Password Leaks in Docker

https://pythonspeed.com/articles/leaking-secrets-docker/

“How can you prevent copying in secrets by mistake?

  • Limited copying: Instead of COPY . /app you might copy only specific files or directories you know you need. For example, COPY setup.py myapp /app.
  • .dockerignore: You can make sure files don’t get COPYed in by adding them to the .dockerignore file.
  • Avoid manually building images: Your development machine is much more likely to have random files lying around than an automated build system, so building public images on your dev machine is more likely to leak files.
  • Store CI secrets as environment variables: If your CI or build environment needs to use secrets, keep them in environment variables rather than files on disk.”

Leave a Reply