Incident Response

CRTH08 So, My Credentials Have Been Leaked...Now What?


2:30pm - 3:45pm

Level: Introductory

Dwayne McDaniel

Developer Advocate


While we can hope our passwords, API Keys, and certificates are secure and private, hope is not a strategy. Sometimes our credentials become published in a log, source code, or some other source a malicious actor can access. In the best-case scenario, you find out immediately and can work to fix the issue without impacting any other systems or teams. In the more likely worst-case scenario, you have to go through some painful conversations and take significant time away from pushing customer delighting code to deal with a pretty scary circumstance.

What makes credential leakage such a terrifying topic is, at least in part, the paralysis of not knowing what to do, or where to start the conversation. In mature organizations, security teams might have protocols and email addresses in place to escalate these situations. In many organizations, you might be starting from scratch.

This session will look at how to deal with credential leaks from detection through closing the final related ticket the incident generated. We will look at topics such as validation of secrets, scoping impact, assembling the right players, to how to offload tribal knowledge with tools like notebooks and playbooks. We will also take a look at how to prevent future leaks with some open-source tools and non-intrusive workflow adjustments.

You will learn:

  • How to tell if you have a secret leakage incident
  • An overview of incident response planning
  • About creating playbooks for future incident preparedness