Encrypted and secure docker containers

by

The root user on the host machine (where the docker daemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.

Using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can’t make it impossible or the container cannot run.

If you can control the hardware running the operating system, then you might want to look at the Trusted Platform Module which starts system verification as soon as the system boots. You could then theoretically do things before the root user has access to the system to hide keys and strongly encrypt file systems. Even then, given physical access to the machine, a determined attacker can always get the decrypted data.

More Related Contents:

  1. I need to securely store a username and password in Python, what are my options? [closed]
  2. Is distributing python source code in Docker secure?
  3. What’s the purpose of Django setting ‘SECRET_KEY’?
  4. Encrypt a Library Linux
  5. python building coder for ceasar cipher
  6. Deploying a minimal flask app in docker – server connection issues
  7. What are the risks of running ‘sudo pip’?
  8. Python app does not print anything when running detached in docker
  9. How to decrypt OpenSSL AES-encrypted files in Python?
  10. Hiding a password in a python script (insecure obfuscation only)
  11. standard_init_linux.go:178: exec user process caused “exec format error”
  12. Change to sudo user within a python script
  13. Django connection to postgres by docker-compose
  14. Docker how to run pip requirements.txt only if there was a change?
  15. Can’t install pip packages inside a docker container with Ubuntu
  16. RSA encryption and decryption in Python
  17. Flask CLI throws ‘OSError: [Errno 8] Exec format error’ when run through docker-compose
  18. Python 3, Are there any known security holes in ast.literal_eval(node_or_string)?
  19. How to avoid reinstalling packages when building Docker image for Python projects?
  20. Mark data as sensitive in python
  21. WARNING: Running pip as the ‘root’ user
  22. Activate python virtualenv in Dockerfile
  23. Integrating Python Poetry with Docker
  24. Securely storing passwords for use in python script [duplicate]
  25. Google Authenticator implementation in Python
  26. Do CSRF attacks apply to API’s?
  27. Python multiprocessing application is getting stuck in docker container
  28. What’s the difference between Docker and Python virtualenv?
  29. Access Jupyter notebook running on Docker container
  30. How to encrypt text with a password in python?

Leave a Comment