Skip to content

Drone CI Secret

Service Name: Drone CI

Service Description: Drone is a Continuous Integration platform built on container technology. It enables developers to automate testing and deployment workflows using a simple YAML configuration file.

Service Address: https://www.drone.io/

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the organization level through Drone's security settings.

Secret Access Scope: Grants access to resources and services within Drone CI pipelines, allowing automated builds to interact with external services.

Secret Revokement URL: https://docs.drone.io/server/user/secrets/

Secret Example: drnsec_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0

Suspicious Activity Investigation Instructions:

  • Review Drone CI build logs for unusual activity or unauthorized pipeline executions
  • Check repository settings to identify any unauthorized secret access
  • Monitor for unexpected deployments or builds triggered outside normal development cycles
  • Examine audit logs for unusual access patterns or unauthorized users accessing secrets
  • Review repository activity to identify any unauthorized commits that might have modified pipeline configurations

Mitigation Instructions:

  • Log into your Drone CI dashboard
  • Navigate to the repository settings where the secret is configured
  • Delete the compromised secret from the repository or organization secrets
  • Generate a new secret with a different value
  • Update all legitimate pipeline configurations to use the new secret
  • Consider implementing repository protection rules to prevent unauthorized

pipeline configuration changes

  • Review and restrict access permissions to the Drone CI instance and repository

settings

  • Enable audit logging if not already active to monitor future secret usage