{"id":250904,"date":"2026-05-19T13:49:00","date_gmt":"2026-05-19T17:49:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/americas-top-cyber-defense-agency-left-a-github-repo-open-with-passwords-keys-tokens-and-incredibly-obvious-filenames\/"},"modified":"2026-05-20T21:50:10","modified_gmt":"2026-05-21T01:50:10","slug":"americas-top-cyber-defense-agency-left-a-github-repo-open-with-passwords-keys-tokens-and-incredibly-obvious-filenames","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/19\/americas-top-cyber-defense-agency-left-a-github-repo-open-with-passwords-keys-tokens-and-incredibly-obvious-filenames\/","title":{"rendered":"America’s top cyber-defense agency left a GitHub repo open with passwords, keys, tokens \u2013 and incredibly obvious filenames"},"content":{"rendered":"

America’s top cyber-defense agency left a GitHub repo open with passwords, keys, tokens \u2013 and incredibly obvious filenames<\/a><\/p>\n

https:\/\/www.theregister.com\/security\/2026\/05\/19\/americas-top-cyber-defense-agency-left-a-github-repo-open-with-passwords-keys-tokens-and-incredibly-obvious-filenames\/5242915<\/a><\/p>\n

Publish Date: 2026-05-19 13:49:00<\/a><\/p>\n

Source Domain: www.theregister.com<\/a><\/p>\n

Security<\/p>\n

I wonder what’s in ‘external-secret-repo-creds.yaml’ and ‘AWS-Workspace-Firefox-Passwords.csv’?<\/p>\n

The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named \u201cPrivate-CISA\u201d containing plain-text passwords, private keys, tokens, and secrets \u2013 with obvious file names like \u201cexternal-secret-repo-creds.yaml\u201d and \u201cAWS-Workspace-Firefox-Passwords.csv\u201d \u2013 for six months.<\/p>\n

GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register<\/span> that he \u201cquickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.\u201d\u00a0<\/p>\n

Valadon, who previously spent nine years at France\u2019s CISA equivalent, ANSSI, told us the leak included tokens for CISA’s internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates.<\/p>\n

GitGuardian reported the leaky repository to CISA on May 14, and the agency took it down a day later.\u00a0<\/p>\n

A CISA spokesperson told The Register\u00a0<\/span>that\u00a0it was aware of the report and is investigating. “Currently, there is no indication that any sensitive data was compromised as a result of this incident.\u201d<\/p>\n

It\u2019s not a good look for the nation\u2019s infosec agency, which hasn\u2019t had a permanent boss since Trump took office,\u00a0 is facing\u00a0hundreds of millions of dollars in budgets cuts on top of deep cuts to staff and funding last year, and has suffered its share of embarrassing security snafus in the interim.<\/p>\n

In a Tuesday blog, Valadon said he initially thought the repo \u201cwas a hoax, given how suspicious the directory names (Backup-April-2026\/, All Backups\/, LZ-Artifactory\/,…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

America’s top cyber-defense agency left a GitHub repo open with passwords, keys, tokens \u2013 and…<\/p>\n","protected":false},"author":1,"featured_media":250905,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/image.theregister.com\/5242949.jpg?imageId=5242949&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24],"class_list":["post-250904","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250904"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=250904"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250904\/revisions"}],"predecessor-version":[{"id":250906,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250904\/revisions\/250906"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/250905"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=250904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=250904"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=250904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}