Here we attempt to help any developer to use GIT and GitHub more securely. Any challenges that we are facing in terms of security will be registered here. You will find information on how to use GIT securely in development work. This guide is the result of our team actively developing a pure GIT/GitHub infrastructure for repository optimization and automation during which we encountered security challenges.
Topics that are covered among others:
- GPG and how we use it for projects.
- GPG basic and more advanced uses in relation to GIT and GitHub.
- GitHub secrets, tokens, etc.
- GIT vs GitHub differences.
- etc.
We Are All Ears!
If you would like to contribute with your experience, have a question or would like to make a correction or suggestion, you are more than welcome. We encourage you to tell us. This is a team effort meant to benefit everyone.
If you would like to do so, please go and open a discussion on the topic, challenge you are facing, improvement we could make etc.
How we work:
- A new discussion is opened
- We discuss it publicly with you
- If it makes a new addition to the guide, we create an issue
- You can create the new document or extend or amend an existing one
- You can go here to set up a new discussion. We look forward to seeing your work!.
Articles
- 1. What is GPG
- 2. Why We Use GPG
- 3. How to Get Your First GPG Keys
- 4. How to Use GPG with GIT and GitHub
- 5. Best Practices
- 6. Other Uses
- 7. How to Create a Subkey for Signing
- 8. How to Use a Signing Key Independently from the Primary Key
- 9. Git Commits Partially Verified
- 10. How to Remove Commits by Their Commit Message
- 11. How to Import the Dependabot GPG Public Key
- 12. How GitHub Actions Can Get Access to Secrets
- 13. GitHub Actions - Sharing Your Secrets with Third-Party Actions
- 14. Using Git as a Key-Value Database
- 15. Generate and use a new key for Git.
- Curated List of Resources
Suggestions and Contact
If you would like to contact us or make any suggestions or comments, please do so either via creating a new issue in our GitHub repository or by emailing us at info@nautilus-cyberneering.de.