# Secrets Scanning and SDLC Leak Response One-sentence definition: Detect and remediate credentials/API keys committed to repos or artifacts. ## Key Facts - Scan repos, CI logs, images; use pre-commit hooks and pipeline scanners. - If leaked: revoke/rotate, audit usage, add PoP/mTLS; notify owners. - Prevent reappearance with allowlists/deny patterns and education. - Track MTTR for secrets leaks; reduce long-lived secrets. - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Choose automated rotation + short-lived tokens as durable fix. **Mnemonic:** “**Find**, **flip**, **forbid**.” ## Mini Scenario Q: Key in public repo 6 months—priority? A: Immediate revoke/rotate; investigate access; invalidate tokens. ## Revision Checklist - Two scan targets. - Immediate actions. - Prevention tactic. ## Related [[Secrets Rotation Strategies (Short-Lived Credentials)]] · [[Service-to-Service Auth (API Keys OAuth mTLS DPoP)]] · [[Cloud IAM Role Assumption and Temporary Credentials]] · [[Testing in CI CD (Shift Left and Right)]] · [[Domain 7 - Index]]