I am very new to the realm of dockers. I want to make sure I have understood the safety part of it correctly.
Imagine the following case:
- I create an app that consists of multiple scripts and models.
- I dockerize my app.
- I host the dockerized app by using a cloud platform on their servers.
- The app has an UI that can be accessed by anyone online, for instance through a web link.
The question is:
Can a person from the outside world access to the contents of this app in any way - or may I sleep in peace and be sure no one can see the stuff inside it?
CodePudding user response:
As part of dockerizing your application, you expose
d ports that allow interaction with the container (typically in your Dockerfile). If everything is configured correctly, then external visitors can only access the contents of the container via that port or ports.
Running your container at a well-known provider is a great start, but not a guarantee of a secure configuration.
A few things to consider:
- Whatever runs on the port or ports that you expose, can provide whatever info from the container. The service there should be secure itself, regardless of Docker.
- You host your Docker image in a registry, where the platform starts it from. That registry should also be configured to not allow unauthorized access to the image.
- You should have no secrets in Docker images anyway. If the image needs some kind of a secret, that should be provided at runtime (eg. via environment variables), or even better, downloaded from a secret vault.