2024-09-31<\/p>\n\n\n\n
More and more developers are using AI coding assistant tools like GitHub Copilot to speed up development. These can be powerful tools for improving productivity. However, keep in mind that when integrated into an IDE, tools like Copilot potentially have access to all the source code the developer is working on. They don’t just have access to the code you paste into the prompts, they also use the contents of the current file to provide additional context for the prompts. This greatly improves the accuracy of the response, but also increases the amount of code shared with the LLM and may include sensitive data that isn’t visible in your code editor at the current time. For continuity and context, they also save this information for an unspecified length of time, so it’s important to read the data privacy agreement for the supplier so you fully understand how they’ll use your data and how long they’ll keep it.<\/p>\n\n\n\n
Here are some steps you should consider to prevent software secrets (such as API keys, credentials, or other sensitive data) from being sent to Large Language Models (LLMs) and possibly being used to train future versions:<\/p>\n\n\n\n
Use an AI Assistant From A Trusted Company<\/strong><\/p>\n\n\n\n Choose A Plan Or Configure Your Plan So It Doesn’t Use Your Prompts and Code To Train Its Models<\/strong><\/p>\n\n\n\n Use Environment Variables for Secrets<\/strong><\/p>\n\n\n\n Use Secret Management Tools<\/strong><\/p>\n\n\n\n Leverage .gitignore and .copilotignore<\/strong><\/p>\n\n\n\n Implement Access Control Policies<\/strong><\/p>\n\n\n\n Use Linting and Static Analysis Tools<\/strong><\/p>\n\n\n\n Review and Monitor Copilot Suggestions<\/strong><\/p>\n\n\n\n Train Developers on Secure Coding Practices<\/strong><\/p>\n\n\n\n Regularly Rotate Secrets<\/strong><\/p>\n\n\n\n Disable Copilot in Sensitive Repositories<\/strong><\/p>\n\n\n\n By following these best practices, developers can significantly reduce the risk of exposing sensitive information to tools like GitHub Copilot and other LLM-based coding assistants.<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" 2024-09-31 More and more developers are using AI coding assistant tools like GitHub Copilot to speed up development. These can be powerful tools for improving productivity. However, keep in mind […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","_jetpack_memberships_contains_paid_content":false,"ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[18],"tags":[12,15,17,16,14,13],"class_list":["post-2004","post","type-post","status-publish","format-standard","hentry","category-ai-ml","tag-ai","tag-coding-assistant","tag-developing","tag-llm","tag-privacy","tag-security","entry"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/posts\/2004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/comments?post=2004"}],"version-history":[{"count":4,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/posts\/2004\/revisions"}],"predecessor-version":[{"id":2009,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/posts\/2004\/revisions\/2009"}],"wp:attachment":[{"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/media?parent=2004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/categories?post=2004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/grokkingdev.com\/index.php\/wp-json\/wp\/v2\/tags?post=2004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n
<\/ol>\n\n\n\n
\n