Skip to content

Update secrets advice #121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kevinbackhouse merged 4 commits into from
Dec 16, 2025
Merged

Update secrets advice #121

kevinbackhouse merged 4 commits into from
Dec 16, 2025

Conversation

@kevinbackhouse
Copy link
Collaborator

@kevinbackhouse kevinbackhouse commented Dec 16, 2025

Update to recommend using codespace secrets.

Copilot AI review requested due to automatic review settings December 16, 2025 12:31
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR improves the security guidance in the README by recommending GitHub Codespaces secrets for managing the AI_API_TOKEN and discouraging storing secrets on disk.

Key changes:

  • Added instructions for setting environment variables in the terminal
  • Introduced recommendation to use GitHub Codespaces secrets with a link to the settings page
  • Changed .env file guidance to explicitly discourage storing secrets on disk
  • Removed token examples (AI_API_TOKEN and GH_TOKEN) from the .env example section

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kevinbackhouse
Update README.md
55ad1dd 
Co-authored-by: Copilot <[email protected]>
Copilot AI review requested due to automatic review settings December 16, 2025 12:42
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@kevinbackhouse
Update README.md
96bc382 
Co-authored-by: Copilot <[email protected]>
Copilot AI review requested due to automatic review settings December 16, 2025 12:59
@kevinbackhouse kevinbackhouse marked this pull request as ready for review December 16, 2025 12:59
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@m-y-mo
Copy link
Contributor

m-y-mo commented Dec 16, 2025

Maybe add similar advice for GH_TOKEN as well?

@kevinbackhouse
Copy link
Collaborator Author

kevinbackhouse commented Dec 16, 2025

Maybe add similar advice for GH_TOKEN as well?

done

@kevinbackhouse kevinbackhouse merged commit 189004a into GitHubSecurityLab:main Dec 16, 2025
9 checks passed
@kevinbackhouse kevinbackhouse deleted the secret-advice branch December 16, 2025 16:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@m-y-mo m-y-mo m-y-mo approved these changes

@p- p- Awaiting requested review from p- p- is a code owner

@JarLob JarLob Awaiting requested review from JarLob JarLob is a code owner

@sylwia-budzynska sylwia-budzynska Awaiting requested review from sylwia-budzynska sylwia-budzynska is a code owner

@Kwstubbs Kwstubbs Awaiting requested review from Kwstubbs Kwstubbs is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kevinbackhouse @m-y-mo