America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames

The Register (UK) ^ | 19 May 2026 | Jessica Lyons

[Salman]

The US Cybersecurity and Infrastructure Security Agency (CISA) left open a GitHub repository named “Private-CISA” containing plain-text passwords, private keys, tokens, and secrets – with obvious file names like “external-secret-repo-creds.yaml” and “AWS-Workspace-Firefox-Passwords.csv” – for six months.

GitGuardian researcher Guillaume Valadon, fresh off a recent talk on Kubernetes secret leaks, found the public repository on May 14, and told The Register that he “quickly understood that the leak was bad and that time was running out. A national agency having 844 MB of production infrastructure material in a public GitHub repository for six months is as serious as a secrets leak gets.”

Valadon, who previously spent nine years at France’s CISA equivalent, ANSSI, told us the leak included tokens for CISA's internal JFrog Artifactory, Azure registry keys, AWS credentials, Kubernetes manifests, ArgoCD application files, Terraform infrastructure code, GitHub personal access tokens, and Entra ID SAML certificates.

...

---

TOPICS: Crime/Corruption; Government; News/Current Events; United Kingdom
KEYWORDS: anssi; argocd; artifactory; aws; azure; cisa; corruption; cybersecurity; entraidsaml; france; gitguardian; github; guillaumevaladon; internet; jessicalyons; jfrog; kubernetes; linux; terraform; unitedkingdom; windows

[Salman]

Could be incompetence, could be deliberate sabotage.

Either way, there need to be prosecutions.

[z3n]

Right.
I was going to say... everyone has a bad day, or makes a blatant mistake, but this just seems way to noobish for someone in that position.

[Aevery_Freeman]

Severely doubt incompetence, someone needs a new one-rope swing!

[omni-scientist]

Or maybe it’s a trap.

[Libloather]

internal JFrog

In France?

[nwrep]

DEI

[PAR35]

Seems like a good way to transfer the information to foreign state hackers without leaving clear evidence of wrongdoing and leaving room for a defense of incompetence.

[Blurb2350]

That was my thought too — a sort of cyber honey trap.

[Codeflier]

Bingo. Planted information to trace who tries to use it. They do that in espionage all the time. Give people certain pieces of decoy information to identify leakers and double agents.

[jagusafr]

And theses are The folks who deign to grant ME a clearance…

[paulcissa]

Honeypot. Too delicious to be intentional. Could be sabotage.

[paulcissa]

Too delicious to be intentional a mistake.

[Red Badger]

That was no accident.

It was deliberate.

Prosecute to the fullest extent of the law.............

[CFW]

Is this the same agency who, the day after the 2020 election, said there was absolutely no fraud involved and it was the most secure election ever?

[Wuli]

Top security officers at CISA should be under investigation for treason and removed from office while that investigation goes on.

[pas]

Why would they not use on-prem Github? If cost, guess what how much did this cost them?

[unixfox]

The media blaming Trump & Hegseth in 3..2..1

[MikelTackNailer]

I’m considering GitHub an untrustworthy platform. Why does the government have so much access to it’s interior files anyway?

[XRdsRev]

That agency has lost over a third of its government employees. This “leak” was caused by a contractor (used a contractor email address) not a Federal Civil Servant.

[Uncle Lonny]

“Good enuf fer goberment work!”