Code Room
On-callMediumoc-g353
Subject Credential leakLevel Mid–Senior~30 minCommon in Security interviewsIndustries Software development, Technology

Question

At 09:10 your secret-scanning tool fires on the public `acme/docs` repo: a Stripe **restricted** API key. The committing engineer is already on it — they `git rm`'d the file and force-pushed 8 minutes ago, and the file is gone from the tip. They mark the alert resolved and tell you "handled, the secret's deleted." The repo has been public for 14 months. Your billing dashboard shows nothing unusual yet. Is this actually contained? Walk through how you triage the real exposure window, decide whether to rotate, and what you check before closing this out.

What a strong answer looks like

Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.

Diagram & narrate the incident
Loading whiteboard…
Run or narrate your approach, then ask the coach.