• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Learn GIT in a month of lunches: security of auth mechanisms to private github repos in the cloud

 
Ranch Hand
Posts: 782
Python Chrome Ubuntu
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If my code is hosted in a private GITHUB repo, what are the security implications of deploying my github SSH keypair to cloud VMs that I spin up - in order to allow a headless process to git checkout ?
 
Author
Posts: 44
5
Python VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not a security expert, but I'd hazard that the main implication is that if your cloud VM was compromised, the attacker would have your one and only GitHub keypair. It might be best to create a second keypair on the cloud VM, and associate that with your GitHub account. If your VM was ever compromised, you would only have to disable one key pair.

Security of public/private keypairs can be tricky. I avoided discussion of this in the book, because GitHub's help has a lot to offer on the subject.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic