Close Menu
Soup.io
  • Home
  • News
  • Technology
  • Business
  • Entertainment
  • Science / Health
Facebook X (Twitter) Instagram
  • Contact Us
  • Write For Us
  • Guest Post
  • About Us
  • Terms of Service
  • Privacy Policy
Facebook X (Twitter) Instagram
Soup.io
Subscribe
  • Home
  • News
  • Technology
  • Business
  • Entertainment
  • Science / Health
Soup.io
Soup.io > News > Technology > What Should You Do If You Discover Leaked Credentials and API Keys on Github?
Technology

What Should You Do If You Discover Leaked Credentials and API Keys on Github?

Cristina MaciasBy Cristina MaciasMay 13, 2021No Comments3 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
What Should You Do If You Discover Leaked Credentials and API Keys on Github?
Share
Facebook Twitter LinkedIn Pinterest Email

As a developer, you might discover an exposed sensitive file to a public git repository; you need to follow some crucial steps. You need only a few minutes to take care of the problem and eliminate the potential damage. Maintain a composed mind and read the following steps to be more informed. This article will guide you on how to be more alert so that this issue does not crop up in the future.

You are not safe even after deleting the file or repository

You can eliminate some of the risks that someone discovers your leak after making the repository private or deciding to delete it. However, the file will still be there and can be found by anyone who wants to discover it. Git has the function of recording your history, so even after deleting the file, it will still be present in your Git history.

Revoke the secret and get rid of the risk

Your first step should be to deactivate the secret you have exposed so that no one else can take advantage of it. If the key belongs to the company you are employed with, you should immediately have a word with the senior developers there. It may seem a daunting task to tell your organization about the secrets you have leaked. But, this is the best strategy, and there exists a possibility that the company already has knowledge about this leak.

Wipe the evidence of the leak

After you revoke the secret, no one can use it now. However, having a credential looks unprofessional at times and becomes the source of worries. There are many secrets that you cannot revoke too. One example is database records. There are some credentials that you cannot be sure were fully revoked.

To remove Github secrets from the history, you have the option of either deleting your repository or making it private. To do this, go to your GitHub repository and click on settings. Scroll down to the danger and click on the “Make Private” option to obscure the repository from public view.

Another crucial step is rewriting Git history. You can use well-established tools like BFG Repo-Cleaner for this purpose. To go about this, first ensure that you have installed java. The next step is to clone your repository. After doing this, delete the sensitive file. Your latest commit on the current branch is already protected by BFG, so ensure that it is clean. Delete the “config.py” file, and you are good to go. The branches other than the current are not secured, so if you find “config.pu” on another branch, it will be mopped up by BFG.

Go through your access logs

The leakage of one access key can affect other keys and can cause the exposure of other secrets. For instance, the access key of Slack might send a bad actor access to messages that have fresh credentials and access codes. So double-check and see that there is no data that looks suspicious.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleGrowing a Plant with the Help of the Internet
Next Article Headaches: Fact vs Fiction
Cristina Macias
Cristina Macias

Cristina Macias is a 25-year-old writer who enjoys reading, writing, Rubix cube, and listening to the radio. She is inspiring and smart, but can also be a bit lazy.

Related Posts

Navigating New Jersey’s Data Center Boom: IT Strategies for Scalability and Security

June 23, 2025

Best Sales Prospecting Tools for 2025 (Reviewed)

June 19, 2025

Why Managed Print Services Make Business Sense – Big or Small

June 18, 2025

Subscribe to Updates

Get the latest creative news from Soup.io

Latest Posts
Navigating New Jersey’s Data Center Boom: IT Strategies for Scalability and Security
June 23, 2025
A Well-Maintained Garage Door in Fort Worth Means a Safer and Smarter Home
June 23, 2025
Upgrade Safety and Style with a Smart Garage Door Solution for Your Houston Home
June 23, 2025
Hiring for Growth: How Finance Companies Can Scale Teams with the Help of a Recruitment Agency
June 23, 2025
The Business Benefits of Partnering with Third-Party Delivery Services
June 23, 2025
Barbie Redbox: Makes Barbie Movies Accessible for All
June 23, 2025
Latino Fubo: New NBCUniversal Sports Channels
June 23, 2025
Gomorrah In Italian: DVD Blu-ray Must-Have
June 23, 2025
Experience Various Slot Titles Without Changing Machines with Multi-Game Slots
June 22, 2025
Proving Fault in a Wrongful Death Lawsuit
June 22, 2025
Netflix Hitman Bodyguard: A Thrilling Movie Review
June 22, 2025
Lionsgate Studios Newark NJ: Production Hub
June 22, 2025
Follow Us
Follow Us
Soup.io © 2025
  • Contact Us
  • Write For Us
  • Guest Post
  • About Us
  • Terms of Service
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.