A CISA Contractor Turned Off GitHub's Secret Detection On Purpose, Then Pushed AWS GovCloud Admin Keys and Plaintext Passwords to a Public Repo for Six Months

What Happened

On May 18, 2026, Brian Krebs published a report at KrebsOnSecurity on a public GitHub repository named "Private-CISA" maintained by a contractor employed by Nightwing, a Dulles, Virginia–based government services firm. The repository sat open on the public internet from November 13, 2025 until shortly after Krebs published. In that six month window, anyone with a browser could read what was inside.

What was inside, according to GitGuardian researcher Guillaume Valadon, included administrative credentials for three AWS GovCloud accounts, plaintext passwords stored in CSV files with names like AWS-Workspace-Firefox-Passwords.csv, authentication tokens, access to CISA's internal "artifactory" code package repository, and credentials to internal systems including "LZ-DSO," the agency's Landing Zone DevSecOps environment. Build, test, and deployment procedures for CISA software sat next to the credentials needed to use them.

Valadon's quote, after a career spent finding exactly this kind of mistake: "Passwords stored in plain text in a csv, backups in git, explicit commands to disable GitHub secrets detection feature." Worst leak he had ever seen.

The Detail That Makes This Worse: Secret Detection Was Disabled On Purpose

GitHub ships a feature called Push Protection that automatically blocks commits containing recognizable secret formats—AWS access keys, GitHub personal access tokens, Slack webhooks, Stripe keys, and several dozen others. The feature is on by default for new accounts. To push a secret to a public GitHub repository, you have to actively bypass it. The commit log on the Private-CISA repository showed that bypass happening.

The administrator had typed the commands to turn the protection off. Then they typed the commands to commit credentials. Then they pushed. Then they did it again, repeatedly, over six months. The leak is not an accident in the ordinary sense—an accident is a wrong button. This is a series of deliberate keystrokes whose only safe interpretation is that the operator did not understand what would happen.

What an Attacker With This Access Could Do

Philippe Caturegli of the security firm Seralys confirmed to Krebs that the exposed credentials granted high-privilege access to AWS GovCloud, the version of AWS purpose-built for federal customers handling Controlled Unclassified Information. GovCloud customers run workloads from federal civilian agencies, the Department of Defense, and the intelligence community. The credentials in the Private-CISA repo were not pointed at CUI directly, but they did unlock the artifactory.

An artifactory is the trusted source from which CISA's build pipeline pulls dependencies into production software. Read access to an artifactory is reconnaissance. Write access to an artifactory is a supply chain attack waiting to happen. An attacker who could push a poisoned dependency into the artifactory—and the leaked credentials suggested they could—would have a backdoor in every CISA service that consumed the build the next time it ran.

This is the same pattern that hit SolarWinds, 3CX, and—just two days before this leak became public—the GitHub TeamPCP breach. Trusted build infrastructure is the highest-value target in the industry, and CISA's was sitting behind credentials anyone could read.

The Numbers

• September 2018: GitHub account created
• November 13, 2025: Private-CISA repository created (and made public)
• May 15, 2026: GitGuardian alerts KrebsOnSecurity to the leak
• ~6 months: Window during which the credentials sat exposed
• 3 AWS GovCloud accounts with administrative access
• 48+ hours after the agency was notified, AWS keys were still valid
• Multiple internal systems exposed, including artifactory and LZ-DSO

Agency Response: "No Indication of Compromise"

CISA's official line, in response to the Krebs report: "Currently, there is no indication that any sensitive data was compromised as a result of this incident. CISA is investigating and implementing additional safeguards." The phrasing is careful. "No indication of compromise" is consistent with both "we have not been breached" and "we have not yet looked carefully enough to determine if we have been breached." For credentials that were public for six months, the second possibility is at least worth investigating.

Nightwing—the contractor employing the administrator—declined to comment. CISA's full forensic analysis is presumably ongoing. The agency that exists to advise the rest of the federal government on cybersecurity hygiene has, in this case, become the subject of the advisory.

The Broader Pattern: Contractors and Credential Hygiene

Federal cybersecurity programs run on contractors. The contractors that win those programs do so by underbidding the next contractor on price, which usually means leaner staffing and less rigorous internal training. The same week as this leak, Microsoft was disrupting Fox Tempest, Drupal was patching CVE-2026-9082, and GitHub was confirming the TeamPCP breach. Every one of those incidents had a credential-management failure at the center of it. The Private-CISA repo is just the same failure with a Treasury-grade label attached.

Push Protection, secret scanning, automated CI checks, and managed identity providers all exist precisely to make this mistake hard to make. The Private-CISA repository proves that all of those controls share a single failure mode: the operator who can turn them off.

What Defenders Should Do This Week

• Enforce Push Protection at the organization level, not the repository level. Organization-level Push Protection cannot be disabled by individual contributors. Settings → Code security → Push protection → Enable for all repositories.
• Mandate short-lived credentials. AWS IAM Identity Center, AssumeRole flows, and AWS SSO can shrink credential lifetimes from years to hours.
• Set up GitHub's free Secret Scanning for public repos. Even if Push Protection is bypassed, secret scanning will flag the secret after the fact and notify the providers (AWS, Stripe, Slack) to revoke it.
• Audit every public repository in your organization for leaked secrets. Tools like TruffleHog, GitGuardian, and Gitleaks can run this scan in minutes. Run it on contractor repositories too.
• Run a credential review against every laptop your contractors use. If your contractor's GitHub account contains your AWS keys, your contractor's laptop contains your AWS keys.
• Treat plaintext password backups in CSV as a fireable offense. The hardest control to enforce is the cultural one.

Why This Matters for Email Users

Credentials exposed in repositories like Private-CISA do not stay exposed in isolation. Within hours of a public-repo leak being discovered, automated scanners harvest the credentials, and the credentials get sold or shared. AWS Workspaces, the federal email-and-collaboration platform built on top of AWS, contains correspondence, attachments, and shared documents from every federal employee with a Workspaces seat. A six-month window of administrative GovCloud access is a six-month window of potential silent email exfiltration.

The chain ends in the same place every supply-chain story ends: in the inboxes of people who never heard the contractor's name and never agreed to be downstream of their mistakes.