GitHub Actions Secrets: Security Best Practices
HTML-код
- Опубликовано: 3 июл 2024
- In this video I am going to show you some security best practices for using GitHub Actions Secrets properly and safely.
Let’s talk about security, and about how to properly use and configure GitHub Actions Secrets.
This video is part of the new GitHub Security Hardening series.
🌟EXCLUSIVE CONTENT🌟
Do you want to access exclusive content, live chats and Q&As, polls, and even 1:1 calls with me? Join my Patreon: / coderdave
🆘 NEED HELP? 🆘
Book a 1:1 Consultation with CoderDave: geni.us/cdconsult
🙏🏻SUPPORT THE CHANNEL🙏🏻
Buy me a coffee: www.buymeacoffee.com/CoderDave
PayPal me donation: paypal.me/dabenveg
🎥VIDEOS
► Automate EVERYTHING With GitHub Actions: • Automate EVERYTHING wi...
► GitHub Actions Composite vs Reusable in 2023: • Composite Actions VS R...
► GitHub Security Hardening playlist: • GitHub Security Hardening
💬JOIN THE COMMUNITY
► Discord: geni.us/cddiscord
► Newsletter: coderdave.io/newsletter
► Blog: dev.to/n3wt0n
► GitHub: github.com/n3wt0n
► Twitter: / davidebenvegnu
► Facebook: / coderdaveyt
⏲TIMESTAMPS
0:00 Why Security Hardening for Secrets
1:53 Best Practice 1
2:26 Best Practice 2
3:21 Best Practice 3
4:09 Best Practice 4
5:05 Best Practice 5
5:33 Best Practice 6
5:57 Conclusions
🎤PODCAST: geni.us/cdpodcast
❓QUESTIONS?
Have a question about DevOps, Cloud, Coding, or Anything Else? Post in comments section of this video!
🔴SUBSCRIBE to CoderDave here: ruclips.net/user/CoderDave?sub...
_______________
👕Get my MERCH: geni.us/cdmerch
🔮TOOLS I USE
► Twingate - Connect to your Private Resources SECURELY: geni.us/twingate
► TubeBuddy - #1 RUclips channel Management tool (FREE): www.tubebuddy.com/CoderDave
► Moosend - Free Newsletter and Automation Platform: geni.us/moosend
📸🖥️GEAR AND SOFTWARE
► Music - Epidemic Sound (Get 30 days free): epidemicsound.com/referral/zf...
► Editing - Adobe Premiere Pro: geni.us/AdobeVideo
► Gear I Use for RUclips: kit.co/CoderDave/gear-i-use-f...
► Gear I Use for Streaming: kit.co/CoderDave/gear-i-use-f...
► My Computer Setup: kit.co/CoderDave/main-compute...
► Full office setup: github.com/n3wt0n/work-from-h...
Disclaimer:
Some product links are affiliate links which means if you buy something I'll receive a small commission at no additional cost to you.
As an Amazon Associate, I earn from qualifying purchases. 
Наука
making good content , kudos dave :)
Hey, thanks!
✨ Question of the day ✨: Do you have any other tips or best practice to handle secrets in GitHub?
GET HELP ON DEVOPS: geni.us/cdconsult
SUPPORT THE CHANNEL :
Buy me a coffee: www.buymeacoffee.com/CoderDave
PayPal me donation: paypal.me/dabenveg
Hi, Dave. Thank you for the video! Quite helpful. However, I don't quite understand practice 2, where you talked about things generated from a secret should also be registered as a secret. I thought you have to define secret before using them? Or it is possible to register a secret dynamically during the execution of a GitHub Action?
Ideally, if a secret is known you would register it as secret in the UI so you can reuse it.
However, it is possible to register something as secret at runtime. This won't make it available to other runs of the workflow, of course, but will instruct GH Actions to use the same "redaction" as the normal secrets