Security Alert: Leaked Gcp Service Account Key
Your repository contains a Gcp Service Account Key that has been identified in a public repository.
| Detail |
Value |
| File |
gcs.json |
| Status |
Exposed in public repository |
Immediate Actions
- Rotate the secret immediately in your google dashboard
- Remove the secret from source code
- Add
.env to .gitignore (if not already)
- Use
git filter-branch or BFG Repo-Cleaner to remove from git history
- Consider using environment variables or a secrets manager
About This Alert
This is a responsible disclosure. We attempted to file this as a private security advisory first. The secret value has NOT been stored or shared beyond this notification.
GitHub's automated secret scanning may have already notified the service provider. However, your repository still contains the exposed credential, which should be removed and rotated.
Vibe Scanner - responsible disclosure for leaked secrets
Security Alert: Leaked Gcp Service Account Key
Your repository contains a Gcp Service Account Key that has been identified in a public repository.
gcs.jsonImmediate Actions
.envto.gitignore(if not already)git filter-branchor BFG Repo-Cleaner to remove from git historyAbout This Alert
This is a responsible disclosure. We attempted to file this as a private security advisory first. The secret value has NOT been stored or shared beyond this notification.
GitHub's automated secret scanning may have already notified the service provider. However, your repository still contains the exposed credential, which should be removed and rotated.
Vibe Scanner - responsible disclosure for leaked secrets