Drone CI Secret
Service Name: Drone CI
Service Description: Drone is a Continuous Integration platform built on container technology. It enables developers to automate testing and deployment workflows using a simple YAML configuration file.
Service Address: https://www.drone.io/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured at the organization level through Drone's security settings.
Secret Access Scope: Grants access to resources and services within Drone CI pipelines, allowing automated builds to interact with external services.
Secret Revokement URL: https://docs.drone.io/server/user/secrets/
Secret Example: drnsec_a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0
Suspicious Activity Investigation Instructions:
- Review Drone CI build logs for unusual activity or unauthorized pipeline executions
- Check repository settings to identify any unauthorized secret access
- Monitor for unexpected deployments or builds triggered outside normal development cycles
- Examine audit logs for unusual access patterns or unauthorized users accessing secrets
- Review repository activity to identify any unauthorized commits that might have modified pipeline configurations
Mitigation Instructions:
- Log into your Drone CI dashboard
- Navigate to the repository settings where the secret is configured
- Delete the compromised secret from the repository or organization secrets
- Generate a new secret with a different value
- Update all legitimate pipeline configurations to use the new secret
- Consider implementing repository protection rules to prevent unauthorized
pipeline configuration changes
- Review and restrict access permissions to the Drone CI instance and repository
settings
- Enable audit logging if not already active to monitor future secret usage