this post was submitted on 11 Dec 2025
24 points (100.0% liked)
Cybersecurity
8810 readers
159 users here now
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
- Be respectful. Everyone should feel welcome here.
- No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
- No Ads / Spamming.
- No pornography.
Community Rules
- Idk, keep it semi-professional?
- Nothing illegal. We're all ethical here.
- Rules will be added/redefined as necessary.
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Read the article so you don't have to:
Unlike the title suggests, the docker images they found won't leak your credentials when you use them, but already contain the credentials of whoever created the image (p.e. through
.envfiles that were accidentally added to the image).While it contains the valuable reminder to avoid long lived credentials (like API - keys) or use secrets-stores, this "leak" is on the same level as accidentally pushing confidential information to github IMHO.
Fix: have both
.gitignoreand.dockerignorefiles and make sure they both contain.env. You use.envand don't hardcode your secrets, right?My
.dockerignoreis a link to.gitignore.That's ... actually really clever! I'll steal that idea 😄