Home > Software engineering >  How to encrypt docker containers securely?
How to encrypt docker containers securely?

Time:03-31

I was wondering if there are any generic procedures to secure content of docker containers to extracting sensible source code.

At the moment, I secure my Python application naively by encrypting and decrypting sources based on a licenses.

Is there any solution that is independent from the content of the docker container? Like adding a license registry to docker?

I was thinking about a procedure that checks a license server in the beginning of the startup.

CodePudding user response:

The short answer here is that there is not a generic method for securing the contents of your containers without encrypting the contents.

Since the nature of Docker is open, the main security with Docker images is controlling who can access the image (e.g. private image hosting), which depends on the security of your method of distribution.

However, you can encrypt the layers of your images using other tools, such as ocicrypt. There are efforts to modify the containerd used by Docker and for images whose layers are encrypted by ocicrypt.

Overview article:

https://developer.ibm.com/articles/encrypted-container-images-for-container-image-security-at-rest/

Code:

https://github.com/containerd/imgcrypt

https://github.com/containers/ocicrypt

CodePudding user response:

you can use Cosign https://github.com/sigstore/cosign, it's used for Container Signing, Verification and Storage in an OCI registry.

  • Related