Docker Community Forums

Share and learn in the Docker community.

Publish an image to github with rsa keypairs, what are the security risks? (NOT PRODUCTION)

(Ajnouri) #1

I have Dockerfile for an image that I would like to publish to docker hub so it can be easily available to users without building the image themselves.
The whole thing is meant for labbing and tutorial purpose, NOT production.

The container run from that image can be accessed by SSH using public key, for that, the public key need to be generated and placed in Dockerfile directory before exported to docker hub, without it dockerhub cannot build the image.

I would like to generate a separated key pair (public+private) from my PC, place them both in the Dockerfile directory and make them available for users using the image.

Though the keys are separated from those of the machine generating them, is there any security risk for exposing both these public + secret key?