A CISA contractor accidentally published dozens of internal credentials, including AWS Govcloud access keys, to a public GitHub repository for nearly six months before the agency was alerted by a security researcher, prompting an internal postmortem on response gaps.