Skip to content

CRITICAL: Rotate exposed google_api_key in markets repo #56

Description

@don-petry

Summary

Secret scanning detected an exposed google_api_key in petry-projects/markets (alert opened 2026-04-01). This key must be rotated immediately.

Findings

  • Alert type: google_api_key
  • Status: OPEN since 2026-04-01
  • Repo: petry-projects/markets

Recommended Actions

  1. Rotate the API key in Google Cloud Console immediately
  2. Review the secret scanning alert in the markets security tab to identify the exact commit/file
  3. If the key was committed to history, consider using git filter-repo or BFG to scrub it
  4. Add the key pattern to .gitignore and use GitHub environment secrets instead
  5. Close the secret scanning alert once remediated

Context

Identified during weekly org CI/Security survey on 2026-04-05.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugBug reportssecuritySecurity-related PRs and issues

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions