Question
A customer opens a support ticket with a screenshot showing your CI build logs are **public** for open-source PRs, and one log line prints `SNOWFLAKE_PASSWORD=...` in full — a `set -x` left on in a build script echoed the env. The exposed account is a read-only analytics warehouse user. Logs for ~600 PR builds over 5 weeks are public. Snowflake's login history shows logins only from your CI egress IPs and your office — nothing foreign. An engineer argues "it's read-only and no foreign logins, low severity, fix the script Monday." How do you triage and what's your call?
Stop the bleeding first (mitigate), then form hypotheses from real signals. Separate root cause from symptom, communicate status as you go, and close with what prevents a repeat.