GitHub scans repositories for known types of secrets, to prevent fraudulent use of secrets that were committed accidentally. In this GitHub Skills course you will learn how to enable secret scanning to identify serets and prevent them from being committed to your repository.
Welcome to "Introduction to Secret Scanning"! 👋
In this step, you will enable secret scanning on this repository. Once secret scanning is enabled, you will add a new credential to see how secret scanning identifies the credential.
What is a secret: In the context of secret scanning, a secret (or credential) is a plain-text string that authorizes a user to any number of third-party services. Examples could be AWS secret access keys/ID's, Google API keys, or Stripe API tokens. GitHub Docs hosts the entire list of supported patterns.
- Open a new browser tab, and work on the steps in your second tab while you read the instructions in this tab.
- In your newly created repository, select Settings from the top navigation bar.
- Under the Security section on the left side, select Code security and analysis.
- Scroll to the bottom of this page and select the Enable button next to "Secret scanning"
Important
When you enable secret scanning, you may receive an email notification about credentials in your repository. Don't worry! The tokens in this Skills repo are inactive. There is no risk to your environment.
Now that you have secret scanning enabled in this repository, let's commit a new token to see how it works. You'll commit an AWS key and access ID to the repository. Don't worry, this is an inactive token that can't be used to log in to AWS.
-
Like the first activity, you will need to work on these steps in a second browser tab.
-
Click the Code tab in your repository.
-
Select the
credentials.ymlfile. -
Click the Edit button to the right.
-
Copy the following text and paste it to the bottom of the
credentials.ymlfile.default: aws_access_key_id: AKIAQYLPMN5HNM4OZ56B aws_secret_access_key: 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 output: json region: us-east-2
-
Click Commit changes... from the top right. The "Propose changes" window will pop up. Leave the defaults configured, and click Commit changes again.
-
Wait about 20 seconds then refresh this page (the one you're following instructions from). GitHub Actions will automatically update to the next step.
Get help: Post in our discussion board • Review the GitHub status page
© 2023 GitHub • Code of Conduct • MIT License
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent