Private Git

Secure version control that keeps credentials isolated in your workspace.

The Problem

Traditional Git workflows expose sensitive data:

Risk

Local Git

ZYBER Git

SSH keys on device

✅ Exposed

❌ Workspace only

Personal access tokens

✅ In config files

❌ Workspace only

Git history on disk

✅ Persistent

❌ Ephemeral option

Credential helpers

✅ System-wide

❌ Isolated

Architecture

┌─────────────────────────────────────────────────────────────┐
│                      Your Device                            │
│  ┌─────────────────────────────────────────────────────┐   │
│  │  No SSH keys, no tokens, no .gitconfig              │   │
│  └─────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────┘
                              │
                              │ Encrypted stream only
                              ▼
┌─────────────────────────────────────────────────────────────┐
│                    ZYBER Workspace                          │
│  ┌─────────────────────────────────────────────────────┐   │
│  │  ~/.ssh/id_ed25519          (SSH private key)       │   │
│  │  ~/.gitconfig               (Git identity)          │   │
│  │  ~/.git-credentials         (Tokens if used)        │   │
│  │  ~/repos/                   (Cloned repositories)   │   │
│  └─────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────┘
                              │
                              │ SSH/HTTPS from workspace IP
                              ▼
┌─────────────────────────────────────────────────────────────┐
│              GitHub / GitLab / Bitbucket                    │
│  Sees: Push from ZYBER datacenter IP                       │
│  Doesn't see: Your real IP, device, location               │
└─────────────────────────────────────────────────────────────┘

Credential Isolation

SSH Keys

SSH keys generated in workspace never leave it:

# Generate in workspace
ssh-keygen -t ed25519 -C "workspace-key"

# Key stays in workspace
cat ~/.ssh/id_ed25519.pub
# Add this to GitHub/GitLab

Session Type

SSH Key Behavior

Ephemeral

Destroyed on termination

Persistent

Encrypted, retained

Personal Access Tokens

If using HTTPS with tokens:

# Token stored only in workspace
git config --global credential.helper store
git clone https://github.com/user/repo.git
# Enter token once, stored in ~/.git-credentials

Git Identity Separation

Your Git commits can use any identity:

git config --global user.name "Anonymous Dev"
git config --global user.email "[email protected]"

This identity is workspace-specific. Different workspaces can have different identities.

Commit Signing

GPG signing supported within workspace:

# Generate GPG key in workspace
gpg --full-generate-key

# Configure Git to sign
git config --global user.signingkey YOUR_KEY_ID
git config --global commit.gpgsign true

GPG keys follow same isolation rules as SSH keys.

Security Properties

Property

Implementation

Key isolation

Keys exist only in workspace memory/disk

Network privacy

Git operations from ZYBER IP

Credential scope

No system-wide credential helpers

Audit trail

All Git operations logged in workspace

Revocation

Terminate workspace = credentials gone

Best Practices

Use ephemeral sessions for sensitive repos - credentials are destroyed on termination
Generate workspace-specific keys - don't import keys from your local machine
Use deploy keys for read-only access where possible
Rotate keys by creating new workspaces periodically
Separate identities - use different workspaces for different projects or clients

PreviousIsolation Model NextNetwork Controls

Last updated 1 month ago

Good morning

hashtagThe Problem

hashtagArchitecture

hashtagCredential Isolation

hashtagSSH Keys

hashtagPersonal Access Tokens

hashtagGit Identity Separation

hashtagCommit Signing

hashtagSecurity Properties

hashtagBest Practices