Security Policies and Sensitive Data Management

1. Security Policies and Sensitive Data Management

Welcome to our final video on Security Policies and Sensitive Data Management!

2. Overview

We’ll cover how to secure our repositories by setting up security policies, removing sensitive data, and managing commit history. Let’s get started!

3. Setting Up Security Policies

Let’s start with the foundation: creating a SECURITY.md file. This file guides users on how to report security issues and outlines our team’s actions. It includes details like contact info and reporting guidelines. Customizing this file ensures clear communication and keeps our project secure.

4. Setting Up a SECURITY.md File

To set up a SECURITY.md file, we open the ecommerce-data-hub repository and navigate to the Security tab, select Security Policy, and start setup. We edit the file with our guidelines and commit the changes to save it.

5. Setting Up a SECURITY.md File

Once our SECURITY.md file is live, it’s easy to find in the Security tab. It helps guide users on how to report and resolve security issues quickly.

6. Risks of Committing Sensitive Data

Next, let's see how to handle sensitive data in our repository. Committing sensitive information, like passwords, can expose our project to major risks. Act immediately to protect data.

7. Committing Sensitive Data

Let’s imagine you accidentally committed a secrets.py file with sensitive data like passwords. This exposes critical info to anyone with access. Act quickly: change credentials immediately.

8. The Limitations of Deleting or Editing Files

Deleting or editing a file like secrets.py seems like a fix, but sensitive data is still saved in commit history. To protect our project, we need to remove this data from the entire history.

9. Removing Sensitive Data: Two Tools Compared

To remove sensitive data from our repository’s history, we can use either git filter-repo or BFG Repo-Cleaner. git filter-repo offers detailed control, ideal for complex scenarios, allowing precise management of our commit history. BFG Repo-Cleaner is a faster, simpler open-source tool, great for quickly removing large files or sensitive data, though it offers less control. To find out more about these tools, check out the documentation.

10. High-Level Overview of Using BFG Repo-Cleaner

For advanced tasks, GitHub UI isn’t enough — we need terminal commands. BFG Repo-Cleaner helps with this, but first, download the bfg.jar file.The main idea is that we'll need to run a few commands in terminal environments like PowerShell or Bash to remove sensitive data from all commits in your repository.

11. Wrapping Up the Cleanup Process

After running the necessary commands, the commit history still shows the creation and deletion of the secrets.py file, but no sensitive data remains. Although the commits are visible, the sensitive information has been fully removed. Tools like BFG Repo-Cleaner or git filter-repo are ideal for cleaning histories, especially when sensitive data spans multiple commits or branches.

12. Let's practice!

We’ve covered security policies to removing sensitive data. Now, it’s time to dive into practice!

Create Your Free Account

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.