将凭据存储在 github secrets 中是否安全?
[英]Is it safe to store credentials in github secrets?
2 个解决方案
解决方案1
2 2020-01-21 13:52:42
I'm not sure that anyone can really answer that for you.
我不确定是否有人能真正为你回答这个问题。 I think it depends how sensitive, and what level of risk you can afford to take.我认为这取决于您的敏感程度以及您可以承受的风险水平。
What I would suggest, if you are concerned about the security of your secrets, is not to use third party GitHub actions directly.如果您担心机密的安全性,我建议不要直接使用第三方 GitHub 操作。 Always fork the action and use your fork in workflows.始终分叉操作并在工作流程中使用分叉。 This will prevent the possibility of someone modifying an action you are using to capture secrets and send them to some external server under their control.这将防止有人修改您用来捕获机密并将其发送到受其控制的外部服务器的操作的可能性。
解决方案2
0 2022-01-04 15:25:12
Secrets are encrypted environment variables that you create in an organization, repository, or repository environment.机密是您在组织、存储库或存储库环境中创建的加密环境变量。 The secrets that you create are available to use in GitHub Actions workflows.您创建的密钥可用于 GitHub 操作工作流。 GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub and remain encrypted until you use them in a workflow. GitHub 使用libsodium 密封盒来帮助确保机密在到达 GitHub 之前已加密,并在您在工作流程中使用它们之前保持加密状态。 For more details see https://docs.github.com/en/actions/security-guides/encrypted-secrets有关更多详细信息,请参阅https://docs.github.com/en/actions/security-guides/encrypted-secrets
Add an additional layer of protection by adding org-level access policy and enable reviewer to control env secrets.通过添加组织级别的访问策略来添加额外的保护层,并使审阅者能够控制 env 机密。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.