In January 2021 CodeCov suffered from a security breach. The mechanism:
The [malicious] actor gained access because of an error in Codecov’s Docker image creation process that allowed the actor to extract the credential required to modify our Bash Uploader script.
It’s unclear from the description what specific kind of secret was involved, but as you can see leaking secrets can be a significant problem. You want to ensure your secrets don’t end up getting leaked in your image!
In this article I’m specifically going to focus on the security of build secrets. Building a Docker image often involves installing packages or downloading code, and if you’re installing private code you often need to gain access with a secret: a password, a private key, a token. You don’t want those secrets to end up in the final image, though; if it’s in the image, anyone with access to the image can extract it.
Unlike docker run, which supports environment variables (-e) and volumes, docker build has traditionally never had a good solution for securely using secrets. So how do you use build secrets in Docker without leaking them?
In this article you’ll learn:
- Some seemingly reasonable but actually insecure or problematic solutions.
- The easy solution, if you can use modern Docker features.
- The sneaky, backwards-compatible solution: getting secrets in through the network.
- Other potential approaches.
from Planet Python
via read more
No comments:
Post a Comment