Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ground Controller Lvl 1
Message 1 of 6

Does github uses encryption at rest for all the repositories?

Wanted to know whether the repositories is encrypted at rest or not? 

The privacy page https://help.github.com/en/articles/github-privacy-statement says "Transmission of data on GitHub is encrypted using SSH, HTTPS, and SSL/TLS. While our data is not encrypted at rest,..."

 

The following blog https://github.blog/changelog/2019-05-23-git-data-encryption-at-rest/ says otherwise. Incidentally both pages are updated on the same date. 

5 Replies
Highlighted
Community Manager
Message 2 of 6

Re: Does github uses encryption at rest for all the repositories?

Thanks for being here Source code stored on GitHub.com is encrypted at rest. There is a little more information in the following changelog entry:

 

https://github.blog/changelog/2019-05-23-git-data-encryption-at-rest/


I hope this helps,
Andrea

Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!

Highlighted
Ground Controller Lvl 1
Message 3 of 6

Re: Does github uses encryption at rest for all the repositories?

Are backups of the repositories also encrypted?

Is the repository data that is backed up decrypted at any point along the way to being backed up?

In other words, is the path from repository to backup end-to-end encrypted?

 

 

Highlighted
Ground Controller Lvl 1
Message 4 of 6

Re: Does github uses encryption at rest for all the repositories?

Is there any more information apart from that in github security guidelines that we can see?

Copilot Lvl 2
Message 5 of 6

Re: Does github uses encryption at rest for all the repositories?

Hi there,

 

TBH with you It doesn´t say much.....could you please elaborate more as to when and how is the data going to be encrypted?

 

BR

 

Alvaro V. 

Highlighted
Ground Controller Lvl 1
Message 6 of 6

Re: Does github uses encryption at rest for all the repositories?

All products in the market need to provide application level protection for their data before pushing to the down stream. Also need to provide the capability to connect to the External Key Manager (preferably with KMIP) to call it as a matured in terms of the security. 

 

Unfortunately GitHub is not providing that as of now and delegating the responsiblity to the down stream disk level protection, which is very very less secure. 

 

I strogy request and recommend GitHub to consider this as high priority security requirement and enable the encryption and EKM capability. 

 

Happy to assist as needed for this.