Containerization allows bundling applications and their dependencies into a single image. The containerization framework Docker eases the use of this concept and enables sharing images publicly, gaining high momentum. However, it can lead to users creating and sharing images that include private keys or API secrets-either by mistake or out of negligence. This leakage impairs the creator's security and that of everyone using the image. Yet, the extent of this practice and how to counteract it remains unclear. In this paper, we analyze 337,171 images from Docker Hub and 8,076 other private registries unveiling that 8.5% of images indeed include secrets. Specifically, we find 52,107 private keys and 3,158 leaked API secrets, both opening a large attack surface, i.e., putting authentication and confidentiality of privacy-sensitive data at stake and even allow active attacks. We further document that those leaked keys are used in the wild: While we discovered 1,060 certificates relying on compromised keys being issued by public certificate authorities, based on further active Internet measurements, we find 275,269 TLS and SSH hosts using leaked private keys for authentication. To counteract this issue, we discuss how our methodology can be used to prevent secret leakage and reuse.

翻译：容器化允许将应用程序及其依赖项打包到单个镜像中。容器化框架Docker简化了该概念的使用，支持公开共享镜像，获得了高度普及。然而，这可能导致用户因疏忽或无意创建并共享包含私钥或API密钥的镜像。此类泄露损害了创建者及所有使用该镜像用户的安全。然而，这种做法的普遍程度及应对策略仍不明确。本文分析了Docker Hub中的337,171个镜像及其他8,076个私有仓库的镜像，发现其中8.5%的镜像确实包含秘密信息。具体而言，我们检测到52,107个私钥和3,158个泄露的API密钥，这些密钥暴露了巨大的攻击面，即威胁隐私敏感数据的身份验证与机密性，甚至可实施主动攻击。我们进一步证明这些泄露的密钥已在真实环境中被利用：基于公共证书机构签发的1,060个依赖被泄露密钥的证书，结合主动互联网测量，我们发现275,269个TLS和SSH主机使用已泄露的私钥进行身份验证。为应对此问题，我们探讨了如何利用所提方法防止秘密泄露与重复使用。