Skip to Content
Kuboid Logokuboid/Vinay Sheoran
[ WRITING & INSIGHTS ]

Engineering discipline, in print.

Deep dives, guides, and strategic commentary on software engineering leadership, security compliance, scaling databases, and building production-grade LLM workflows.

API Keys in GitHub — How Leaked Credentials Cause Cloud Breaches
Mar 5, 2026Secrets Management

API Keys in GitHub — How Leaked Credentials Cause Cloud Breaches

The commit was pushed at 11:47 PM. By 12:03 AM — 16 minutes later — an automated bot had found the AWS access key and began spinning up EC2 instances. By morning, 340 instances were running across 6 regions. The bill: $80,000 over 36 hours. Here's exactly how it happens — and how to make sure it doesn't happen to you.