editorially independent. We may make money when you click on links
to our partners.
Learn More
A new analysis has revealed more than 10,000 Docker Hub container images leaking sensitive credentials — including live API keys, cloud access tokens, and CI/CD secrets.
This exposure places organizations at risk of direct compromise without attackers ever needing to exploit a vulnerability.
“Secrets exposure on Docker Hub isn’t new. Many threat actors actively scan Docker Hub and other registries and code repositories, so exposed secrets are likely already compromised,” said Assaf Morag, Cybersecurity Researcher at Flare.
He added, “What surprised us was the scale of exposure in 2025, despite increased awareness. That’s why we believe the most effective approach is to keep raising awareness across the industry, not just about Docker Hub.”
Widespread Secret Exposure Across Industries
The exposure affects more than 100 organizations across industries including technology, finance, manufacturing, consulting, and one Fortune 500 enterprise.
In many cases, the exposed credentials granted administrative access to production cloud environments, private GitHub repositories, or critical CI/CD systems — yet the affected companies had no awareness these secrets were publicly accessible on Docker Hub.
Across the images analyzed, 42% contained five or more secrets each, meaning a single compromised container could unlock an entire development pipeline or cloud infrastructure.
The research also highlights a rapid surge in leaked AI model API keys, with nearly 4,000 exposed — evidence that AI adoption is accelerating faster than organizations can secure it.
How Secrets End Up Inside Container Images
At the root of the issue is how modern software development, automation tools, and containerization practices rely heavily on secrets.
These include API keys, cloud credentials, tokens, SSH keys, database passwords, and model-access tokens.
Researchers found that secrets frequently ended up inside containers because developers often stored them in .env files or configuration directories, hardcoded them into Python or Node.js files, or embedded them directly inside Dockerfiles.
In many cases, these images were then pushed to public or personal registries — including contractor-owned accounts — placing sensitive credentials outside organizational oversight and increasing the likelihood of accidental exposure.
During Docker build processes, entire project directories — including secret-containing files — were copied into container images.
When those images were pushed to public Docker Hub repositories, the secrets became openly accessible and instantly harvestable by automated scanning bots and threat actors.
Even more concerning: although some developers removed exposed secrets after discovery, 75% failed to revoke or rotate the underlying keys, meaning attackers could still use them long after the visible leak was cleaned up.
Real Incidents Show the Cost of Exposed Secrets
The research highlights several high-severity cases:
- A major AI-services company leaked a full-admin GitHub token in a container image, enabling attackers to delete repositories, manipulate CI/CD workflows, and access downstream customer environments.
- A national bank’s senior architect maintained a personal Docker Hub account containing hundreds of public images, several of which exposed AI API tokens and internal infrastructure components.
- Shadow IT emerged as a major theme: contractors and employees unknowingly uploaded containers containing corporate secrets to personal namespaces, bypassing all organizational monitoring.
These incidents demonstrate why attackers increasingly focus on secret harvesting: authentication bypasses MFA, perimeter defenses, and identity protections.
With a valid key, attackers don’t need a zero-day — they simply log in.
Steps to Reduce Secret Exposure Risk
Protecting sensitive credentials requires a systematic approach that reduces where secrets can appear, limits their lifespan, and strengthens how they are managed and monitored across the development lifecycle.
- Never store secrets in containers and ensure they are removed from files like .env, config directories, application code, and Dockerfiles.
- Use short-lived or identity-based access methods such as AWS STS, Azure Managed Identities, workload identity federation, or service accounts mapped to cloud IAM roles.
- Centralize all credentials in a managed secrets vault and enforce least-privilege scopes for every key or token.
- Integrate automated secret scanning into developer workflows, including pre-commit checks, pull requests, CI pipelines, and container-image scans.
- Immediately revoke and rotate any exposed credential and routinely perform scheduled rotation and hygiene audits.
- Monitor for shadow IT by tracking contractor and personal registries, and enable logging and alerting on all secret access or unusual usage patterns.
- Educate developers on secure secret handling and enforce policy-as-code and application control measures to prevent untrusted or improperly handled secrets in the SDLC.
Together, these steps help organizations build a more reliable and resilient approach to managing secrets across their environments.
The Growing Risk of Secrets in the Supply Chain
The findings point to a broader challenge across the software supply chain: organizations are managing a growing volume of secrets, and without consistent safeguards, some of these credentials inevitably end up exposed.
As cloud-native architectures expand and AI-driven services become more interconnected, the number of credentials in circulation — and the need for disciplined handling — continues to rise.
This pattern aligns with recent incidents such as compromised GitHub Actions workflows and the Shai-Hulud NPM worm, which leveraged exposed developer tokens to move across large ecosystems.
In highly automated environments, secrets remain essential to how systems operate, but they also require careful governance to prevent unintended access or misuse.
These trends highlight why software supply chain security has become a critical focus for modern development teams.
