grafclouds.com / documents / training / devops-challenges / leaked-credentials-in-git

You Pushed AWS Keys to a Public Repo

Beginner ~8 min read
GitSecurity

Scenario

A developer commits a config file containing a live AWS access key and secret, pushes it to a public GitHub repository, and realizes the mistake five minutes later. The key has permissions on S3 buckets and compute resources, and the repository already has forks. The clock is very much running.

The Quick Fix on the Table

The teammate's instinct: delete the file, rewrite the commit out of history, git push --force, done. The keys are no longer visible in the repo, so the leak is "cleaned up".

Interview · Round 1

The quick fix is on the table and the room is waiting for your call. Would you sign off on it? Take a position and justify it — out loud or on paper — before revealing the analysis.