Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
How about encryption?
https://github.com/AGWA/git-crypt has been solid for me
Some folks use tools like https://github.com/mozilla/sops to store most secrets (besides the sops key, of course) in source control. Of course, you aren't committing the cleartext but if the repo gets published you should probably rotate your keys just to be safe...
I see a lot of deserved distrust of MS, but I thought GitHub was a operated as a separate unit under Microsoft? [1] I expected that Co-Pilot was an initiative of that leadership team and training the LLM is what's likely reading certain repositories?
On a side note, I'm trying to imagine what "sensitive" code would be read, incorporated into an LLM such as Co-pilot, and somehow have any meaningful impact to me once incorporated?
[1] https://github.com/about/leadership