alt Hacker NewsI wouldn’t recommend this. What if GitHub’s token scanning service went down. Ideally GitHub should expose an universal token revocation endpoint. Alternatively do this in a private repo and enable token revocation (if it exists)
I wouldn’t recommend this. What if GitHub’s token scanning service went down. Ideally GitHub should expose an universal token revocation endpoint. Alternatively do this in a private repo and enable token revocation (if it exists)
You're revoking the attacker's key (that they're using to upload the docs to their own account), this is probably the best option available.
Obviously you have better methods to revoke your own keys.