https://lk-blog.site/tags/devops/Recent content in Devops on void.logHugoenThu, 12 Sep 2024 00:00:00 +0000https://lk-blog.site/posts/docker-secrets/Thu, 12 Sep 2024 00:00:00 +0000https://lk-blog.site/posts/docker-secrets/<p>I&rsquo;ve seen this happen more times than I&rsquo;d like to admit: someone commits a <code>.env</code> file, or bakes an API key directly into a <code>Dockerfile</code>, and it ends up in the final image. Sometimes it&rsquo;s in git history. Sometimes it&rsquo;s in the layer cache. Often both.</p> <h2 id="why-it-keeps-happening">Why it keeps happening</h2> <p>The problem isn&rsquo;t that developers are careless. The problem is that the path of least resistance is almost always the insecure one.</p>