Service availability was temporarily affected for users attempting to access GitHub-integrated features on the platform. Specifically, operations that depend on GitHub organization credentials such as connecting GitHub accounts or repositories were unavailable during the incident window. The issue began on April 27, 2026 at 18:26 (UTC-5) and was identified proactively by our engineering team within minutes of onset. Full service was restored by April 28, 2026 at 10:22 (UTC-5), resulting in a total window of exposure of approximately 15.8 hours (WOE).
During a scheduled maintenance task involving the rotation of internal service credentials, a subset of credentials required for GitHub integrations was unintentionally removed from our secrets management system. The removal was based on an incorrect assessment that those credentials were no longer in active use. As a result, several internal processes that depend on GitHub API access stopped functioning, which in turn affected the availability of GitHub-related features on the platform.
Our engineering team identified the affected credentials and restored them as part of an emergency fix, with values rotated as a security best practice. Service was fully restored upon deployment of the fix. No credential values were exposed as part of this incident.
This incident underscores the importance of validating credential usage across all consumers before removal during rotation procedures. We are strengthening our rotation workflows to include automated checks that confirm a credential is fully decommissioned across all dependent systems prior to deletion, reducing the likelihood of a similar issue in the future.
ROTATION_FAILURE < MISSING_TEST < INCOMPLETE_PERSPECTIVE