Enterprise-wide credential management tools for incident response
Source: GitHub Changelog
New credential management actions
Enterprise owners can now use new credential management actions to respond decisively to high‑impact security incidents in their GitHub Enterprise Cloud accounts. These capabilities are available for:
- Enterprise Managed Users (EMU)
- Enterprises with personal accounts that have enabled single sign‑on (SSO) for the enterprise or its organizations
Available actions for investigation and mitigation
- Review credential counts authorized via SSO for one or more organizations in your enterprise.
- Temporarily block SSO for all users except enterprise owners to reduce the blast radius while you investigate.
- Revoke SSO authorizations for user credentials (personal access tokens, SSH keys, and OAuth tokens) across your enterprise.
- Delete user tokens and SSH keys across your enterprise, even if they don’t have an SSO authorization (available only for EMU accounts).
Note: Use these actions only during major security incidents, as they can break automations and disrupt developer workflows. Audit logs provide context about revoked and deleted credentials.
Regular token rotation
For routine token rotation at scale, we recommend configuring maximum token lifetimes that align with your security practices:
Maximum token lifetimes documentation
Fine‑grained permission
A new fine‑grained permission, Manage enterprise credentials, allows enterprise owners to delegate credential management to trusted administrators who can execute the actions above when needed.
Further reading
- Respond to security incidents in your enterprise
- Join the discussion on the GitHub Community