4.10 Do not store secrets in Dockerfiles

Information

Do not store any secrets in Dockerfiles.Dockerfiles could be backtracked easily by using native Docker commands such as docker
history and various tools and utilities. Also, as a general practice, image publishers
provide Dockerfiles to build the credibility for their images. Hence, the secrets within these
Dockerfiles could be easily exposed and potentially be exploited.

Solution

Do not store any kind of secrets within Dockerfiles.Impact-You would need to identify a way to handle secrets for your Docker images.Default Value-By default, there are no restrictions on storing config secrets in the Dockerfiles.

See Also

https://workbench.cisecurity.org/files/517

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 6e3ba883d7c60c770114aa9d1e56706c34030597bbbd67427b6a963860b00014