Code Room
On-callMediumoc-g143
Subject Credential leakLevel Mid–Senior~35 minCommon in Security interviewsIndustries Technology, Software development

Question

A researcher emails security@: your production '.env' file is being served at https://app.example.com/.env (HTTP 200, full contents). It contains a database URL with password, a SendGrid API key, a JWT signing secret, and an OAuth client secret. Web access logs show the path /.env has been requested ~4,000 times over the past 11 days from many IPs (it's a common scanner target). A static-export build config change shipped 11 days ago. How do you triage, contain, and remediate this secret exposure?

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.