Ensure only a fork of the project repository is used.
Do not push the code to any personal repositories, even private ones.
The code should not be stored anywhere other than the approved, provisioned repository's fork.
E.g., No Google drive, no private repositories, no external drives.
Never download any production database even when you have access to the live environment. Work with Client Technical Staff Engineer/Architect and Project Manager for access.
Avoid copy-pasting from customer projects. Adapt it afresh.
Please do not use any code or assets from any Axelerant client projects in your personal projects.
Only open-source code with written consent from a Client representative via Axelerant Customer Success Manager.
Never commit identifying information or secrets. When you accidentally commit, overwrite your commits or rebase your histories.
Never commit API keys, SSH keys, passwords, secrets, or other sensitive data to a codebase repository.
When such data is to be committed, work with client-side technical staff engineer/architects or Axelerant PM + DevOps to determine the suitable approach for such needs.
Ensure there is no sensitive information in commit messages or other metadata, such as company author/committer name/email.
When you’re sharing internally, make sure the project is marked internal or private because search engine spiders check public projects.
Don’t use public gists to share confidential information and snippets which contain identifying information. Use an internal Jira comment, a private Confluence page, or a limited access Google document instead.
Do not use any third-party tools like Codepen, Pastebin, etc., to share or store (even temporarily) any code from client projects.
Team members should agree that they will not mention client name or logo or other client trademarks, use any sensitive, confidential data anywhere on Linkedin or anywhere on the web, in their CVs, camp sessions, or anywhere in the public, private domain.
Follow the Secure Project Closure process at the end of an engagement.
Ensure that all local repositories and forks of team members are removed and all accesses to customer environments, hosted instances (Acquia cloud, AWS, Pantheon) are revoked.
Any loss or theft of any laptop containing Client code should immediately report client information to Axelerant SM/PM and Client PM.