Closed annaobarz closed 10 months ago
sengi
commented
10 months ago I think the Vagrant environment hasn't been used in a long time and this is some disused config related to it, but we really appreciate your vigilance — thanks for raising this!
I'll double-check that those private keys etc. really aren't used anywhere. (And of course we'll nuke the file in the meantime.)
sengi
commented
10 months ago Also huge thanks for putting me onto the fact that — somehow — we don't appear to have secret scanning enabled on this repo 😅 (it's supposed to be enabled+enforced org-wide, plus I thought public repos were meant to be covered by default — clearly not always, apparently!)
edit: turns out it's only GitHub Partners that automatically get secret scanning notifications on public repos. We should still be enforcing it at org level though.
edit: org-wide secret scanning by default is happening imminently 🎉
annaobarz
commented
10 months ago @sengi happy to help!
I stumbled across this publicly accessible page, and was wondering whether it should be publicly accessible?