CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

CodeSecDays 2024 - Join GitGuardian for a full-day exploration of cutting-edge DevSecOps solutions!

Save my spot!

What happens after leaking an API key on GitHub? Experiment leaking AWS API key into GitHub

Thousands of secrets like API keys are leaked into public GitHub repositories every day. But what actually happens when these secrets are leaked?This video has an easy to recreate experiment which monitors malicious activity after leaking an AWS credential into a public GitHub repository.Links: Canary Tokens - https://canarytokens.orgGGShield - https://github.com/GitGuardian/ggshieldAPI Best Practices - https://blog.gitguardian.com/secrets-api-management/Timeline:0:00-Intro0:52-Generating a canary token3:02-Leaking the credential3:40-Results 5 minutes after leaked5:04-Results 15 minutes after leak 5:45-Results 1 hour after leak 6:12-Results 24 hours after leak 6:50-GitGuardian alerting 7:21-Preventing leaked secrets and credentials

Video Transcript