CISA Admin Leaked AWS GovCloud Keys on GitHub
Scored daily by a customisable AI persona to surface the most relevant engineering leadership news.
AWS GovCloud key leak, high technical detail and security relevance.
A CISA contractor's public "Private-CISA" GitHub repo exposed admin keys to three AWS GovCloud accounts, plaintext passwords for dozens of internal systems (including the agency's software artifactory), and detailed build processes — after the admin disabled GitHub's automated secret detection. GitGuardian discovered the leak, which security experts describe as one of the worst government data breaches; CISA is investigating.
Enforce pre-commit secret scanning via tools like GitGuardian or ggshield, disable the ability to override GitHub's push protection, and regularly audit public repositories in your organization for exposed credentials.
For cloud and platform engineers, this underscores the critical need for automated secret scanning, mandatory pre-commit detection hooks, and strict credential lifecycle policies to prevent a single misconfigured repo from exposing GovCloud infrastructure, internal CI/CD pipelines, and artifact repositories.
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history. On May 15, KrebsOnSecurity heard from