Challenge 4 ☆☆
Welcome to challenge 4. You need to guess the secret
that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.
The developer got smarter: now the password is no longer defined by Spring, but by means of a docker container build argument.
You can easily spot it by looking at how the layers got constructed.
Why using containers to put secrets in is a bad idea
As you can tell by now, you can easily detect any secret that stored within a container. Whether it is an ENV, a file, or another property: if a system can read it, so can a human.
Given it is a best practice to let a container be immutable and versioned, you will often end up with the secret within a container forever, unless you remove it again from the registry.
You have finished all the doable challenges! Congratulations!
We hope you have enjoyed the ride! And have learned something about the pitfalls in secrets