Video Thumbnail for Lesson
9.4: Security Best Practices

Security Best Practices

Security is a first-class constraint for any automation platform. This lesson wraps up the module with practices that protect your infrastructure and points you toward resources for continued learning.

Security best practices

  • Grant the minimum permissions necessary for each workflow or job.
  • Favor short-lived tokens over long-lived credentials whenever possible.
  • Maintain an allow list of approved marketplace actions.
  • Pin marketplace actions by commit SHA to guarantee repeatable builds.
  • Do not let forked pull requests run on self-hosted runners; otherwise, attackers could exfiltrate secrets or tamper with the host.
  • Use GitHub environments to require manual approvals before sensitive deployments (such as production) execute.