You Pushed AWS Keys to a Public Repo
Live cloud keys just landed in a public GitHub repo. A teammate says delete the file and force-push. Defend what you do first.
the decision you defend
You just pushed a commit to a public GitHub repo that contains your AWS access keys. You notice five minutes later. A teammate says just delete the file and force-push. What do you do first, and why?
the situation
You commit a quick fix and push to your team's public GitHub repo. Five minutes later you realize the commit includes a config file with a live AWS access key and secret.
context
The key belongs to an account with permissions to your S3 buckets and some compute. The repo is public and has a few forks. A teammate says: just delete the file, force-push to rewrite the commit, and we are fine.
How this challenge works
Take a position on the decision above and defend it. A senior-engineer AI will push back over up to 4 rounds. When you are done, you are scored against a verified rubric so you can see exactly what a complete answer covers - these are learning prompts, not gotchas.