|
|
|
|
|
|
by prepend
1140 days ago
|
|
|
I’m not that worried about this. I mean, Microsoft runs azure and they have security protocols, that you can audit and show to your auditors, that reduce the risk of sysadmins snooping on vms, blob storage and anything else they could scan for keys. I think the risk of a GitHub employee introducing malicious code to scan memory and dump any tokens found for exhilaration is lower than the risk of my own employee or myself doing that. Rotating the secret seems like a waste of resources in this situation. |
|
|