51 lines
1.4 KiB
Plaintext
51 lines
1.4 KiB
Plaintext
|
include::../../../shared_content/secrets/description.adoc[]
|
||
|
|
|
||
|
|
== Why is this an issue?
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/rationale.adoc[]
|
||
|
|
|
||
|
|
=== What is the potential impact?
|
||
|
|
|
||
|
|
GitHub tokens are used for authentication and authorization purposes when
|
||
|
|
interacting with the GitHub API. They serve as a way to identify and
|
||
|
|
authenticate users or applications that are making requests to the GitHub API.
|
||
|
|
|
||
|
|
The consequences vary greatly depending on the situation and the secret-exposed
|
||
|
|
audience. Still, two main scenarios should be considered.
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/impact/financial_loss.adoc[]
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/impact/security_downgrade.adoc[]
|
||
|
|
|
||
|
|
== How to fix it
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/fix/revoke.adoc[]
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/fix/recent_use.adoc[]
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/fix/vault.adoc[]
|
||
|
|
|
||
|
|
=== Code examples
|
||
|
|
|
||
|
|
:example_secret: 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
|
||
|
|
:example_name: token
|
||
|
|
:example_env: TOKEN
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/examples.adoc[]
|
||
|
|
|
||
|
|
//=== How does this work?
|
||
|
|
|
||
|
|
//=== Pitfalls
|
||
|
|
|
||
|
|
//=== Going the extra mile
|
||
|
|
|
||
|
|
== Resources
|
||
|
|
|
||
|
|
include::../../../shared_content/secrets/resources/standards.adoc[]
|
||
|
|
|
||
|
|
=== Documentation
|
||
|
|
|
||
|
|
GitHub documentation - https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens[Managing your personal access tokens]
|
||
|
|
|
||
|
|
//=== Benchmarks
|