Hardcoded Secrets in Docker Images and Layers

8/10 High

Developers frequently expose sensitive credentials (passwords, API keys) by hardcoding them directly into Dockerfiles via ENV or ARG instructions or copying them into image layers. Once committed, these secrets persist in image history and create high-risk security vulnerabilities.

Docker
Category
security
Workaround
solid
Stage
build
Freshness
persistent
Scope
single_lib
Upstream
open
Recurring
Yes
Buyer Type
team
Maintainer
active

Sources

Collection History

Query: “What are the most common pain points with S3 for developers in 2025?4/5/2026

long-lived cloud credentials... never expire and frequently get leaked in source code, container images, build logs, and application artifacts... long-lived credentials are the most common cause of publicly documented cloud security breaches.

Query: “What are the most common pain points with Docker for developers in 2025?3/26/2026

Exposed secrets (passwords, API keys) are among the most common, high-risk mistakes. This often occurs when credentials are hardcoded into Dockerfiles (e.g., via ENV or ARG) or copied into an image layer.

Created: 3/26/2026Updated: 4/5/2026