Detecting Container Secrets

Container secrets are digital credentials providing identity authentication and authorizing access to privileged accounts, applications, and services. They can include passwords, API keys, and other credentials that are needed for applications to function properly.

If these secrets are not properly secured, they can be accessed by unauthorized users, leading to malicious attacks. Therefore, discovering secrets is one of the important aspects of container security that organizations must prioritize to protect their sensitive data, meet compliance requirements, and reduce the risk of security incidents.

Container Security can detect secrets for container images enabling you to mitigate potential security risks associated with the accidental or intentional exposure of secrets within containers.

Secret detection involves scanning the filesystem. It does not detect secrets that are stored as environment variables or passed as arguments within the image. Therefore, the performance of secret detection depends on the number of files present in the image.

View Secrets Detected for an Image

Go to image details and select the Secrets section.
The page shows the list of secrets detected for the image grouped by detectors, the associated files with path, severity, and so on.
To view the secret details, click the count in the Detected Secrets column.
The secret details show the matching text and the start and end lines where the secret is located in the file. You can then go to the specified file and check the mentioned lines for the secret.
Optional: Click the secret type to view the secret detector details.