So a large client of mine gave me access to their Organisation GitHub account.
With it came a login for myself (on github.companyname.com) and of course access to certain repos on their company account (by switching the user to the company via the button in the top left).
Now I was wondering, since I can create private repos for myself, is it safe for me to use these for non-related projects or can the company administrators access my user’s repos despite being private? My understanding of Github is limited as it is, so this extra layer of complexity from the organisation account isn’t helping too much.
Thanks,
Mike
UPDATE: Thanks to all of you who posted answers and wrote comments, all were really helpful. I have decided to no host any personal projects on their enterprise account as suggested, and again, as recommended I now host my repos on a private provider like bitbucket.
Mike
8
I would avoid this — there are some access / code security issues that are solvable by nothing more complex then having something purely under your control checking out a copy every day but the thornier issue is intellectual property. If it is on the company’s account they have a much stronger claim to ownership than if it is under your account. I would not want to open that can of worms myself.
I’ll add that bitbucket lets you do unlimited priviate git repositories for free if you just are trying to find a free cloud DCVS provider.
1
If you’re signing in at github.companyname.com, then they’ve either set up a domain name for vanity purposes, or it’s a GitHub Enterprise installation and not an organisation account on GitHub.com.
It it’s the latter then the entire thing is using GitHub’s software, but running on a server that companyname controls. Enterprise is provided as a fairly locked-down virtual machine, but the company’s admins do have SSH Access, and they can dump all repositories as a single .tar file.
So, unless the user account they gave you also works at GitHub.com, I would have to assume that yes, the company’s admin’s could access the repository’s data if they wanted to.
2
Not unless you add keys from the company (i.e. not yours) to your own github project as collaborators.
1