Close Menu
Soup.io
  • Home
  • News
  • Technology
  • Business
  • Entertainment
  • Science / Health
Facebook X (Twitter) Instagram
  • Contact Us
  • Write For Us
  • Guest Post
  • About Us
  • Terms of Service
  • Privacy Policy
Facebook X (Twitter) Instagram
Soup.io
Subscribe
  • Home
  • News
  • Technology
  • Business
  • Entertainment
  • Science / Health
Soup.io
Soup.io > News > Technology > What Should You Do If You Discover Leaked Credentials and API Keys on Github?
Technology

What Should You Do If You Discover Leaked Credentials and API Keys on Github?

Cristina MaciasBy Cristina MaciasMay 13, 2021No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
What Should You Do If You Discover Leaked Credentials and API Keys on Github?
Share
Facebook Twitter LinkedIn Pinterest Email

As a developer, you might discover an exposed sensitive file to a public git repository; you need to follow some crucial steps. You need only a few minutes to take care of the problem and eliminate the potential damage. Maintain a composed mind and read the following steps to be more informed. This article will guide you on how to be more alert so that this issue does not crop up in the future.

You are not safe even after deleting the file or repository

You can eliminate some of the risks that someone discovers your leak after making the repository private or deciding to delete it. However, the file will still be there and can be found by anyone who wants to discover it. Git has the function of recording your history, so even after deleting the file, it will still be present in your Git history.

Revoke the secret and get rid of the risk

Your first step should be to deactivate the secret you have exposed so that no one else can take advantage of it. If the key belongs to the company you are employed with, you should immediately have a word with the senior developers there. It may seem a daunting task to tell your organization about the secrets you have leaked. But, this is the best strategy, and there exists a possibility that the company already has knowledge about this leak.

Wipe the evidence of the leak

After you revoke the secret, no one can use it now. However, having a credential looks unprofessional at times and becomes the source of worries. There are many secrets that you cannot revoke too. One example is database records. There are some credentials that you cannot be sure were fully revoked.

To remove Github secrets from the history, you have the option of either deleting your repository or making it private. To do this, go to your GitHub repository and click on settings. Scroll down to the danger and click on the “Make Private” option to obscure the repository from public view.

Another crucial step is rewriting Git history. You can use well-established tools like BFG Repo-Cleaner for this purpose. To go about this, first ensure that you have installed java. The next step is to clone your repository. After doing this, delete the sensitive file. Your latest commit on the current branch is already protected by BFG, so ensure that it is clean. Delete the “config.py” file, and you are good to go. The branches other than the current are not secured, so if you find “config.pu” on another branch, it will be mopped up by BFG.

Go through your access logs

The leakage of one access key can affect other keys and can cause the exposure of other secrets. For instance, the access key of Slack might send a bad actor access to messages that have fresh credentials and access codes. So double-check and see that there is no data that looks suspicious.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleGrowing a Plant with the Help of the Internet
Next Article Headaches: Fact vs Fiction
Cristina Macias
Cristina Macias

Cristina Macias is a 25-year-old writer who enjoys reading, writing, Rubix cube, and listening to the radio. She is inspiring and smart, but can also be a bit lazy.

Related Posts

How ChatGPT Made Me a Better Manager – From Delegation to Daily Productivity

July 3, 2025

5 Common SEO Mistakes Lawyers Make That Hurt Their Google Rankings

July 3, 2025

What Happens When You Let AI Run Your Launch– A Week-by-Week Breakdown

July 3, 2025

Subscribe to Updates

Get the latest creative news from Soup.io

Latest Posts
How ChatGPT Made Me a Better Manager – From Delegation to Daily Productivity
July 3, 2025
Arrow Donnie Darko: Stream or Own in 4K?
July 3, 2025
Who Owns Echostar: Dish Network Acquisition Means
July 3, 2025
Golden Globes Presenters: Who’s Presenting This Year?
July 3, 2025
Ceramic vs. Titanium Hair Straightener: Which One Should You Choose?”
July 3, 2025
THCA – Medical benefits And Delivery
July 3, 2025
Top 10 Free Digital Marketing Tools Every Marketer Should Use in 2025
July 3, 2025
5 Common SEO Mistakes Lawyers Make That Hurt Their Google Rankings
July 3, 2025
Typical Damages Available After a Motorcycle Crash
July 3, 2025
What Happens When You Let AI Run Your Launch– A Week-by-Week Breakdown
July 3, 2025
When “Healthy” Foods Make You Feel Worse
July 3, 2025
From Perks to Priorities: What Today’s Workforce Wants from Benefits Packages
July 3, 2025
Follow Us
Follow Us
Soup.io © 2025
  • Contact Us
  • Write For Us
  • Guest Post
  • About Us
  • Terms of Service
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.