CircleCI Warns Customers To Rotate 'Any and All Secrets' After Hack (techcrunch.com) 8
CircleCI, a company whose development products are popular with software engineers, has urged users to rotate their secrets following a breach of the company's systems. From a report: The San Francisco-headquartered DevOps company said in an advisory published late Wednesday it is currently investigating the security incident -- its most recent in recent years. "We wanted to make you aware that we are currently investigating a security incident, and that our investigation is ongoing," CircleCI CTO Rob Zuber. "At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well."
CircleCI, which claims its technology is used by more than a million software engineers, is advising users to rotate "any and all secrets" stored in CircleCI, including those stored in project environment variables or in contexts. Secrets are passwords or private keys that are used to connect and authenticate servers together. For projects using API tokens, CircleCI said it has invalidated these tokens and users will be required to replace them.
CircleCI, which claims its technology is used by more than a million software engineers, is advising users to rotate "any and all secrets" stored in CircleCI, including those stored in project environment variables or in contexts. Secrets are passwords or private keys that are used to connect and authenticate servers together. For projects using API tokens, CircleCI said it has invalidated these tokens and users will be required to replace them.
warning ROT13 not the best solution (Score:3)
I don't think rotating your secrets is considered to be good security practice.
Re: (Score:2)
Rotate? (Score:2)
By how many bits? To the right, or the left?
Re: (Score:2)
No, no. It's like rotating tires on cars. Should be done every fifty thousand miles / 50kb.
I keep my secrets under my Aeron. (Score:2)
That way I can sit on 'em and rotate.
Indeed one of the incidents of all time (Score:1)
its most recent in recent years
What kind of terrible writing is this?
Not Popular (Score:2)
"CircleCI, a company whose development products are popular with software engineers"
Uhm... with what software engineers? Most everyone I know of is using GitHub Actions/etc for CI. Why would you tack on an entirely different software product to your workflow when it has one built-in?
Secrets (Score:2)
Aren't really secret once you start sharing 'em. "Hey, can I hold the keys to your house? I promise you can get them at anytime, and I'm 100% always available and will never 100% ever lose them or forget or share."
I'm not sure if I'm more disgusted with the company that is run by someone creepy enough to say, "Gimme your secrets." or the person doing business that thinks that giving out their secrets is a way to keep secrets. Just ugh. No, please do tell me of the "way" of the MBA or even the god of