I'm worried if I use my personal github for work that it could cause my employer (FAANG) to have access to all of my personal things. This could involve open source work as well as private work repos.
Is it possible to insulate myself from this risk by:
- only using my work laptop for work things
- work-only ssh & gpg keys that are only accessed on my work laptop
Or is the only hope to create a separate Github accounts?
by jstx1 on 3/16/22, 4:09 PM
Making a new github account takes less time and effort than you've spent just typing out this question.
by runjake on 3/16/22, 4:10 PM
The general consensus whenever this is asked is: use work resources for work, and personal resources for personal.
In other words, don't cross the streams.
by criticas on 3/16/22, 3:20 PM
You're asking about a technology solution to a legal problem. Depending on the agreement between you and your employer, even a separate account may not be sufficient.
Understand that first, then determine how to best implement it.
by devonnull on 3/16/22, 11:13 PM
Best to have a separation of church and state (so to speak). Use your work devices for work, and your personal devices for personal things. It might sound a bit cumbersome, but it can prevent potential problems.
A few years ago, a colleague accidentally pushed a bunch of AWS keys (or something like that) to his person GitHub account when he should have pushed it to his company one. His personal account was public, someone found the keys, and started spinning up AWS instances by the dozen using those keys.
by madnooby on 3/16/22, 3:12 PM
They can not access your private repositories if you are just in the organization.
by labarilem on 3/16/22, 4:36 PM
Why do you prefer using your personal GitHub account for work?