undefined | Better HN

0 points__MatrixMan__3y ago0 comments

Right. You'd need lock-down-all-AWS-controlled-by-the-foo-key because CircleCI got hacked and it had the foo-key.

Sounds like a separate product (something about breaches and blast radii) and not a CircleCI feature.

0 comments

The product already exists, it's called OAuth. All you need is an additional role that you can authorize:

    CircleCI would like to:
    
    - Upload build artifacts
    - Report security incidents

Then in GitHub (or wherever), you have the aforementioned checkbox. So when CircleCI reports the incident, the GitHub account is locked down.

You mean hanging whole sections of our value chain on other companies' assets was not the best idea?

j / k navigate · click thread line to collapse

0 points__MatrixMan__3y ago0 comments

Right. You'd need lock-down-all-AWS-controlled-by-the-foo-key because CircleCI got hacked and it had the foo-key.

Sounds like a separate product (something about breaches and blast radii) and not a CircleCI feature.

p-e-w3y ago

The product already exists, it's called OAuth. All you need is an additional role that you can authorize:

    CircleCI would like to:
    
    - Upload build artifacts
    - Report security incidents

Then in GitHub (or wherever), you have the aforementioned checkbox. So when CircleCI reports the incident, the GitHub account is locked down.

You mean hanging whole sections of our value chain on other companies' assets was not the best idea?

j / k navigate · click thread line to collapse