032
EXH-0322024Fictional reconstruction
The CI Token Leak
A CI run printed a token because someone added `set -x` to debug a failing step. The log is public.
Type
Modern / Cloud
Difficulty
Intermediate
Era
2020s
Time
9 min
Briefing
GitHub flagged a token as 'observed in a public location'. The token belongs to the forge org. Build logs for the forge/api repository are public for open-source contributors. Walk the most recent runs.
Your role
Auditor walking the CI archive after a token rotation alert.
Objective
Find the line in the build log that exposed the token and identify the change that caused it.
Terminal environment
- user
- auditor
- host
- ci-archive
- cwd
- /builds/forge
- steps
- 3
Enter the terminalAbout 9 minutesSafe simulation
Safety note. This is a safe reconstruction. All systems, files, hosts, credentials, and outputs are simulated. Do not use these techniques on systems you do not own or have explicit permission to test.