Is there a way to password protect a local Docker image?
My situation is that in my image I have code that I do not want others to see. I will be on a computer shared by other people and cannot afford to let them see inside the image. So I am curious if there is a way to require a password when I launch my Docker image (docker run -it …)?
Docker is not a security tool. It does not increase security in any way or form from what a “regular” Linux system offers.
For example, password protection will not help. If other users can see/read your docker image, they can unpack it (even without starting it) and inspect the files.
Also, once the container is running, anyone who is allowed to use docker commands can attach to your container, spawn a bash shell inside it and wreak havoc.
If you are sure that they are not root on that computer, you can put the docker images into a directory to which only you have read permissions. That will keep them from reading your files, but you still need to make sure that they cannot become root (via sudo for example)
You can also use a crypto loopback mount and put your image there, which keeps people from accessing it when the container is not running. But again, if it’s running, there are numerous ways (at least for root, but most also work for other regular users) to access it (reading process memory, ptrace, docker run /bin/bash, etc.)
if this is the case then is it possible to delete the files stored in docker image if someone enters into the docker image/tries to copy the files from docker image.
@darkstar: I am wonder if your reply is also true when someone is using Docker-Secrets. I think, it would make a lot of sense to protect containers that use Secrets with a Password. Because, these secrets can be very easily compromised, if anyone could EXEC into them.