patternMinor
Should I turn off copilot for text files containing secrets?
Viewed 0 times
turncontainingtextsecretsfilesforshouldcopilotoff
Problem
I use VSCode and have recently started using GitHub Copilot for my projects (programming and devops related). I understand that Copilot will send parts of my text to a remote server to get suggestions etc. Some of those text is ansible inventory files which may contain URLs, paths, passwords and other secrets.
Is there a common consensus about this topic? Is this risky? Do people exclude specific file types with sensitive data from being read by copilot?
Is there a common consensus about this topic? Is this risky? Do people exclude specific file types with sensitive data from being read by copilot?
Solution
Cutting off copilot for files that contain secrets is a good idea. The risk that github gets hacked may be small, but it is still a risk that can be easily avoided so why take a chance?
Keep in mind that the more fundamental issue is that you should avoid having secrets in text files. These are things that should be stored in vault and only retrieved for as long as they are needed. Storing them on disk in any way should be avoided. Presumably you are keeping your ansible code in a github repo and we have multiple recent examples of organizations that have had breaches of their repos.
Keep in mind that the more fundamental issue is that you should avoid having secrets in text files. These are things that should be stored in vault and only retrieved for as long as they are needed. Storing them on disk in any way should be avoided. Presumably you are keeping your ansible code in a github repo and we have multiple recent examples of organizations that have had breaches of their repos.
Context
StackExchange DevOps Q#17351, answer score: 3
Revisions (0)
No revisions yet.