Rotate the deploy:host Forgejo runner token (exposed in an agent session) #357
Labels
No labels
burndown-2026-06
coherence-core
consult
headless
interactive
P0
P1
P2
P3
P4
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
coilyco-flight-deck/infrastructure#357
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The
forgejo-runner-deploy-0runner's registration token (thetokenfield in its.runnerconfig) was printed into a Claude Code session transcript on 2026-06-17 while diagnosing CD failures (coilyco-bridge/deploy#13). The value is not committed and not public, but it was exposed outside the box, so rotate it.Risk: that token authenticates this runner to the Forgejo instance. The deploy runner is label
deploy:host(host execution mode) with kai-server host + cluster access, so a held token could let someone register/impersonate it and gain code execution on kai-server. Treat as sensitive.Rotate:
forgejo-runner-deployrunner, then let it re-register (it self-registers on restart), or~/.runnerfile and restartforgejo-runner-deploy-0so act_runner re-registers with a fresh token.deploylabel so CD still routes.Origin: an agent ran
cat .runnerinstead of grepping a narrow field while investigating deploy#13. Follow-up: prefer field-scoped reads of runner config in future ops.