Search

Suggested keywords:
  • Java
  • Docker
  • Git
  • React
  • NextJs
  • Spring boot
  • Laravel

Github protects your secret keys from accidental push

  • Share this:
post-title

Github released advanced security feature of push protection for users to protect their secrets getting accidentally pushed to their public github repositories. Push protection prevents secret leaks without compromising the developer experience by scanning for highly identifiable secrets before they are pushed. When a secret is detected in code, developers are prompted directly in their IDE or command line interface with remediation guidance to ensure that the secret is never exposed.

For github private repositories, it can be enabled by Github Advanced security. Go to Settings -> Code Security and analysis -> Secret Scanning and then enable it. 

                                                         source: https://github.blog/

A custom resource link can also be specified that will appear in the CLI and web UI when push protection blocks a commit. You can open the link and say it is okay to push the secret or block the secret. 

You can also add patterns to find the secrets related to your use-cases. To know more about it, refer github doc page. These alerts are generated for the provider and partner as well. Thanks to Github push protection!

 

DevGroves Technologies

About author
DevGroves Technologies is a IT consulting and services start-up company which is predominately to web technologies catering to static website, workflow based CRM websites, e-commerce websites and reporting websites tailoring to the customer needs. We also support open source community by writing blogs about how, why and where it need to be used for.