Challenge 3

Welcome to challenge Challenge 3.

Docker ENV based password

Did you know that you can use the ENV as well in Docker containers to set the password? What a great idea to share it with everyone!

You can easily spot the secret by looking at how the layers were constructed or detecting it with a tool like Dockle.

💡 Tip: Secrets are often strings, numbers, or encoded values. Copy and paste exactly what you find.

Why using containers to put secrets in is a bad idea

As you can tell by now, you can easily detect any secret that stored within a container. Whether it is an ENV, a file, or another property: if a system can read it, so can a human.

Given it is a best practice to let a container be immutable and versioned, you will often end up with the secret within a container forever, unless you remove it again from the registry.

Interesting ENV vars for you to have a look at can be found at this list.


⬅️ Previous
🏠 Main Page
Next ➡️
0