{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigvpnuzcjeeft6riwdmpcwkldo2rtpddmk2dlxot5vevdlb7e3zu4",
    "uri": "at://did:plc:4n6wgsqsqm6q2hjncgwmreey/app.bsky.feed.post/3mo66k776gta2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiei6f4vt44h4reoeihqbxft3ezrk745u27fb46yya7bcwehzj3tdy"
    },
    "mimeType": "image/png",
    "size": 51149
  },
  "path": "/post/51918758",
  "publishedAt": "2026-06-13T08:03:00.000Z",
  "site": "https://programming.dev",
  "tags": [
    "Programming",
    "peternovakdev",
    "7 comments",
    "https://codatus.com/blog/we-leaked-75-aws-keys-to-see-who-watches-public-repos/"
  ],
  "textContent": "submitted by peternovakdev to programming\n31 points | 7 comments\nhttps://codatus.com/blog/we-leaked-75-aws-keys-to-see-who-watches-public-repos/\n\nLive AWS keys in 75 throwaway repos, each made public for one of five windows from 60 seconds to 12 hours, every use logged. The keys were tripwires; the real question was who notices a private repo going public, and what they do once they’re in.\n\nThe most useful finding is the dull one: re-hiding the repo does nothing. One busy harvester kept re-validating the captured keys for a day after the repos went private again. Only rotating the key stops it.\n\nThis came out of building a monitor for exactly these repo-setting changes.",
  "title": "We made 75 private repos public on a timer. The internet noticed in 6 minutes."
}