Details
Do not store any secrets in Dockerfiles.
Rationale:
Dockerfiles could be backtracked easily by using native Docker commands such as docker history and various tools and utilities. Also, as ageneral practice, image publishers provide Dockerfiles to build the credibility for their images. Hence, the secrets within these Dockerfiles could be easily exposed and potentially be exploited.
NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.
Solution
Do not store any kind of secrets within Dockerfiles.
Impact:
You would need to identify a way to handle secrets for your Docker images.
Default Value:
By default, there are no restrictions on storing config secrets in the Dockerfiles.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.