Overview
For security purposes you may want to disable the Rerun Job with SSH feature. CircleCI allows organization admins to request that this feature be disabled on a project basis.
Disabling the re-run with SSH using the CircleCI v1 API
To disable the Rerun Job with SSH feature please confirm that you are an organization admin. If you are an organization admin, you can disable this feature using the CircleCI v1 API.
curl -X PUT \
--header "Circle-Token: <token>" \
--header "Accept: application/json" \
--header "Content-Type: application/json" \
--data '{"feature_flags": {"disable-ssh": true}}' \
'https://circleci.com/api/v1.1/project/<vcs>/<org>/<project>/settings'
- For the project URL under the
--data
payload, replace<vcs>/<org>/<project>
with the project that you wish to apply these feature flags to. For example,github/acmeorg/foobar
- Replace the
<token>
with a Personal API Token.- This can also be authenticated using Basic authentication after encoding your Personal API Token
- When successful, CircleCI returns HTTP 200, and an empty string
""
To confirm that SSH is indeed disabled, you can use the API and jq as well.
curl -X GET \
--header "Circle-Token: <token>" \
'https://circleci.com/api/v1.1/project/<vcs>/<org>/<project>/settings' \
| jq '.feature_flags."disable-ssh"'
Important Notice
If you rerun a workflow that contains a job which was previously re-run with SSH, the new workflow will be run with SSH enabled for that job, even after SSH capability has been disabled at the project level.
Comments
Article is closed for comments.