Safeguard
DevSecOps

What is a CI/CD Secrets Leak

A CI/CD secrets leak exposes real credentials through build logs, forks, or compromised Actions. Here's how it happens and how to stop it.

Priya Mehta
DevSecOps Engineer
7 min read

A CI/CD secrets leak happens when credentials your build pipeline needs to function — API keys, cloud IAM tokens, database passwords, signing keys, npm or PyPI tokens — end up somewhere an attacker can read them: a public GitHub repo, a build log, a compromised third-party Action, or a misconfigured artifact bucket. It is not a hypothetical risk. In April 2021, attackers modified Codecov's Bash Uploader script and quietly exfiltrated CI environment variables from thousands of customer pipelines for two months before anyone noticed. In January 2023, CircleCI disclosed that malware on an engineer's laptop let an attacker steal session tokens and access customer secrets stored in its system, forcing a mass rotation event across the industry. GitGuardian's 2024 State of Secrets Sprawl report found 12.8 million new secrets exposed on public GitHub in 2023 alone — a 28% jump year over year. This is a structural problem in how modern pipelines are built, not a series of isolated mistakes.

What Is a CI/CD Secrets Leak?

A CI/CD secrets leak is the unintended exposure of a credential that a build, test, or deployment pipeline uses to authenticate to another system. That includes cloud provider keys (AWS, GCP, Azure), source control tokens, container registry credentials, package manager publish tokens, Slack or PagerDuty webhooks, and database connection strings. The defining trait is not where the secret lives normally — in a vault or a CI provider's encrypted variable store — but where it ends up accidentally: printed to a build log, hardcoded in a Dockerfile, committed to a .env file, or cached in a build artifact that gets uploaded to a public bucket. Unlike a stolen laptop or a phished password, a leaked CI/CD secret is often reusable across every environment the pipeline touches, which is why a single leaked key can cascade into production database access, cloud infrastructure control, or the ability to push malicious code under a trusted identity.

How Do Secrets Actually Get Into CI/CD Pipelines in the First Place?

Secrets get into pipelines because developers optimize for "make the build pass" faster than security teams can optimize for "make the build safe." The most common path is a hardcoded credential committed directly into source — a config.py or application.yml with a real AWS access key, often copy-pasted from a working local .env file during a deadline crunch. The second most common path is third-party CI plugins and GitHub Actions: pipelines routinely install community-maintained Actions that request broad permissions and, if compromised upstream (as happened with the tj-actions/changed-files Action in March 2025, which was tampered with to dump CI runner memory into build logs), can print every secret in scope to a log that CI providers retain for 30-90 days by default. A third path is fork-based pull request workflows: Travis CI disclosed in 2021 that secrets from a base repository were exposed to forked pull request builds for years, letting anyone who forked a public repo and opened a PR read the parent repo's environment variables in the build log.

What Actually Happened in the Codecov and CircleCI Breaches?

In both cases, attackers targeted the CI tooling supply chain itself rather than any single customer. Codecov's Bash Uploader — a script over 29,000 customers ran inside their own CI jobs to send coverage data — was altered by an attacker who gained access to Codecov's Docker image creation process in January 2021, and the tampered script exfiltrated CI environment variables (including AWS keys, GitHub tokens, and database credentials) to an external server for roughly two months before Codecov caught it in April 2021. HashiCorp and Twilio both later confirmed the incident touched their internal systems. CircleCI's December 2022 breach worked differently but converged on the same outcome: malware on a single employee's laptop stole a 2FA-backed session token, giving the attacker access to CircleCI's production systems and, by extension, the ability to read customer secrets stored in CircleCI's environment variable and context features. CircleCI publicly told every customer to rotate all secrets stored in the platform — a costly, manual remediation exercise that illustrates the blast radius of a single upstream CI vendor compromise.

Why Are CI/CD Secrets Leaks So Hard to Catch Before They're Exploited?

They're hard to catch because the leak and the exploitation are separated in time, system, and owner. A secret committed to a private repo in 2022 can sit unused for years before that repo is made public, forked, or breached through an unrelated vector — Toyota disclosed in May 2022 that an access key left in a public GitHub repository for nearly five years had exposed the personal data of up to 296,019 customers, and the key had been sitting there since 2017. Security teams also typically split responsibility for secrets across three tools that don't talk to each other: source code scanning catches hardcoded secrets in git history, CI provider logs are reviewed (if at all) manually, and cloud IAM monitoring only flags anomalous key usage after a key is already being abused. A scanner that only checks the default branch misses secrets sitting in stale feature branches, force-pushed commits still reachable via git reflog, or build artifacts cached in registries. Mandiant's investigation into the 2023 MOVEit-adjacent breaches and multiple GitGuardian incident reports both note that the average validated secret sits exposed for over 200 days before rotation once discovered — and most are never actually confirmed as valid or invalid, so teams rotate blindly or not at all.

How Can Security Teams Actually Prevent CI/CD Secrets Leaks?

The most effective prevention combines eliminating long-lived secrets with catching the ones that inevitably still leak. Short-lived, workload-identity-based authentication — OIDC federation from GitHub Actions or GitLab CI directly to AWS/GCP/Azure IAM roles, instead of storing static access keys as CI secrets — removes the highest-value target entirely, since there's no durable key to leak. For credentials that can't be federated (database passwords, third-party SaaS API keys), pulling them at runtime from a vault (HashiCorp Vault, AWS Secrets Manager) with short TTLs limits how long a leaked value stays valid. Pre-commit and pre-push secret scanning (gitleaks, GitGuardian's ggshield, TruffleHog) stops the majority of hardcoded-credential leaks before they ever reach a remote branch, and CI-log redaction settings should be enabled by default rather than opt-in. Least-privilege scoping matters just as much as detection: a leaked token that can only read one S3 bucket is a incident; a leaked token with account-wide admin, like the one phished from an Uber contractor in September 2022 that turned out to have hardcoded access to the company's Thycotic privileged access management vault, is a breach.

How Safeguard Helps

Safeguard closes the gap between "a secret leaked" and "a secret was exploitable" by running reachability analysis on every credential and dependency exposure it finds, so security teams triage the leaked API key with a live path to production data before the one sitting in a dead code branch nobody deploys. Griffin AI, Safeguard's detection engine, correlates leaked secrets across CI logs, git history (including force-pushed and reflog-only commits), and container images to validate whether a credential is still active rather than flagging every historical match as equally urgent. Safeguard generates and ingests SBOMs across your build pipeline to track exactly which workflows, third-party Actions, and base images had access to a given secret at leak time, narrowing rotation scope instead of forcing a blind, company-wide credential reset. When a fix is available — pinning a compromised Action to a known-good SHA, moving a hardcoded key to OIDC federation, or removing a secret from a cached build artifact — Safeguard opens an auto-fix pull request so the remediation ships in minutes, not the 200-plus days industry data shows most leaked secrets sit exposed today.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.