CISA Admin Leaked AWS GovCloud Keys on Github

A contractor working for the Cybersecurity and Infrastructure Security Agency exposed highly privileged AWS GovCloud credentials in a public GitHub repository until this past weekend. The leaked repository contained access keys to multiple government cloud accounts alongside internal documentation revealing CISA's software build, testing, and deployment processes.

Security researchers characterize the exposure as one of the most severe government data leaks in recent years. The compromised materials included detailed information about CISA's internal systems architecture and development workflows. AWS GovCloud accounts operate at a higher security level than commercial AWS infrastructure and typically require elevated privileges to access federal systems and data.

The exposure duration remains unclear, but the repository was public long enough for external parties to potentially discover and exploit the credentials. AWS GovCloud accounts allow access to systems handling classified and sensitive government information. Leaked deployment documentation combined with valid credentials creates a direct path for attackers to infiltrate CISA systems or pivot deeper into federal networks.

CISA has not publicly disclosed how long the repository remained accessible or whether it was discovered through active monitoring or external reporting. The agency has not confirmed whether unauthorized access occurred or if credential misuse took place during the exposure window.

This incident exposes a critical vulnerability in how federal agencies manage secrets and credentials. Developers regularly commit sensitive materials to version control systems, but contractor oversight and code review processes at the government level appear insufficient. GitHub repositories, once made public, can be cloned and archived by third parties even after deletion.

Organizations handling sensitive infrastructure should enforce automated secret scanning, restrict GitHub repository visibility settings to private by default, and implement credential rotation policies. CISA's own exposure undermines its authority in advising other agencies on security practices. The incident demonstrates that even agencies focused on national cybersecurity fail to implement basic secrets management controls.