How to store source code
At GDS, we follow the principles set out in the Service Manual for managing the code, we write by:
You must keep secret data such as API keys or credentials closed and separate from source code. This information could allow someone to gain access to your system.
Place new repositories for GDS services in the alphagov organisation on GitHub.
You can use your personal GitHub account to access alphagov. Ask your tech lead or technical architect to invite you.
To secure your Github repository, make sure you:
- configure two-factor authentication for your account
- ensure Git repositories are backed up to another location (this should be a team responsibility)
- have considered encrypting your repository contents
How to to retire applications
If an application is no longer used in production, you should archive its repository.
Update the application’s README to detail why the repository has been archived, and link to a new location if the application has been superseded.