It’s not often that we take to our blog to announce someone else’s new feature – but in this case, it’s pretty cool and we’re glad to do so.
GitHub launched a feature called token scanning not too long ago. With token scanning, they look through your repo on every commit for anything that matches regular expressions provided to them by trusted vendors to help highlight keys and tokens that should never be committed.
We think this is an awesome way to keep secrets out of your repo, and we jumped at the chance to have our own CloudBees CodeShip Pro encryption key included. [Tweet “Read the latest about GitHub’s token scanning feature for CloudBees CodeShip Pro @ethangj via @codeship”]
Scanning for CodeShip.aes
This AES key is never intended to be committed to your repo – and now, if it is inadvertently committed, you’ll be notified by GitHub and can cycle the key right away!
This is both a minor deal and a major deal. Minor, because you don’t have to do anything different, and major because GitHub will help you catch any security slip in this regard immediately.
You don’t need to do anything to set this up, we partnered with GitHub to get it configured and it’s just another way we’ve worked (along with GitHub) to keep your CI/CD process safe and secure.
If you have any questions, just let us know.