Detect secrets
Prisma Cloud can detect sensitive information that is improperly secured inside images and containers.
Scans can detect embedded passwords, login tokens, and other types of secrets.
To detect improperly secured secrets, add the following checks to your compliance policy.
Compliance check ID 424
This check detects sensitive information provided in environment variables of image.
The data so provided can be easily exposed by running docker inspect on the image and thus compromising privacy.
Example
$ docker --tlsverify -H :9998 build -t secret:v1 .
Response
Sending build context to Docker daemon 2.048 kB Step 1/2 : FROM alpine:latest ---> 88e169ea8f46 Step 2/2 : ENV PASSWORD = secret ---> Using cache ---> 8f3627bc339b Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: The environment variable PASSWORD contains sensitive data
Compliance check ID 425
This check detects private keys stored in an image.
Example
Navigate to
Defend > Compliance
.
Add a new compliance rule to block running an image with private key in it.
Test
$ docker --tlsverify -H aqsa.c.cto-sandbox.internal:9998 build -t aqsa:secretv1
Response
Sending build context to Docker daemon 5.632 kB Step 1/2 : FROM alpine:latest ---> 88e169ea8f46 Step 2/2 : ADD private_key /root/.ssh/id_rsa ---> Using cache ---> c6e8e2496663 Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: Private keys stored in image /root/.ssh/id_rsa
Set the action to
ALERT
instead of BLOCK
, then go to Monitor > Compliance
after running the image.
Click on the image under Images
tab.
Compliance check ID 597
This check detects sensitive information provided in environment variables of container.
Most Popular
