Security Policies and Sensitive Data Management

Intermediate GitHub Concepts

Stan Konkin

ML Enthusiast, DataCamp

Overview

data scientist, protecting company data from two robbers

🔑 Set Up Security Policies

⚙ Remove Sensitive Data

🛠 Manage Historical Commits

Setting Up Security Policies

SECURITY.md:

📝 Purpose: Guides security issue reporting
🔑 Key Elements: Contact info, guidelines, response times
🛠 Customization: Tailor to project needs

An example of SECURITY.md

Setting Up a SECURITY.md File

Setting Up a SECURITY.md File

Setting Up a SECURITY.md File

Checking the SECURITY.md file in the Security tab

Risks of Committing Sensitive Data

⚠ Exposure: Risk of leaking sensitive data
🔒 Unauthorized Access: Others accessing our systems
🚨 Act Fast: Remove data quickly to reduce risks

Commit with Sensitive Data

Committing Sensitive Data

Committing a file with sensitive data

📢 Immediate Action: If your credentials were exposed, change them right away

The Limitations of Deleting or Editing Files

sensitive saved in the commit history

sensitive data in the delete secrets.py commit

Removing Sensitive Data: Two Tools Compared

git filter-repo:

⚙ Control: Detailed management of history

🔧 Complex: Best for intricate cases

🛠 Versatile: Supports various tasks

BFG Repo-Cleaner:

⚡ Quick: Fast and simple to use

🛠 Bulk: Great for large-scale deletions

🔒 Open Source: Focused on speed

¹ docs.github.com/en/authentication/keeping-your-account-and-data-secure/removing-sensitive-data-from-a-repository

High-Level Overview of Using BFG Repo-Cleaner

⚙ GitHub UI is limited for advanced tasks
🛠 Use terminal commands to handle sensitive data removal
💾 Download bfg.jar to run BFG Repo-Cleaner

BFG Repo-Cleaner

bfg.jar file to download

¹ rtyley.github.io/bfg-repo-cleaner/

Wrapping Up the Cleanup Process

commit history

overwritten history for Delete secrets.py

Let's practice!

Intermediate GitHub Concepts

Preparing Video For Download...