Kubernetes Docker Secret
Description
General
- Documentation: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry
- Summary: Kubernetes is a system for automating deployment, scaling and management of containerized applications. It can be used to pull images from a private Docker registry. This detector aims at catching Docker registry credentials stored as secrets of type
kubernetes.io/dockerconfigjsoninside Kubernetes. - IPs allowlist: This feature is not available.
- Scopes: Scope support depends on the private registry provider.
Revoke the secret
Revocation procedure depends on the private registry provider.
Check for suspicious activity
Activity tracking depends on the private registry provider.
Details for Kubernetes Docker Secret
-
Family: token
-
Category: package_registry
-
Company: Docker
-
High recall: False
-
Validity check available: False
-
Analyzer available: False
-
Minimum number of matches: 1
-
Occurrences found for one million commits: 3.05
-
Prefixed: False
-
PreValidators:
- type: ContentWhitelistPreValidator
patterns:
- kubernetes\.io/dockerconfigjson
- kubernetes\.io/dockercfg
- type: ContentWhitelistPreValidator
patterns:
- \.dockerconfigjson
- \.dockercfg
Examples
- text: |
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
# Credentials for GitLab Docker registry
.dockerconfigjson: eyJhdXRocyI6eyJyZWdpc3RyeS5naXRsYWIuY29tIjp7InVzZXJuYW1lIjoiazhzIiwicGFzc3dvcmQiOiJnbHBhdC1UWXpTX0RRa3FnWDRGNHU4c3pVZSIsImF1dGgiOiJhemh6T21kc2NHRjBMVlJaZWxOZlJGRnJjV2RZTkVZMGRUaHplbFZsIn19fQo=
type: kubernetes.io/dockerconfigjson
token: eyJhdXRocyI6eyJyZWdpc3RyeS5naXRsYWIuY29tIjp7InVzZXJuYW1lIjoiazhzIiwicGFzc3dvcmQiOiJnbHBhdC1UWXpTX0RRa3FnWDRGNHU4c3pVZSIsImF1dGgiOiJhemh6T21kc2NHRjBMVlJaZWxOZlJGRnJjV2RZTkVZMGRUaHplbFZsIn19fQo=
- text: |
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
# Credentials for GitLab Docker registry
.dockercfg: eyJhdXRocyI6eyJyZWdpc3RyeS5naXRsYWIuY29tIjp7InVzZXJuYW1lIjoiazhzIiwicGFzc3dvcmQiOiJnbHBhdC1UWXpTX0RRa3FnWDRGNHU4c3pVZSIsImF1dGgiOiJhemh6T21kc2NHRjBMVlJaZWxOZlJGRnJjV2RZTkVZMGRUaHplbFZsIn19fQo=
type: kubernetes.io/dockercfg
token: eyJhdXRocyI6eyJyZWdpc3RyeS5naXRsYWIuY29tIjp7InVzZXJuYW1lIjoiazhzIiwicGFzc3dvcmQiOiJnbHBhdC1UWXpTX0RRa3FnWDRGNHU4c3pVZSIsImF1dGgiOiJhemh6T21kc2NHRjBMVlJaZWxOZlJGRnJjV2RZTkVZMGRUaHplbFZsIn19fQo=
