CISA Admin Leaked AWS GovCloud Keys on Github
37 points by kngl
37 points by kngl
It is obviously an individual’s mistake
Or plausible deniability? Making this public is one thing. But once you disable secrets protection on the repo as well...
That was my very first thought when I read
the commit logs in the offending GitHub account show that the CISA administrator disabled the default setting in GitHub that blocks users from publishing SSH keys or other secrets in public code repositories.
This reads like exfiltration.
The fact that their other practices are so terrible introduces plausible deniability, I suppose. But it's only barely plausible IMO.