[civopsec]

Scanning repos for secrets has been a thing for a while now. But seeing Tencent might put people on edge.

[atonse]

Secret scanning is a thing.

But this is an excellent next step where they build an integration with these partners where, as soon as a secret is scanned, they can notify tencent/AWS/other providers automatically to instantly invalidate those keys before they’re abused.

That’s what’s novel here.

[civopsec]

I wasn’t commenting about whether it was novel or standard practice. OP seemed to have gotten the heebie-jeebies from the submission title.