U.S. cybersecurity agency leaks GovCloud keys on GitHub

Source Domain: www.techzine.eu

Sensitive access credentials for internal systems and cloud environments belonging to the U.S. cybersecurity watchdog Cybersecurity and Infrastructure Security Agency (CISA) have been publicly exposed on GitHub.

This was reported by Brian Krebs on his site KrebsOnSecurity. According to security researchers, the data included AWS GovCloud keys, plaintext passwords, and internal DevSecOps files.

The data was stored in a public GitHub repository named Private-CISA, which, according to KrebsOnSecurity, was managed by a CISA contractor. Researchers from security firms GitGuardian and Seralys discovered that the repository provided access to various internal environments and software repositories of the U.S. government.

GovCloud accounts accessible

According to researchers, the leaked files contained administrative keys for multiple AWS GovCloud accounts. AWS GovCloud is a secure cloud environment from Amazon Web Services specifically designed for sensitive U.S. government data.

Researchers from security firm Seralys also say they have confirmed that multiple leaked AWS GovCloud accounts were indeed accessible with high privileges. The repository is also said to have contained CSV files with plaintext usernames and passwords for internal CISA systems.

Furthermore, credentials for internal software repositories and build environments were reportedly leaked. Philippe Caturegli of Seralys warns that access to such repositories is attractive to attackers seeking to embed malware or backdoors into software builds. As a result, compromises could spread further within government environments.

GitHub security disabled

According to GitGuardian, the repository administrator had also disabled GitHub functionality that normally prevents secret keys or passwords from being published publicly. Ars Technica reports that the repository was likely publicly accessible as early as November 2025.

Researchers also found passwords that…

Source