Skip to content

Latest commit

 

History

History
30 lines (23 loc) · 2.32 KB

File metadata and controls

30 lines (23 loc) · 2.32 KB
title Push protection from the command line
shortTitle Command line push protection
intro Understand how {% data variables.product.github %} uses push protection to prevent secret leaks from the command line.
permissions {% data reusables.permissions.push-protection-resolve-block %}
versions
fpt ghes ghec
*
*
*
contentType concepts
category
Protect your secrets
redirect_from
/code-security/concepts/secret-security/push-protection-from-the-command-line

Push protection prevents you from accidentally committing secrets to a repository by blocking pushes containing supported secrets.

When you attempt to push a supported secret from the command line to a repository secured by push protection, {% data variables.product.prodname_dotcom %} will block the push.

You should either:

Up to five detected secrets will be displayed at a time on the command line. If a particular secret has already been detected in the repository and an alert already exists, {% data variables.product.prodname_dotcom %} will not block that secret.

If you confirm a secret is real and that you intend to fix it later, you should aim to remediate the secret as soon as possible. For example, you might revoke the secret and remove the secret from the repository's commit history. Real secrets that have been exposed must be revoked to avoid unauthorized access. You might consider first rotating the secret before revoking it. For more information, see AUTOTITLE.

{% data reusables.secret-scanning.push-protection-multiple-branch-note %}