GitPitch Security


About

GitPitch Security activates unique slideshow presentation privacy features powered by private Git repositories.

By convention, GitPitch will automatically transform the contents of any PITCHME.md markdown file found within any public repository into a fully responsive, slideshow presentation.

GitPitch Security extends this convention by supporting the transformation of PITCHME.md markdown files found within private repositories on GitHub, GitLab, and Bitbucket.

However, PITCHME.md found within private repositories are not automatically transformed by GitPitch. As a presentation author, you must explicitly grant access to your audience. This step is an important protection as it helps to prevent the unintended disclosure of your presentation content.

Granting access requires the activation of privacy controls for your presentations. Privacy controls are activated using GitPitch Published Mode, Stealth Mode, and Confidential Mode.

The following sections detail the use of these privacy controls.


Published Mode

Published Mode can be used to create and manage publicly accessible slideshow presentations served from within private repos. It is ideal for publicly promoting, pitching, or presenting news, technology, or even training for any project without revealing code, config, or data within your private repository.

As a presentation author you can activate published mode for any slideshow using the published property in your PITCHME.yaml. The published property expects a true or false boolean value.

Here is an example of how you can activate published mode for a presentation in your PITCHME.yaml:

published : true

Once published mode is activated, anyone can access your slideshow at the standard GitPitch presentation URL. You can view a sample Published presentation here.

To see what happens if you try to to access a presentation within a private repo that has not been published, click here.

As a presentation author you can manage access to your presentation by enabling or disabling published mode at any time.


Stealth Mode

Stealth Mode can be used to create and manage private URLs for GitPitch presentations served from within private repos. It is ideal for securing presentation content under development, providing early-access previews, soliciting feedback from trusted parties, and managing limited or temporary audiences.

As a presentation author you can activate stealth mode for any slideshow using the stealth property in your PITCHME.yaml. The stealth property accepts a comma-separated list of one or more stealth-tokens. A token can be any arbitrary string value.

Here is an example of how you can activate a single stealth-token in your PITCHME.yaml:

stealth : 01234

Here is an example of how you can activate multiple stealth-tokens in your PITCHME.yaml:

stealth : 01234, AcmeCorp, sneakpeek

Once stealth mode is activated, a valid token is required on the presentation URL in order to gain access to the slideshow content. The token is specified on a presentation URL using the ?s= query param. The combination of presentation URL plus valid token query param is a private URL.

For example, in this sample case you would need to append ?s=01234, ?s=AcmeCorp, or ?s=sneakpeek on the presentation URL before sharing the link with your intended audience. You can see a successful attempt at Stealth presentation access here.

Any attempt to access the presentation without a valid stealth-token on the URL will be denied. You can see a failed attempt at Stealth presentation access here.

Token management is as simple as adding and removing tokens on the stealth property in your PITCHME.yaml file. Managing tokens in this way gives you a quick and easy way to define and manage your audience over time.


Confidential Mode

Confidential Mode can be used to create and manage password-protected GitPitch presentations served from within private repos. It is ideal for managing secure access to private, confidential, and even paid content.

In addition, the password challenge form activated by this mode can be customized, to reflect the brand of your product, service, or content.

As a presentation author you can activate confidential mode for any slideshow using the confidential property in your PITCHME.yaml. The confidential property accepts a comma-separated list of one or more confidential-tokens. A token can be any arbitrary string value.

Here is an example of how you can activate a single confidential-token in your PITCHME.yaml:

confidential : 54321

Here is an example of how you can activate multiple confidential-tokens in your PITCHME.yaml:

confidential : 54321, GitMagic, earlyacce$$

Once confidential mode is activated, any attempt to access the presentation is intercepted and the user is challenged to provide a valid confidential-token as a password for the presentation.

For example, in this sample case a user would be required to submit 54321, GitMagic, or earlyacce$$ on the challenge form before gaining access to the slideshow content. You can experience the Confidential challenge form for this sample presentation here.

Any attempt to access the presentation without the user providing a valid confidential-token is denied. Token management is as simple as adding and removing tokens on the confidential property in your PITCHME.yaml file. Managing tokens in this way gives you a quick and easy way to define and manage your audience over time.

Password Challenge Form Customization

As noted, when confidential mode is activated a password challenge form will be presented to anyone attempting to access your presentation.

The default form can be entirely re-branded to reflect your product, service, or content. Here is an example of how you can customize the title, subtitle, logo, and background image for this form using the set of pro-* properties in your PITCHME.yaml:

# Tokens
confidential : 54321, GitMagic, earlyacce$$  

# Customizations
pro-title : "Your Custom Presentation Title"  
pro-subtitle : "Optional Subtitle, Byline, Description"  
pro-contact "Optional text directly below password input."  
pro-logo : assets/your-logo.png  
pro-background : assets/your-splash.jpg  

Additional customization of the Confidential challenge form can be achieved using custom CSS. See the following Twitter and Monster presentations for examples of form customization.

Custom CSS for the confidential challenge form is activated in the same way you can activate custom CSS to style presentation content. The following CSS code block lists the set of customizable CSS ID selectors for this form along with some sample values:

#pro-background {
    opacity: 0.9 !important;
}

#pro-logo {
    max-height: 3em;
}

#pro-title {
    font-size: 1.1em;
}

#pro-subtitle {
    color: lightgray;
}

#pro-enter {
    background: #e49436;
    border-color: #e49436;
}

#pro-contact {
    display: none;
}