh-key key:finger:print
For a specific repository:
$ circleci-audit repos keys --org=org-1 --repo=repo-1
github-deploy-key key:finger:print
ssh-key key:finger:print
List Repositories' Configured With Jira
List all repositories that have been configured with a secret token to authenticate to Jira.
For all organizations and repositories:
$ circleci-audit repos jira
org-1 repo-1
org-2 repo-2
For all repositories in a specific organization:
$ circleci-audit repos keys --org=org-1
repo-1
repo-2
Contexts
List
For all organizations:
$ circleci-audit contexts
org-1 example
org-2 another-example
For a specific organization:
$ circleci-audit contexts --org=org-1
example
another-example
List Contexts' Environment Variables
For all organizations and contexts:
$ circleci-audit contexts vars
org-1 context-1 env-1
org-2 context-2 env-2
For all contexts in a specific organization:
$ circleci-audit repos vars --org=org-1
context-1 env-1
context-2 env-2
For a specific context:
$ circleci-audit repos vars --org=org-1 --context=context-1
env-1
env-2
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file circleci-audit-1.0.1.tar.gz
.
File metadata
- Download URL: circleci-audit-1.0.1.tar.gz
- Upload date:
- Size: 8.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f21820678149c25bf76fd23fb6924ab60c3605f8ee0f2aa42f4e89712aa29106 |
|
MD5 | eda6c2ffc360f07a81b8dfcd7696634a |
|
BLAKE2b-256 | 4ed189b62400b7eb46dc44be18b63db2659c5ab2b3876ba028e7883f681a24c2 |
File details
Details for the file circleci_audit-1.0.1-py3-none-any.whl
.
File metadata
- Download URL: circleci_audit-1.0.1-py3-none-any.whl
- Upload date:
- Size: 9.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.8.10
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e80b1a95e8adb5de166936de4672e79341d3cab5668164120174d82656b50fb5 |
|
MD5 | 47947d9abcb4f6e8cabfc266b6f75119 |
|
BLAKE2b-256 | 290eed5fdb46f95747ec9ee2dd7f1037aee92c283919426aea9e7789b93376e0 |