Select Page

DevOps platform CircleCI on Wednesday urged its customers to rotate all their secrets following an unspecified security incident.

The company said an investigation is currently ongoing, but emphasized that “there are no unauthorized actors active in our systems.” Additional details are expected to be shared in the coming days.

“Immediately rotate any and all secrets stored in CircleCI,” CircleCI’s chief technology officer, Rob Zuber, said in a terse advisory. “These may be stored in project environment variables or in contexts.”

CircleCI is also recommending users to review internal logs for signs of any unauthorized access starting from December 21, 2022, to January 4, 2023, or until when the secrets are rotated.

The software development service did not disclose any further specifics about the breach, but said it has also invalidated all Project API tokens and that they need to be replaced.

images from Hacker News