cd /news/ai-safety/your-github-actions-logs-are-leaking… · home topics ai-safety article
[ARTICLE · art-13983] src=dev.to pub= topic=ai-safety verified=true sentiment=↓ negative

Your GitHub Actions Logs Are Leaking LLM Keys and Your SIEM Isn't Catching It

A security audit of a client's GitHub Actions workflows uncovered three live LLM API keys, including one in a committed `.env.staging` file, that had been leaking in plaintext through CI/CD pipelines. The keys, which remained active and unrotated, exposed the organization to potential quota drain and prompt data exposure. The developer used CheckAPIs, a client-side validation tool, to quickly assess the blast radius across 12+ providers before reporting the findings.

read2 min publishedMay 26, 2026

You've locked down your AWS credentials. You've got secret scanning on your repos. You rotate your database passwords.

But LLM API keys? Those are sitting in plaintext in your pipeline — and nobody's rotating them.

LLM API keys exploded in the last two years. Every team has them now: OpenAI for the chatbot, Anthropic for the internal tool, Groq because someone read a benchmark. They get pasted into CI/CD workflows, hardcoded into Dockerfiles, committed in .env.example

with real values, echoed in build logs.

The usual secrets scanning tools weren't built for them. GitLeaks and TruffleHog have patterns for AWS and Stripe, but coverage for sk-ant-api03-...

or gsk_...

is inconsistent. And unlike a database password, a leaked LLM key doesn't crash your app — it just silently drains your quota and potentially exposes your prompts.

During a recent audit of a client's GitHub Actions setup, I found three LLM API keys across two workflows:

.env.staging

file committed "temporarily"All three were still live.

The hard part wasn't finding them — it was quickly assessing blast radius before writing the report. Which models do these keys unlock? Are they on a paid plan? What rate limits are attached? Writing provider-specific curl scripts for each one wastes time you don't have during an engagement.

I've been using CheckAPIs for this step. Paste the keys, get back:

Supports 12+ providers: OpenAI, Anthropic, Google Gemini, Groq, Mistral, Cohere, HuggingFace, Replicate, Together AI, Perplexity, Azure, AWS Bedrock.

The important part for client work: everything runs client-side. The validation calls go directly from your browser to the provider's API — no proxy, no logging, no third party ever sees the key.

curl -X POST https://checkapis.pages.dev/api/check \
  -H "Content-Type: application/json" \
  -d '{"keys": ["sk-proj-...", "sk-ant-api03-..."]}'

Finding the key is step one. Here's the remediation checklist I hand off:

Immediate

Pipeline hardening

set +x

before any step that uses themDetection

LLM keys are credentials. They have blast radius: financial (quota drain), data (prompt/completion logs on the provider side), and reputational (your key used for abuse). Treat them exactly like you'd treat an AWS access key.

The tooling hasn't caught up yet — which means right now, in most orgs, they're the path of least resistance.

CheckAPIs is open source — github.com/Teycir/CheckAPI

source & further reading
dev.to — original article The Next Big “Cult App” Probably Isn’t Another Social Media Platform From Template to Production-Shaped: An AI-Native Dev Flow for Go Side Projects Everyone's Building Jarvis. Nobody's Even Close.
── more in #ai-safety 4 stories · sorted by recency
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/your-github-actions-…] indexed:0 read:2min 2026-05-26 ·