✦ For everyone, free.

Practical knowledge for real and everyday life

Home

4.2.8.5 ENV Secret Risk

A focused guide to ENV Secret Risk, connecting core concepts with practical Docker and container operations.

ENV secret risk is the danger of using the ENV instruction to set sensitive values — passwords, API keys, tokens — directly in a Dockerfile, since doing so permanently bakes that secret into the image itself, visible to anyone who can inspect it.

Why ENV Is the Wrong Place for Secrets

Because ENV values become part of the image's layer history and configuration, a secret set this way is baked permanently into the image, retrievable by anyone with access to it, even if the corresponding source line is later removed from the Dockerfile in a newer build.

ENV DATABASE_PASSWORD=supersecret123

docker history myapp:1.0
docker inspect myapp:1.0 --format '{{json .Config.Env}}'

Both of these commands can reveal this secret directly, even to someone who only has access to the built image, not the original Dockerfile or source repository.

Why Removing It Later Doesn't Help

Because images are immutable and layered, removing the ENV instruction in a later Dockerfile revision does not remove the secret from any image that was already built and distributed with it present — that secret remains permanently embedded in every copy of that earlier image.

docker pull myapp:1.0
docker inspect myapp:1.0 --format '{{json .Config.Env}}'

Pulling an older, already-published image tag retrieves the secret exactly as it was at that time, regardless of subsequent changes to the Dockerfile.

Safer Alternatives

Secrets should be supplied at run time, through environment variables passed via docker run, through orchestrator-managed secrets, or through a dedicated secrets management system — never baked into the image itself.

docker run -e DATABASE_PASSWORD="$DB_PASSWORD" myapp:1.0

docker secret create db_password ./db_password.txt
docker service create --secret db_password myapp
Why This Risk Matters

Treating any value set through ENV as effectively public, once an image has been built and distributed, is the correct mental model — secrets need to be supplied through mechanisms designed for that purpose, kept entirely separate from the image's own persistent configuration.

Related content