The Risks of Using Corporate Email Addresses in Private Git Repositories

Kacper Bąk
4 min readDec 11, 2022
Photo by Praveen Thirumurugan on Unsplash

Having used Git for more than just saving changes, you’ve probably at some point started to wonder what if, for example, I changed jobs, worked on a different project, or wanted to upload changes to a private project from company hardware on which permissions are configured for the intranet. After all, you’re not going to have that email forever, and you’re not going to work for the same company forever (probably).

Git solves this problem for you by allowing you to create remote repositories. These are essentially other places where you can upload and store your code and track changes.

You can upload your code to remote repositories like GitHub, GitLab and Bitbucket, or you can even create a private remote repository on your own server.

Once you have a remote repository set up, you can easily upload changes from any computer, as long as you have the same credentials. This way, you can easily keep your code in one place that you can access from any computer, regardless of the permissions that are set on the local machine.

You probably shouldn’t want a company email hanging over your commits that you do in your spare time and for yourself.

Below I have listed the risks of using a corporate email address in private repositories

  1. Security risks: Corporate email addresses may be stored in plain text in some repositories and can be accessed by malicious actors. This could potentially allow them to gain access to internal systems or steal sensitive information.
  2. Privacy risks: Corporate email addresses may be made public in some repositories, allowing anyone online to see or use them. This can be a concern for companies with sensitive data, as it can lead to potential data breaches.
  3. Legal risks: Corporate email addresses may be used in some repositories to commit copyright infringement or other illegal activities. This can put the company at risk of legal action.
  4. Reputational risks: Corporate email addresses may be used in some repositories to commit unethical or inappropriate activities. This can harm the company’s reputation and create public relations issues.

You can set the path of your Git identity by using the git config — global user.name and git config — global user.email commands. For example, if you want to set your Git identity path to “John Doe <john.doe@example.com>”, you would run the following commands:

git config --global user.name "John Doe"
git config --global user.email "john.doe@example.com"

The problem posed can be solved as you can set up multiple identities in your global Git config file. To do this, open the file in a text editor and add the following lines for each identity:

[user]
name = Your Name
email = Your Email Address

Once you have saved the changes, you can use the command git config — global user.name to switch between identities.

The best way to determine the paths for a given identity in Git is to use the git config command. This command allows you to view and set configuration values that control the behavior of the Git tools. For example, the following command will display the user name and email address associated with the current repository:

git config user.name
git config user.email

You can check the name in your Git settings for a particular repo by running the following command in the terminal:

git config user.name

You can set up a Git configuration file in each directory containing the email you want to use for that directory. This can be done by running the following command in each directory:

git config user.email "my@email.com"

Summary

In summary, you should not distribute changes to private repositories from a corporate email address that you have been given. This is because the company may not have given you permission to make such changes, or the changes may violate company policies. Additionally, any changes made to the repository may be tracked, and the company may not be aware of the changes you have made. Therefore, it is best to use your own personal email account when making changes to private repositories.

Publishing a corporate email address in a public repository can be dangerous for a company because it can lead to unwanted spam emails, phishing emails, and other malicious activities. It also makes it easier for hackers to find the email address, which can lead to more malicious activities such as account hijacking and identity theft. Additionally, publishing corporate emails in public repositories can also lead to legal issues, as the company may be held responsible for any emails sent from the address.

--

--