I had a moment of brilliance and decided to play “Hide and Seek” with my mail credentials and even tossed in some public router credentials for fun. But, oh boy, GitGuardian crashed the party and ratted me out! Thanks to its watchful eye, I quickly evicted those secrets and upgraded the locks. Phew, crisis averted!
Worked for an incredibly large and popular IDE with millions of dollars in investors. The number of times that source maps were accidentally pushed to prod *and* that people downloaded them. Yikers.
I added all my top-secret credentials and API keys to my application.properties files and pushed them to my private git repository. Now I’m on a mission to renew all of them without causing any chaos or destruction!
Many years ago, I used AWS for a bootcamp project. At this point, I was midway through it and scrambling to finish the rest, so I was in a rush and working on this at 3 AM.
I unknowingly committed and pushed my credentials to GitHub, then went to bed. The first clue I had that anything was wrong was an email from AWS the next morning. I checked my account and saw that there was over $1500 in charges.
I had to step out of class for about an hour to chat with a rep to sort everything out. So on top of making a silly mistake and speaking a significant amount of time remediating it, I had to explain to the instructors why I was gone for so long.
This incident then became a cautionary tale for subsequent cohorts. If I had to learn this lesson the hard way, I’m glad it was when the stakes were low.
There is no fun in leaked secrets. Get back to work!
Forgot to encrypt the bucket stored on public cloud. Realized when I noticed dozens of notifications that my links were accessed.
From onprem to cloud migration. Lets get the source code in gitlab. Everything fine and dandy, but after 3 weeks we get pull requests with “nice your keys in here” and they added rickrolling to our code! Rickrolling at the workplace for a few hours. We fixed it, and the hackers our Britney hit one more time back from us!
I was TA for a Computer Science course at University. I wrote a program to help us easier manager our cloud infrastructure and stored it in the department’s GitHub organization.
To make it easy for other TAs to use, I included plaintext credentials in the repo. Three weeks i
