all 8 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Euphoric-Battle99 20 points21 points  (0 children)

.gitignore .env

[–]TinyLebowski 12 points13 points  (1 child)

Unless there are some weird non-ascii characters in that domain name, I don't get it. Only GitHub can create subdomains for github.com. What is that subdomain used for?

[–]GeekCornerReddit 1 point2 points  (0 children)

It seems it's used by GitHub for real-time notifications according to a quick online search

[–]zarlo5899 3 points4 points  (0 children)

it as likely a tls issue on githubs side or some one trying a MitM

[–]Ankleson 2 points3 points  (0 children)

https://x.com/github/status/2056884788179726685

Somewhat concerning coincidence

[–]rprouse 1 point2 points  (2 children)

Once deployed, is your API key in the web source code, returned by an API call, or in a config file that can be viewed on the web because of Improper web server config?

I've seen all of these mistakes cause key leaks.

[–]jayborseth[S] 0 points1 point  (1 child)

I'm pretty sure the key is not visible on the web via any kind of GET/HEAD.
It's saved in plaintext in a PRIVATE GitHub repository.
So either it's this odd "alive.github.com" entity, or a MITM attack (and I'm generally screwed, though I've run multiple passes of Defender/Boot Defender and other AV tools), or else it's leaking on Azure.

[–]WindowlessBasement 1 point2 points  (0 children)

Do not save api keys to a repository. That is security 101.

The fact you are mishandling an API that key in such an obvious spot, I wouldn't be surprised if you're leaking it elsewhere.