Y
Hacker News
new
|
ask
|
show
|
jobs
by
chrisrpatterson
1734 days ago
Yes a malicious fork will NOT be able to get a JWT just like they are not able to get any other secrets or privledges to the repo.
1 comments
jffry
1734 days ago
I was going to ask for a source, but I saw you've commented in the past that you're the GitHub Actions product manager.
This looks like a great feature to help keep long-lived AWS secrets out of my builds entirely.
link
This looks like a great feature to help keep long-lived AWS secrets out of my builds entirely.