Detect secrets

Prisma Cloud can detect sensitive information that is improperly secured inside images and containers. Scans can detect embedded passwords, login tokens, and other types of secrets. To detect improperly secured secrets, add the following checks to your compliance policy.

Compliance check ID 424

This check detects sensitive information provided in environment variables of image. The data so provided can be easily exposed by running
docker inspect
on the image and thus compromising privacy.
Example
$ docker --tlsverify -H :9998 build -t secret:v1 .
Response
Sending build context to Docker daemon 2.048 kB Step 1/2 : FROM alpine:latest ---> 88e169ea8f46 Step 2/2 : ENV PASSWORD = secret ---> Using cache ---> 8f3627bc339b Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: The environment variable PASSWORD contains sensitive data

Compliance check ID 425

This check detects private keys stored in an image.
Example
Navigate to
Defend > Compliance
. Add a new compliance rule to block running an image with private key in it.
detect_secrets_762507.png
Test
$ docker --tlsverify -H aqsa.c.cto-sandbox.internal:9998 build -t aqsa:secretv1
Response
Sending build context to Docker daemon 5.632 kB Step 1/2 : FROM alpine:latest ---> 88e169ea8f46 Step 2/2 : ADD private_key /root/.ssh/id_rsa ---> Using cache ---> c6e8e2496663 Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: Private keys stored in image /root/.ssh/id_rsa
Set the action to
ALERT
instead of
BLOCK
, then go to
Monitor > Compliance
after running the image. Click on the image under
Images
tab.
detect_secrets_762508.png

Compliance check ID 597

This check detects sensitive information provided in environment variables of container.

Recommended For You