An inside look at finding Leaked CISA AWS GovCloud Admin Keys on Github

gitguardian logo
GitGuardian
May 20, 2026
GitGuardian

In this interview, GitGuardian security researcher Guillaume Valadon breaks down how GitGuardian discovered a public GitHub repository exposing CISA-related secrets, including plain-text passwords, AWS tokens, SAML certificates, CI/CD files, Kubernetes manifests, and internal operational documentation.

We discuss how the leak was identified, why exposed secrets can create immediate risk, and how GitGuardian helped escalate the disclosure until the repository was taken offline within 26 hours.

This conversation is a reminder that one public repository can expose much more than code. It can reveal the credentials, infrastructure details, and operational context attackers need to move fast.

Read the original blog post:
https://blog.gitguardian.com/how-we-got-a-cisa-github-leak-taken-down-in-26-hours/

Krebs On Security article:
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/

Get started protecting yourself from public GitHub exposures today with GitGuardian.

HasMySecretLeaked:
https://www.gitguardian.com/hasmysecretleaked

Free GitHub Security Audit:
https://www.gitguardian.com/github-security-audit

Book a demo and request your detailed public GitHub exposire analysis
https://www.gitguardian.com/book-a-demo

Copyright © 2026 OpsMatters™. All rights reserved.