DEV Community

Luke Cartwright
Luke Cartwright

Posted on

Rotate your Circle CI keys now.

This morning many developers recieved an email informing them that circle CI had been breached between 21st December 2022 and 4th January 2023.

Email sent by circle ci
Image from https://www.bleepingcomputer.com

Am I affected?

The statement says:

"At this point, we are confident that there are no unauthorized actors active in our systems; however, out of an abundance of caution, we want to ensure that all customers take certain preventative measures to protect your data as well."

What do I need to do?

The recommendation is to 'Immediately rotate any and all secrets stored in CircleCI. These may be stored in project environment variables or in contexts.'
This includes SSH keys and other secrets.

How do I rotate my keys?

To rotate keys please refer to this documentaion on circle ci's website - https://circleci.com/docs/managing-api-tokens/#rotating-a-project-api-token

Do you have any questions?

Please see this tweet from circle ci to some common questions- Tweet about common questions being answered by a circle ci engineer

Or add a question to the circle ci discussion board

References:

Top comments (0)