I'm rotating three of my own secrets this week. Three keys ended up where they didn't belong, I caught it fast, and I have a ...

What finally made me stop procrastinating on it was reading about the CISA leak. A contractor for the Cybersecurity and Infrastructure Security Agency maintained a public GitHub repository called "Private-CISA" that exposed administrative credentials to three AWS GovCloud accounts, dozens of plaintext passwords, and internal deployment configs [S1]. It was created on November 13, 2025, and stayed public until security researchers flagged it on May 15, 2026 [S1]. That's six months. This wasn't a sophisticated attack. Someone disabled GitHub's default secret detection, committed files named "importantAWStokens" and "AWS-Workspace-Firefox-Passwords.csv," and left them open to anyone with an internet connection [S1]. Guillaume Valadon from GitGuardian called it "the worst leak that I've witnessed in my career" [S1]. Philippe Caturegli from Seralys confirmed the credentials could authenticate to three AWS GovCloud accounts at a high privilege level and reach CISA's internal artifactory, t