1. Overview

Prisma Cloud can detect sensitive information that is improperly secured inside images and containers. Scans can detect embedded passwords, login tokens, and other types of secrets. To detect improperly secured secrets, add the following checks to your compliance policy.

2. Compliance check ID 424

This check detects sensitive information provided in environment variables of image. The data so provided can be easily exposed by running docker inspect on the image and thus compromising privacy.

Example

$ docker --tlsverify -H :9998 build -t secret:v1 .

Response

Sending build context to Docker daemon 2.048 kB
Step 1/2 : FROM alpine:latest
 ---> 88e169ea8f46
Step 2/2 : ENV PASSWORD = secret
 ---> Using cache
 ---> 8f3627bc339b
Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: The environment variable PASSWORD contains sensitive data

3. Compliance check ID 425

This check detects private keys stored in an image.

Example

Navigate to Defend > Compliance. Add a new compliance rule to block running an image with private key in it.

detect secrets 762507

Test

$ docker --tlsverify -H  aqsa.c.cto-sandbox.internal:9998 build -t aqsa:secretv1

Response

Sending build context to Docker daemon 5.632 kB
Step 1/2 : FROM alpine:latest
 ---> 88e169ea8f46
Step 2/2 : ADD private_key /root/.ssh/id_rsa
 ---> Using cache
 ---> c6e8e2496663
Error: [Prisma Cloud] Image operation blocked by policy: (No secrets attached), violates: Private keys stored in image /root/.ssh/id_rsa

Set the action to ALERT instead of BLOCK, then go to Monitor > Compliance after running the image. Click on the image under Images tab.

detect secrets 762508

4. Compliance check ID 597

This check detects sensitive information provided in environment variables of container.