Keeping your account and data secure
To protect your personal information, you should keep both your GitHub AE account and any associated data secure.
About authentication to GitHub→
You can securely access your account's resources by authenticating to GitHub AE, using different credentials depending on where you authenticate.
Updating your GitHub access credentials→
GitHub AE credentials include the access tokens, SSH keys, and application API tokens you use to communicate with GitHub AE. Should you have the need, you can reset all of these access credentials yourself.
Creating a personal access token→
You should create a personal access token to use in place of a password with the command line or with the API.
Reviewing your SSH keys→
To keep your credentials secure, you should regularly audit your SSH keys, deploy keys, and review authorized applications that access your GitHub AE account.
Reviewing your deploy keys→
You should review deploy keys to ensure that there aren't any unauthorized (or possibly compromised) keys. You can also approve existing deploy keys that are valid.
Authorizing OAuth Apps→
You can connect your GitHub AE identity to third-party applications using OAuth. When authorizing an OAuth App, you should ensure you trust the application, review who it's developed by, and review the kinds of information the application wants to access.
Reviewing your authorized integrations→
You can review your authorized integrations to audit the access that each integration has to your account and data.
Connecting with third-party applications→
You can connect your GitHub AE identity to third-party applications using OAuth. When authorizing one of these applications, you should ensure you trust the application, review who it's developed by, and review the kinds of information the application wants to access.
Reviewing your authorized applications (OAuth)→
You should review your authorized applications to verify that no new applications with expansive permissions are authorized, such as those that have access to your private repositories.
Reviewing your security log→
You can review the security log for your user account to better understand actions you've performed and actions others have performed that involve you.
Removing sensitive data from a repository→
If you commit sensitive data, such as a password or SSH key into a Git repository, you can remove it from the history. To entirely remove unwanted files from a repository's history you can use either the
git filter-branch command or the BFG Repo-Cleaner open source tool.