Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Using Personal GitHub for Work?
6 points by shay_ker on March 16, 2022 | hide | past | favorite | 16 comments
I'm worried if I use my personal github for work that it could cause my employer (FAANG) to have access to all of my personal things. This could involve open source work as well as private work repos.

Is it possible to insulate myself from this risk by:

- only using my work laptop for work things

- work-only ssh & gpg keys that are only accessed on my work laptop

Or is the only hope to create a separate Github accounts?



Making a new github account takes less time and effort than you've spent just typing out this question.


lol i did both at the same time.

also it turns out that having more than one GH free account is against the terms of service:

https://docs.github.com/en/site-policy/github-terms/github-t...


Lol. Preach.


The general consensus whenever this is asked is: use work resources for work, and personal resources for personal.

In other words, don't cross the streams.


I wonder how many of these same people advocate for working from home. Is your bedroom a work resource?


You're asking about a technology solution to a legal problem. Depending on the agreement between you and your employer, even a separate account may not be sufficient.

Understand that first, then determine how to best implement it.


AFAIK in California, personal work that’s done on personal devices outside of work hours aren’t accessible by your employer from a legal perspective.

Just not sure if that separation will hold up if you have a single GitHub account.


Right so then the question is a legal one about what counts as a "personal device" rather than a technical one about github auth or ssh keys or whatever. I think this reinforces the point of the person you were replying to.


Yep, the question is about what’s legally defensible!


Best to have a separation of church and state (so to speak). Use your work devices for work, and your personal devices for personal things. It might sound a bit cumbersome, but it can prevent potential problems.

A few years ago, a colleague accidentally pushed a bunch of AWS keys (or something like that) to his person GitHub account when he should have pushed it to his company one. His personal account was public, someone found the keys, and started spinning up AWS instances by the dozen using those keys.


They can not access your private repositories if you are just in the organization.


Right, I’m wondering from a legal perspective if they do


if you're worried about legal, go for separated accounts.


Why do you prefer using your personal GitHub account for work?


it's against the ToS to have multiple accounts:

https://docs.github.com/en/site-policy/github-terms/github-t...


It’s nice to have all that work show up in the activity stream that you are putting out there on your resume or for your public persona.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: