Secrets from DockerHub

Secrets from DockerHub

Some time ago, a friend created for me a docker image with AWS credentials inside. He just pushed it to and asked me to try it. He did not realise that he actually published secrets in the public repository.

DockerHub API

You may find public repositories by calling the endpoint:

you can see query=aa, you may iterate via all combinations like "ab", "ac" ... "zz".

You can read information about concrete user accounts:

From this response, you may decide which repositories have the biggest potential to contain some secrets, for me, it should be quiet and fresh repositories, uploaded by mistake.

  • star_count = 0

  • pull_count < 100

  • is_automated = false

  • is_official = false

Extracting content

You may download the image:

docker pull $IMAGE_NAME

And later you may export content to a TAR file, but calling:

docker save -o output.tar $IMAGE_NAME

Later you can untar the file, find an application, for example, JAR, unzip it and search for secrets, for example, properties.


Of course, has some limitations. A free account can pull only 200 images per 6 hours -> 800 per day.

If you pay $9 per month, you may pull 5_000 images per day.

Warning: I would expect to store the IP addresses of clients, so it can be a starting point for law enforcement.


What can be found in the docker images on DockerHub? I can imagine some examples:

  • AWS root keys

  • secret keys

  • openAI secret keys

  • database credentials


My biggest problem is, how to monetize such secrets. As I have proven, mining Monero cryptocurrency on AWS is a joke (around 1% of the return of invested money). You may say, it is not your money, but to earn $1k, you need to use around $100k of AWS resources. For me, the profit is too small.


Do you have a good idea of how to monetize secrets found in the Docker images found on Let me know!


Let me know in the comments, what you think about this topic!

You can also write a direct message to me: