Skip to content

Instantly share code, notes, and snippets.

@stefanbuck

stefanbuck/README.md

Last active January 5, 2023 22:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save stefanbuck/216bfdb20a9d018c3fff24998cdd392a to your computer and use it in GitHub Desktop.
Save stefanbuck/216bfdb20a9d018c3fff24998cdd392a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
README.md

Octoherd script to help with the recent CircleCI’s security breach by removing deploy keys from your repos.

No warranty, use at your own risk!

Dry-run

Run the script on a single repo first. Octoherd will prompt to confim the deletion request.

npx @octoherd/cli run -T $GITHUB_TOKEN -S ./script.mjs -R 'your-org/some-repo'

Action

Now run the script across your org. Again no, warranty, use this script at your own risk.

npx @octoherd/cli run -T $GITHUB_TOKEN -S ./script.mjs -R 'your-org/*'

There might be deploy keys named slightly differnt, watch the logs closely.

Raw
script.mjs
export async function script(octokit, repository) {
const res = await octokit.request("GET /repos/{owner}/{repo}/keys", {
owner: repository.owner.login,
repo: repository.name,
})
const keys = res.data;
for (let index = 0; index < keys.length; index++) {
const key = keys[index];
if (key.title.toLowerCase() === 'circleci') {
await octokit.request("DELETE /repos/{owner}/{repo}/keys/{id}", {
owner: repository.owner.login,
repo: repository.name,
id: key.id
})
} else if (key.title.toLowerCase().includes('circle')) {
octokit.log.info(`${key.title} might be a circle ci deploy key as well. Manual action is required for ${repository.html_url}!`);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment