ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "Secrets inside packages, scanning Python PyPi for credentials with Tom Forbes"
Episode Synopsis
In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.
Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.
More episodes of the podcast The Security Repo
Why Attackers Don’t Care About Your Contracts: A Deep Dive Into Exploit Markets – Evan Dornbush
14/01/2026
The CISO Whisperer Approach: Security Leadership, Empathy, and ‘Dad Bod’ Metrics – Douglas Brush
17/12/2025
Scaling Open Source Observability and Managing Risk in the Software Supply Chain – Avi Press
10/12/2025
Why Technical CISOs Matter and How AI Is Shaping Security Ops - David Cross on Leading Security
26/11/2025
In God we trust