Multiple GitHub accounts

Srujan

Aug 23, 2023 • 1 min read

This is often debated in early stage startups.

Should we ask our employees to create accounts with a company's email ID or let them use their personal github account?

Why I'm in no favour of new github accounts for every employee.

It isn't logical. Even if the policy says they should create a github account with email id, let's say [email protected], the account allows them to add multiple email addresses. And since github login has it's own credentials, there's no sign-in with google for you to control the access.

So, bruce can still have access to repositories of wayne if the email id [email protected] is added to the same github account.

It helps me keep things sane!

Not quite. Once people create accounts, the administrator doesn't really have any control on their usernames, etc. Additional tooling with hacks like an automated script to enforce some regex in their usernames is not where you should spend time in your early stages.

What is the alternative?

Fortunately, github gives enterprise accounts for startup program. The costs per github user aren't too high either.

With this, one can enable tight security controls like SAML login, restriction of repositories to logged in members, etc. Additionally, there are other benefits like actions minutes, and few features that'd be helpful in building the product/company in initial stages.

What is the alternative, but not paying money?

Trust. While the above assures security of the organisation, you can still be secure without company email ID, by trusting your employees to do 2FA and maintain integrity such as not creating public repositories under your org, pushing secrets, etc.

Note: When building a product, focus on it so much and pay least attention to administrative stuff that money can solve.

The same theory goes for gitlab and other such competitors. I'm not a huge fan of bitbucket.