I can't speak for other forms of credentials, but I have found AWS to be *embarrassingly* pro-active in finding plaintext AWS credentials in public repos, usually within minutes, and immediately disabling them - then telling us about it.
Some have said "ooh they should tell people first" - but I strongly disagree! "If AWS finds this token in the wild they WILL shut it off and you will have an outage and it's your own fault" is a delightful way to get engineers for whom best practice is not a priority to sit up and take notice. Being able to point at the 800-lb gorilla makes my job easier. A big, inevitable but easily avoided failure mode you can point out is one that can be used as a forcing function. Other providers should follow suit.
Tom Bortels
npub1rn…d3jhp
2026-05-23 03:23:04 UTC
in reply to nevent1q…qpn7
Author Public Key
npub1rn4zj5tz68y4q4cgtw5arwlrcca8wn9h6je2qecz7cgc257pawrq2d3jhpSeen on
wss://relay.momostr.pinkPublished at
2026-05-23 03:23:04 UTCEvent JSON
{
"id": "5b7d3fa370db1f773ba7abed93519c714e0028cdf2773a02eb53024f0d237482",
"pubkey": "1cea295162d1c95057085ba9d1bbe3c63a774cb7d4b2a06702f6118553c1eb86",
"created_at": 1779506584,
"kind": 1,
"tags": [
[
"p",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"e",
"d90226bf265279f580f63eb80c7a7570512fa92a75001351f9ee2632d591e007",
"",
"root",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"proxy",
"https://infosec.exchange/@tbortels/116621743545507795",
"web"
],
[
"e",
"cf5edb3fa60a6bfe1f8fe20487a8bea432905de22e541e8942a273002290a4fa",
"",
"reply",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"proxy",
"https://infosec.exchange/users/tbortels/statuses/116621743545507795",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/tbortels/statuses/116621743545507795",
"pink.momostr"
],
[
"-"
]
],
"content": "I can't speak for other forms of credentials, but I have found AWS to be *embarrassingly* pro-active in finding plaintext AWS credentials in public repos, usually within minutes, and immediately disabling them - then telling us about it.\n\nSome have said \"ooh they should tell people first\" - but I strongly disagree! \"If AWS finds this token in the wild they WILL shut it off and you will have an outage and it's your own fault\" is a delightful way to get engineers for whom best practice is not a priority to sit up and take notice. Being able to point at the 800-lb gorilla makes my job easier. A big, inevitable but easily avoided failure mode you can point out is one that can be used as a forcing function. Other providers should follow suit.",
"sig": "e7cb814b60c81ef34dd8b6d8f9ded56bf6729e6fedc48ed4d6a1fcc1fe4c78912d5ae728471484d3709c8e5dfbe2fd384dcddac090abeb5c95fb93d196fc2876"
}