By default, your codespaces have access to all resources on the public internet, including package managers, license servers, databases, and cloud platform APIs, but they have no access to resources on private networks.
There are currently two methods of accessing resources on a private network within GitHub Codespaces.
- Using a GitHub CLI extension to configure your local machine as a gateway to remote resources.
- Using a VPN.
Note: The GitHub CLI extension is currently in beta and subject to change.
The GitHub CLI extension allows you to create a bridge between a codespace and your local machine, so that the codespace can access any remote resource that is accessible from your machine. The codespace uses your local machine as a network gateway to reach those resources. For more information, see "Using GitHub CLI to access remote resources."
As an alternative to the GitHub CLI extension, you can use a VPN to access resources behind a private network from within your codespace.
There are also a number of third party solutions that, while not explicitly endorsed by GitHub, have provided examples of how to integrate with GitHub Codespaces.
These third party solutions include:
While GitHub publishes IP ranges for several products on its Meta API, IP addresses for codespaces are dynamically assigned, meaning your codespace is not guaranteed to have the same IP address day to day. For more information, see "REST API endpoints for meta data."
Allowlisting an entire IP range would give overly broad access to all codespaces (including users not affiliated with your codespaces), so for this reason codespace creation is disabled if you enable IP allow lists. For more information, see "Managing allowed IP addresses for your organization."
At present, there is no way to restrict codespaces from accessing the public internet, or to restrict appropriately authenticated users from accessing a forwarded port.
For more information on how to secure your codespaces, see "Security in GitHub Codespaces."