Listing secrets stored in CircleCI
If you've not seen, CircleCI yesterday announced that they had recently had a breach. As part of this, teams are recommended to rotate all of their secrets, but to do that, you need to easily find out what secrets are in place.
I've put together a Go CLI project on on GitLab.com that allows querying for all secrets in Contexts as well as per-Project secrets, in a Tab Separated Value (TSV) format that makes it handy to copy-paste into things like Google Sheets.
First, install it:
go install gitlab.com/tanna.dev/circleci-secret-list@HEAD
To list all contexts:
export CIRCLE_TOKEN=... ./circleci-secret-list -token $CIRCLE_TOKEN -slug gh/jamietanna
Or to list all projects, if you've created a
repos.txt using i.e. this blog post:
export CIRCLE_TOKEN=... ./circleci-secret-list -token $CIRCLE_TOKEN -slug gh/jamietanna -repos repos.txt