Documentation
Last updated
Last updated
Git commit signing can be an important tool but OTP Guard covers different cases. Git commit signing is not always easy to , whereas getting started with OTP Guard takes only a few clicks. This makes OTP Guard suitable even for non-technical users such as content editors. OTP Guard also works well to ensure an authorized person-in-the-middle for automated PRs such as Dependabot, or open source projects where commit signatures would be impractical to enforce for all contributors.
The first authenticator is "free" but enrolling secondary authenticators requires a with an existing authenticator to unlock the enrollment. If a team member loses access to their existing authenticators, then an orgnization admin will need to remove the existing authenticators from their account in order to re-enroll.
Read access to . This permission is required by Github.
Read access to . This includes the PR title, description, author, status, commit list and commit messages. However, this does not include the contents of the commits, or the contents of PR review messages. Your code stays with you.
Read access to . This is so OTP Guard can determine which users should have what permissions, since permissions are inherited from the Github organization.
Read and write access to . This is how OTP Guard requires PRs to be authorized before merging.
Security requires a belt-and-suspenders approach; there is no magical wand to secure all the things. This includes best practices such as limiting access, keeping permissions up-to-date, and making sure secrets are not present in the code. See for more tips on defense in depth.