OWASP WrongSecrets

Find the secret hidden in the WrongSecrets repository. This challenge focuses on Documentation.

💡 Look for: Configuration files, source code, environment variables, Docker files, or cloud infrastructure related to this challenge.

A user accidentally reveals the new AWS Secret key in conversation between him and his friend in a GitHub issue.

Can you spot the secret in our GitHub repository?

🔑 Enter the secret you found: 💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

🔍 What's Wrong?

Why storing secrets in closed GitHub issue is a bad idea?

You should never reveal any secret in a GitHub issue because even when the issue is closed all data is public and is very easy to spot.

So go through the issue twice before posting it on any repository.