Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
What part(s) of the article would you like to see updated?
There's a big warning in the linked page:
- Use credentials that are minimally scoped:
- Make sure the credentials being used within workflows have the least privileges required, and be mindful that any user with write access to your repository has read access to all secrets configured in your repository.
It's really easy to read/skim past this the way the document is structured now.
I propose we add a new heading: Strongly consider who you give write rights to and
put the warning "Be mindful that any user with write access to your repository has read access to all secrets configured in your repository." in that section.
I suggest styling the warning message itself as a warning box with a red background, or something similar to really capture the attention of the reader.
Additional information
No response
Edited by maintainer.
Here is the content design plan by a writer for this issue.
Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions
What part(s) of the article would you like to see updated?
There's a big warning in the linked page:
It's really easy to read/skim past this the way the document is structured now.
I propose we add a new heading:
Strongly consider who you give write rights toandput the warning "Be mindful that any user with write access to your repository has read access to all secrets configured in your repository." in that section.
I suggest styling the warning message itself as a warning box with a red background, or something similar to really capture the attention of the reader.
Additional information
No response
Edited by maintainer.
Here is the content design plan by a writer for this issue.