25 lines
1.2 KiB
Plaintext
25 lines
1.2 KiB
Plaintext
Using ENV to handle secrets can lead to sensitive information being disclosed
|
|
to an inappropriate sphere.
|
|
|
|
The `ENV` commands in a Dockerfile are used to configure the container
|
|
environment. The variables set that way can be used at image build time,
|
|
during the execution of commands in the container, or at run time.
|
|
|
|
In most cases, environment variables are used to propagate configuration items
|
|
from the host to the container. A typical example is the `PATH` variable, used
|
|
to configure where system executables are searched for.
|
|
|
|
Using `ENV` to propagate configuration entries that contain secrets causes a
|
|
security risk. Indeed, in most cases, artifacts of those values are kept in the
|
|
final container image and, thus, disclosed to its users. The secret information
|
|
leak can happen either in the container environment itself, the image
|
|
metadata or the build environment logs.
|
|
|
|
The concrete impact of such an issue highly depends on the secret's purpose and
|
|
the exposure sphere:
|
|
|
|
* Financial impact if a paid service API key is disclosed and used.
|
|
* Application compromise if an application's secret, like a session signing
|
|
key, is disclosed.
|
|
* Infrastructure component takeover, if a system secret, like a remote access key, is leaked.
|