Challenge 29

Welcome to challenge Challenge 29. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.

Secret in a screenshot of a GitHub issue

A user unknowingly files an issue with a screenshot of a secret while reporting a bug, then realizes it and closes that issue.

Can you spot the secret we seek in our GitHub issues?

Answer to solution :

As the text of the challenge says, we are looking for the secret in a screenshot of a closed GitHub issue on our GitHub repository. But how do we find it?

You can solve this challenge by the following steps:

  1. Go to our GitHub’s issues tab, then the closed section, to get all the closed issues.

  2. Go through all the Bug reports and look specifically at screenshots posted by users.

Why posting screenshots of logs in a GitHub issue is a bad idea

You shouldn’t post screenshots of logs in a GitHub issue because: 1. Data is public (even on a private repository, often more public than you’d hope) 2. Screenshots can’t be redacted like text. Even when the secret is blurred, this can be reversible.

Check for any secret leaks in the output and leverage code block markdown to post logs in a GitHub issue. This is also much nicer for the maintainers trying to help you debug :).