Incident ChecklistResources

DevSecOps Secret Leak Response Checklist

A response checklist for teams that discovered secrets in Git history, CI logs, packages, containers, or developer machines.

Risk & Regulation Signals

Deleted secrets that remain valid in logs, forks, caches, or packages.

No evidence of whether leaked credentials were used.

Long-lived CI/CD tokens with excessive production privileges.

Built For

DevOps teams responding to leaked tokens or credentials.

Security teams separating code cleanup from incident response.

Engineering leaders reducing repeat secret leaks in CI/CD.

Triage exposed credentials, revoke access, rotate secrets, and verify blast radius.

Clean Git history without treating cleanup as the whole fix.

Build prevention gates for future leaks in pull requests and pipelines.

Related advisories will appear here as disclosures are published.

Is deleting the secret from Git enough?

No. The credential must be revoked or rotated, usage logs must be reviewed, and downstream systems must be checked.

What should happen in the first 30 minutes?

Identify the secret type, revoke or limit it, preserve evidence, check access logs, and assign owners for rotation and validation.

Talk with Eresus Security about scoped testing, threat modeling, and remediation priorities for this workflow.