79585becec
Co-authored-by: github-actions <github-actions@github.com> Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
3.0 KiB
title, intro, versions, product, type, topics
| title | intro | versions | product | type | topics | ||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Push protection for users | With push protection for users, you are automatically protected on all pushes to public repositories across {% data variables.product.product_name %}. |
|
{% data reusables.gated-features.push-protection-for-users %} | how_to |
|
About push protection for users
Push protection for users automatically protects you from accidentally committing secrets to public repositories across {% data variables.product.product_name %}.
When you try to push a secret to a public repository, {% data variables.product.prodname_dotcom %} blocks the push. If you believe it's safe to allow the secret, you have the option to bypass the block. Otherwise, you must remove the secret from the commit before pushing again. For more information on how to resolve a blocked push, see "AUTOTITLE."
Push protection for users is always on by default. You can disable the feature at any time through your personal account settings. This may cause secrets to be accidentally leaked. For more information, see "Disabling push protection for users."
Push protection for users is different from push protection for repositories and organizations, which is a {% data variables.product.prodname_secret_scanning %} feature that must be enabled by a repository administrator or organization owner. With push protection for repositories and organizations, {% data variables.product.prodname_secret_scanning %} blocks contributors from pushing secrets to a repository and generates an alert whenever a contributor bypasses the protection. For more information, see "AUTOTITLE."
With push protection for users, {% data variables.product.prodname_dotcom %} won't create an alert when you bypass the protection and push a secret to a public repository, unless the repository itself has {% data variables.product.prodname_secret_scanning %} enabled. However, if the bypassed secret is a {% data variables.product.prodname_dotcom %} token, the token will be revoked and you will be notified by email.
For information on the secrets and service providers supported for push protection, see "AUTOTITLE."
Disabling push protection for users
You can disable push protection for users through your personal account settings.
{% data reusables.user-settings.access_settings %} {% data reusables.user-settings.security-analysis %}
-
Under "User", to the right of "Push protection for yourself", click Disable.
