'The Worst Leak I've Witnessed': CISA Contractor Left AWS GovCloud Admin Keys on Public GitHub for Six Months
GitGuardian discovered a public GitHub repo named 'Private-CISA' holding 844 MB of plaintext passwords, AWS GovCloud admin tokens, and Entra ID SAML certs belonging to CISA — public since November 2025. The Nightwing contractor engineer manually disabled push-protection.
GitGuardian researcher Guillaume Valadon discovered a public GitHub repository named 'Private-CISA' on May 15, 2026, holding 844 MB of plaintext passwords, AWS GovCloud administrator tokens, and Entra ID SAML certificates belonging to the federal agency responsible for defending US civilian government networks. The repository had been public since November 13, 2025 — six months. The responsible administrator had manually disabled GitHub's default secret-blocking protection.
WASHINGTON, D.C. — On May 15, 2026, GitGuardian researcher Guillaume Valadon discovered a public GitHub repository named 'Private-CISA' that had hosted 844 MB of plaintext passwords, AWS GovCloud administrator tokens, and Entra ID SAML certificates belonging to the Cybersecurity and Infrastructure Security Agency (CISA) — the federal agency tasked with defending US civilian government networks. The repository had been public since its creation on November 13, 2025 — roughly six months of exposure. Valadon told Krebs on Security the leak was "the worst leak that I've witnessed in my career." One exposed file, importantAWStokens, included administrative credentials to three Amazon AWS GovCloud servers; another, AWS-Workspace-Firefox-Passwords.csv, listed plaintext usernames and passwords for dozens of internal CISA systems. The repository was maintained by an employee of Nightwing, a CISA contractor based in Dulles, Virginia. CISA pulled the repository offline over the weekend of May 17-18, but the AWS keys remained valid for an additional 48 hours after the takedown. Commit logs show the responsible administrator manually disabled GitHub's default secret-blocking protection before pushing the sensitive files. The disclosure puts CISA at the center of a Capitol Hill accountability demand during a period when the agency has already lost roughly one-third of its workforce, is operating at 38 percent staff during the federal shutdown, and has no permanent director.
What Happened
The Repository
Valadon's GitGuardian scanners surfaced the Private-CISA repository on May 14-15, 2026. The repository had been created on November 13, 2025 and indexed publicly from creation through May 17. Across the six-month exposure window, the public repository held 844 MB of CISA operational material — credentials, certificates, internal documentation, and configuration data. Valadon told Krebs on Security it was 'the worst leak that I've witnessed in my career.' GitGuardian disclosed to CISA on May 15; CISA pulled the repository offline over the May 17-18 weekend. The remediation cycle from initial discovery to repository takedown ran roughly 72 hours.
The Exposed Material
Two files anchor the operational severity. importantAWStokens contained administrative credentials to three Amazon AWS GovCloud servers — the federally-isolated cloud environment CISA uses for sensitive workloads. AWS-Workspace-Firefox-Passwords.csv listed plaintext usernames and passwords for dozens of internal CISA systems, exported from a Firefox profile via a browser-credential export. Entra ID SAML certificates round out the most-sensitive tier; with those, an attacker could forge SAML assertions and impersonate CISA identities across the agency's Microsoft 365 and Azure footprint. The remaining 844 MB includes internal documentation, configuration snapshots, and operational artifacts the public disclosure has not exhaustively enumerated.
The Disabled Safety Net
Commit logs show the responsible Nightwing employee manually disabled GitHub's default push-protection — the secret-scanning feature that blocks commits containing keys, tokens, and passwords. With push-protection disabled, the credentials were committed to a public repository without an interception layer. This is the structural failure mode: the engineer encountered a control designed to prevent exactly this exposure and chose to bypass it. CISA reportedly had no monitoring on its contractor account that would alert on push-protection-override events. The six-month exposure window confirms the absence of compensating controls.
Scope and Impact
The Private-CISA exposure lands in the middle of the federal cyber-defense agency's most operationally constrained period in its history. CISA has lost roughly one-third of its workforce since the second Trump administration, is operating at 38 percent staff during the federal shutdown that began February 14, and has no permanent Senate-confirmed director. The bipartisan consensus that the agency is in operational trouble was already established before this disclosure; the Private-CISA repository confirms the practical consequence: the agency lacks the internal monitoring capacity to detect that one of its own contractors had been publishing administrator credentials on the public internet for six months.
The Nightwing contractor angle is the policy-engagement layer. Nightwing is a major DoD and intelligence-community contractor; CISA represents one customer in a portfolio that includes classified federal work across multiple agencies. The Capitol Hill accountability question — which TechCrunch, Dark Reading, and others have already begun asking — is whether the secrets-hygiene failure that produced Private-CISA is contained to this one CISA contract or is a structural pattern across Nightwing's federal portfolio. The HHS OIG-equivalent inquiries for DHS, plus oversight from House Homeland Security and Senate HSGAC, are now expected to follow.
Response and Attribution
CISA has pulled the repository offline and rotated the exposed AWS keys, but the 48-hour gap between takedown and key revocation is the operational lesson defenders should be reading. AWS keys must be invalidated independently of GitHub repository takedown; the two control planes operate on different timelines, and the threat-actor opportunity window sits in that gap. CISA has not publicly stated whether any threat actor accessed the exposed credentials during either the six-month exposure window or the 48-hour post-takedown gap. CloudTrail audit of every API call against the three AWS GovCloud servers during the full exposure window is the minimum acceptable forensics.
The broader cluster connects to the same pattern The CyberSignal has tracked across the spring 2026 supply-chain cycle. The Mini Shai-Hulud TanStack wave demonstrated that developer endpoints are now the highest-value credential target. The OpenAI cert rotation showed that code-signing infrastructure reachable from a developer's laptop becomes the developer's blast radius. The Private-CISA repository extends the pattern to the federal-contractor tier: a single Nightwing engineer with disabled push-protection produced a six-month exposure of US federal-government cloud credentials. The structural failure is the same — secrets material that reaches a developer workstation reaches everywhere the workstation can publish.
The CyberSignal Analysis
Signal 01 — The Federal-Contractor Push-Protection Override Pattern Is Now a Tier 1 Policy Issue
The single most defensible policy intervention is to make GitHub push-protection (or equivalent secret-blocking) non-overridable for any federal-contractor account. Federal-contractor secrets-hygiene cannot rely on the engineer's individual judgment when the engineer has the ability to disable the control. FedRAMP, GSA, OMB, and Congress have direct levers here: mandate enforced push-protection in the FedRAMP authorization baseline for any cloud-touching federal contract, require contractor-account configuration audits as a condition of award, and require alerts to the agency CISO on any push-protection override event.
Signal 02 — 'Revoke Before You Take Down' Is the Operational Lesson
The 48-hour gap between CISA pulling the repository offline and the AWS keys becoming invalid is the operational tell. Repository takedown does not invalidate credentials; the two control planes are independent. Incident-response runbooks for exposed-credentials scenarios must explicitly enumerate the credential-revocation step first, in parallel with the repository takedown, not after. The same lesson applies across cloud providers — Azure service principals, GCP service accounts, HashiCorp Vault tokens, and OAuth refresh tokens all need to be killed before the source repository is removed. Update your runbook this week.
Signal 03 — The CISA-in-Trouble Cluster Now Has a Documented Operational Consequence
The bipartisan consensus that CISA is in operational trouble is no longer theoretical. The Private-CISA repository sat publicly indexable for six months without internal detection from an agency operating at 38 percent staff. The structural finding for the policy community: the cuts to CISA have produced a documented monitoring gap with downstream federal-cloud consequences. For CISOs depending on CISA's KEV catalog and JCDC coordination, the lesson is the one The CyberSignal has been arguing for several weeks — treat CISA-issued threat intelligence as one input among several, and architect your defenses around degraded federal coordination as the baseline for the next three to five years.
