1

Assuming I have the following line in Django settings:

OKPAY_API_KEY = os.environ.get('Ok_PAY_API_KEY')

Then import it to my build process in wercker CI enter image description here

And then write this var to the entrypoint.sh of my container in the build step of wercker. the following way:

export OKPAY_API_KEY=${OKPAY_API_KEY}

My question is, what if somebody gets access to that docker container some how or to the entrypoint.sh file (say the docker repository is compromised or the attacker gets access to the running container).

Is there a better practice? or at least a way to further incapsulate this data?

P.S. The project in question is a BTC and Altcoin exchange, so the security of the funds of my users is the highest priority for me.

Oleg Belousov
  • 391
  • 3
  • 9

2 Answers2

2

As of Docker 1.13, Docker provides a secrets management system which can be used to securely store data like credentials and API keys. There's a blog on it here

What that can do is store the key in an encrypted form on disk and then supply it to the container at runtime. If someone gets access to the running container, they you're still going to be in trouble as obviously the key is needed by the process, so there's no real way to avoid that (Although you could do something like split out the section of your application dealing with the API into it's own container and try to reduce the attack surface).

Docker secrets management is primarily intended (for now anyway) to deal with Docker swarm setups, so if you're looking for something more generalized in terms of container secrets management, I'd suggest something like HashiCorp Vault

Rory McCune
  • 60,923
  • 14
  • 136
  • 217
  • +1 for Vault. While docker secrets is definitely a possibility, I personally am getting to the point where I think docker is dealing with far too much, and rkt is becoming an increasingly attractive alternative - and using some third party secret management solution seems the best way to allow easy evaluation, and eventually migration. – iwaseatenbyagrue Mar 04 '17 at 10:22
1

If the container is compromised the game ends for you I think... anyway could be a good practice to try to put as much as obstacles as possible. Defense in depth sounds good for you.

Maybe instead of having the keys in "plain" in Dockerfiles you can try to have them stored in some kind of security mechanism. I don't know, maybe a secured database or something like that. Maybe with some kind of script you can connect to that database and try to retrieve the OKPAY_API_KEY but you'll have a similar problem with the key to connect to that database. Where to store it? How to store it? Is a never ending story. In the end, there will be always one sensitive place where something (a key, a token, a password or whatever) could be compromised and after that, everything is a "house of cards".

Only you know your structure, so prepare a plan. Take care of it carefully, try to define the sensitive points. Try to create different layers and of course if possible, hire the services of a trusted pentester or pentest company to try to hack your structure. It seems important in your case.

OscarAkaElvis
  • 5,185
  • 3
  • 17
  • 48