CircleCI Ideas

Whitelisted IPs for builds

Customers are requesting an ability to see the exact list of IPs that CircleCI webhooks and SSH connections come from.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 13 2017
  • Taking votes
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 05, 2018 16:05

    Some customers also interested in reserving specific IPs to belong to their org/project, similar to AWS elastic IPs.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 23, 2019 13:41

    Any news on if this is even being considered?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 11, 2019 17:50

    Bump. This needs to exist if you expect people with strict infosec related policies to use/adopt CircleCI/take it seriously, and it's almost trivial to wire it up. We keep getting emails about new CIDR blocks to provision which is unsat in many ways. CircleCI  should be publishing a programmatically generated file with all the CIDR blocks (ideally json) that should have a hole punched so ALL CIDR blocks exist in a single source of truth, with a checksum for each generation to verify the integrity.  We need to be able to programatically determine which CIDR blocks CircleCI no longer uses so that artifacts can be removed with exhaustion. You're forcing your customers to maintain statefulness for your own infrastructure, which is not only something customers should be responsible for but also creating liabilities from leaving holes punched for originating hosts that are no longer valid.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 22, 2019 15:15

    any update about this?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 24, 2019 17:01

    definitely want this

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 12, 2019 16:50

    This would be a significant boon for us; our alternative is to roll home-grown systems to do handle work that is in a secured network. 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 15, 2019 14:37

    The company I am working for is reviewing our security policy, as a result they are suggesting that we should stop using circleci because of this matter - is there anything new on the matter of getting access to whitelisted IPs? 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 17, 2019 15:42

    We also need this feature. we use ansible for deployment, so we have to make ssh port public now.

     

    Two years has gone since this feaure is requested, I don't think they will do that.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 21, 2019 23:38

    Has there been any progress on this front? Does CircleCI not have EIPs attached to their nat endpoints in AWS? 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 26, 2019 10:46

    Would be helpful to get this feature from you guys

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 10, 2019 19:28

    Any updates?  This is killing me to have to open my instances to the world just for CircleCI testing... +1 for assigning an EIP to your NAT Gateway(s) and just publishing those.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 11, 2019 18:46

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 11, 2019 18:46

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 12, 2019 05:24

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 18, 2019 05:50

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 18, 2019 09:19

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 18, 2019 09:19

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 23, 2019 03:46

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 26, 2019 08:58

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 27, 2019 16:20

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 30, 2019 14:57

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    08 Jan 10:06

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    10 Jan 11:02

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    10 Jan 18:59

    This should absolutely be a feature.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    15 Jan 14:48

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    15 Jan 16:34

    Would love to have this feature

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    22 Jan 07:39

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    23 Jan 18:35

    Any idea if/when this might happen? It's pretty important to us (actually, I had assumed it would already have been in place).

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    27 Jan 17:02

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    28 Jan 12:26

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    30 Jan 00:48

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    30 Jan 20:32

    +1 (and may more for my engineering team)

     

    This is vital for our use case. Only because of this we might have to drift away from using CircleCI in favour of something that offers this simple feature.  I guess CircleCI staff has no qualified AWS solution architect to take on this simple challenge?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    03 Feb 14:33

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    04 Feb 21:58

    +1 This is really relevant for us. Thanks!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    05 Feb 14:28

    +1 The current recommended methodology is not security best practice.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    05 Feb 15:17

    +1

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    05 Feb 15:17

    any update on this 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    06 Feb 12:15

    +1 What is happening with this?

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    07 Feb 19:13

    +1 !!!!

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    07 Feb 21:06

    +1