CircleCI is a platform that enables continuous integration and delivery of software projects. It allows teams to automate their software development process by building, testing, and deploying their code changes in a consistent and reliable manner. In this blog post, we will explore the Tactics/Techniques/Procedures (TTP) of how environment variables that house sensitive credentials and secrets can be exfiltrated using Circle CI.
Secrets Exfiltration Tactic
Circle CI Config
Printing Environment Variables
This will print out a list of all the environment variables available to your CircleCI runner, along with their values, for example:
Viewing the Logs
To view the build logs from the CircleCI web interface, follow these steps:
- Navigate to the project that you want to view the build logs for.
- Click on the "Builds" tab.
- Find the build that you want to view the logs for and click on it.
- The build logs will be displayed in the "Logs" tab.
How to Address This
Build pipelines present an interesting opportunity to print and log environment variables that represent sensitive credentials and secrets. You’re now equipped with a better understanding of this TTP and the steps you can take to combat any malicious actor looking to intercept credentials in your build pipeline.