CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security

krebsonsecurity.com

CISA Admin Leaked AWS GovCloud Keys on Github – Krebs on Security

Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA...

I don’t blame the human(s) here. This should not be technically possible today. We have to change the way we create and manage machine secrets - and then our tools should reject committing them to public code repositories. This is happening way too often.

Likewise, it should not be possible to have an unencrypted, public “data bucket” (like AWS)… but that’s a different story.

Machine secrets don’t have to be human-friendly… which means they could be strongly typed, self-identifying, scope-aware potentially, and (crucially) machine detectable. Some secrets already are doing this.