Leaked Secret Detection & Revoke Workflow
It scans every GitHub push for exposed credentials. If a secret is found, the pipeline is blocked and the issue is escalated to the concerned team.
GitHub Webhook
Developer pushes code to any branch
Webhook Event
Receive push event payload
Secret Scanner
Scan commit diff for secrets
CI Pipeline
Allow pipeline to proceed
Branch Protection
Block the pipeline immediately
#security-alerts
Send urgent secret leak alert
On-Call
Page on-call security engineer
Security Incident
Auto-create incident ticket
On-Call Engineer
Investigate, revoke, and rotate secret
Secret Store
Store rotated secret in Vault
On-Call Engineer
Restart or redeploy affected services
History Cleanup
Purge secret from git history
Security Metrics
Emit security event metric
Recipe
14 nodes · 3 phasesLeaked Secret Detection & Revoke Workflow
It scans every GitHub push for exposed credentials. If a secret is found, the pipeline is blocked and the issue is escalated to the concerned team.