Wanted to know whether the repositories is encrypted at rest or not?
The privacy page https://help.github.com/en/articles/github-privacy-statement says "Transmission of data on GitHub is encrypted using SSH, HTTPS, and SSL/TLS. While our data is not encrypted at rest,..."
The following blog https://github.blog/changelog/2019-05-23-git-data-encryption-at-rest/ says otherwise. Incidentally both pages are updated on the same date.
Thanks for being here Source code stored on GitHub.com is encrypted at rest. There is a little more information in the following changelog entry:
Mark helpful posts with Accept as Solution to help other users locate important info. Don't forget to give Kudos for great content!
Are backups of the repositories also encrypted?
Is the repository data that is backed up decrypted at any point along the way to being backed up?
In other words, is the path from repository to backup end-to-end encrypted?
Is there any more information apart from that in github security guidelines that we can see?
TBH with you It doesn´t say much.....could you please elaborate more as to when and how is the data going to be encrypted?
All products in the market need to provide application level protection for their data before pushing to the down stream. Also need to provide the capability to connect to the External Key Manager (preferably with KMIP) to call it as a matured in terms of the security.
Unfortunately GitHub is not providing that as of now and delegating the responsiblity to the down stream disk level protection, which is very very less secure.
I strogy request and recommend GitHub to consider this as high priority security requirement and enable the encryption and EKM capability.
Happy to assist as needed for this.