CircleCI Ideas

Limit SSH Access To Admins

Enable a setting to restrict the "Rebuild with SSH" action to only administrators (role on Github Team)
  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jan 18 2019
  • New
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    February 23, 2019 15:39

    How is this not already a thing? In GitHub, we have users with read only permissions, but now either of these users can now access credentials and write to production?????

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    February 24, 2019 19:38

    No, read-only users can't trigger jobs, including SSH. This feature would restrict this to only admins and owners, instead of the current behavior of all users with write or push access to the repo.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 19, 2019 08:55

    This feature idea always come up on our internal security discussions. Af of now, too many people can SSH into our jobs and just "$ echo" all the secrets.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    September 23, 2019 15:02

    This seems like something we should be able to do. enable/disable access to a user role/group to SSH into a job. We don't want users to be able to just print all env variables.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    November 19, 2019 07:54

    Big security issue for such a long time, why haven't been fixed 

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    18 Mar 03:11

    lots of people discussed this critical issue, why circleci don't care about this?