Publish an image to github with rsa keypairs, what are the security risks? (NOT PRODUCTION)

ajnouri · October 3, 2015, 4:11pm

I have Dockerfile for an image that I would like to publish to docker hub so it can be easily available to users without building the image themselves.
The whole thing is meant for labbing and tutorial purpose, NOT production.

The container run from that image can be accessed by SSH using public key, for that, the public key need to be generated and placed in Dockerfile directory before exported to docker hub, without it dockerhub cannot build the image.

I would like to generate a separated key pair (public+private) from my PC, place them both in the Dockerfile directory and make them available for users using the image.

Though the keys are separated from those of the machine generating them, is there any security risk for exposing both these public + secret key?

Topic		Replies	Views
Build container from private github repo with local dockerfile General	9	25426	January 16, 2018
Security - Only Upload DockerFile - DockerHub to build Image Image Builds	1	544	March 6, 2019
Access to public Docker Hub a security issue? General dockerhub , security , docker	1	745	February 28, 2017
Automated build ssh-key Docker Hub	1	1977	October 10, 2016
Why the image repository pushed with credentials is public? Docker Hub	0	316	March 1, 2021

Publish an image to github with rsa keypairs, what are the security risks? (NOT PRODUCTION)

Related topics