Installing and managing the App’s credentials
When it comes to controlling access to sensitive information in GitHub, there are two approaches:
- Explicit and manual management: This involves specifying who can access the information and requires frequent manual updates
- Accessible and easy-to-manage options: This approach allows broader access, but it should be approached with caution to avoid unintended exposure of sensitive data to unauthorized users.
While organizational-level secrets can serve some use cases, it is essential to evaluate the level of scrutiny applied to prevent potential abuse. It is crucial to securely store application credentials and limit their exposure only to the necessary contexts and use cases. A couple of example use cases are as follows:
- Using a common application to invoke a workflow on a centralized repository as part of an onboarding exercise
- Using a secret to reference a tenant ID of a company in a cloud provider...
