Information
Do not store any secrets in Dockerfiles.
Rationale:
Docker images are not opaque and contain information about the commands used to build them. As such secrets should not be included in Dockerfiles used to build images as they will be visible to any users of the image.
Impact:
A proper secrets management process will be required for Docker image building.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Do not store any kind of secrets within Dockerfiles. Where secrets are required during the build process, make use of a secrets management tool, such as the buildkit builder included with Docker.
Default Value:
By default, there are no restrictions on storing config secrets in the Dockerfiles.