undefined | Better HN

0 pointsLex-20085y ago0 comments

Because it should be OK to commit secrets to private repos - that's why they're _private_, after all, right?

0 comments

No, that's not not why.

If you have secrets, encrypt them.

Private repos can be turned public, intentionally or by mistake. Repos can be exported to give software to third parties. Also, git users clone repos, which means that those secrets are copied every where. Can you make sure those stay private too? Do you make your developers encrypt their laptops or delete repos from them before they leave their house or office?

jakub_g5y ago

Also, it's possible that when you have a secret in a private repo, it accidentally leaks when you deploy that repo to a public server. And it's easier to do this than you'd think, e.g. by a mix of a few unrelated changes by different developers.

Also, when an attacker gets access to one private repo by some means, you don't want him to pwn your whole organization.

j / k navigate · click thread line to collapse

0 comments

dorfsmay5y ago

No, that's not not why.

If you have secrets, encrypt them.

jakub_g5y ago

Also, when an attacker gets access to one private repo by some means, you don't want him to pwn your whole organization.

j / k navigate · click thread line to collapse