Hacker News new | ask | show | jobs
by JimDabell 3508 days ago
> *In most cases, I think we should consider invalidating secret keys instead of trying to delete it and hope nobody saw it.

Absolutely. AWS secret keys accidentally pushed to GitHub are abused within a few minutes. There's essentially no window where published keys remain safe.
1 comments
planteen 3508 days ago
That's for a public repo. I'd bet the vast majority of companies have private repos.
link