Challenge 28

Welcome to challenge Challenge 28. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Secret in a closed github issue

A user accidentally reveals the new AWS Secret key in conversation between him and his friend in a GitHub issue.

Can you spot the secret in our GitHub repository?

Answer to solution :

We are looking for the secret in a closed GitHub issue in our GitHub repository. But how do we find it?

You can solve this challenge by the following steps:

  1. When you land on the issues tab of our GitHub, click on the Closed option to get all the closed issues up to this day

  2. Go through all the issues that seem fishy for you and you can spot the Secret.

Why storing secrets in closed GitHub issue is a bad idea?

You should never reveal any secret in a GitHub issue because even when the issue is closed all data is public and is very easy to spot.

So go through the issue twice before posting it on any repository.