Flare Finds 10,000 Docker Hub Images Exposing Secrets

The security threats posed by inadvertently exposed secrets – think API keys, passwords, and tokens – have been known for at least a decade, dating back to the high-profile leak in 2016 involving Uber that let hackers steal data from 57 million users and drivers.

The hits have continued, with other incidents over the years affecting Microsoft, Capital One, Toyota, and others. Earlier this year, GitGuardian, in its State of Secrets Report 2025, found that 23.8 million secrets were leaked on public GitHub repositories last year, a year-over-year increase of 25%.

“One exposed secret credential can undo years of security work in an instant,” wrote Joel Rose, senior product marketing manager at Checkmarx. “Hardcoded API keys, leaked credentials, and forgotten tokens have all led to some of the most significant breaches in recent history. For AppSec engineers and leaders, the message is clear: Detecting and managing secrets must be a fundamental part of your security strategy.”

Images Exposing Secrets

Now, researchers with cybersecurity firm Flare Systems found more than 10,000 images on Docker Hub exposing secrets – live API keys, cloud access tokens, and CI/CD secrets – from more than 100 organizations, including a Fortune 500 company and a major national bank. In a report this month, Flare cybersecurity researcher Assaf Morag wrote that 42% of the exposed images each contained fire or more secrets, “meaning a single container could unlock an entire cloud environment, CI/CD pipeline, and database.

AI secrets weren’t spared.

“AI LLM [large language model] model keys were the most frequently leaked credentials, with almost 4,000 exposed, revealing how fast AI adoption has outpaced security controls,” Morag wrote.

Hackers ‘Authenticate In’

Other significant findings from the report – all of which were collected during only a month of scanning in November – included that a large percentage of leaks came from shadow IT accounts via personal or contractor-owned registries that aren’t included in corporate monitoring operations, and while developers often removed leaked secrets from containers, 75% didn’t revoke or rotate the underlying keys. That left organizations exposed for months or years.

“The findings confirm a new attack paradigm,” Morag wrote. “Attackers don’t hack in – they authenticate in – using keys that companies accidentally publish themselves.”

He called the secrets the “connective tissue” of the digital supply chain that is critical to modern software development lifecycles (SDLCs), enabling authentication, automation, communications between services, and machine-to-machine trust for cloud providers, CI/CD pipelines, messaging platforms, and developer tools.

Essentially, everything in modern IT, from provisioning infrastructure to publishing artifacts, requires keys, tokens, and certificates. Accelerating the use of secrets are trends like microservices, serverless architectures, and federated development models, he wrote.

Secrets are Everywhere

That ubiquity is a problem.

“A single application can require dozens of API keys spanning vendors like AWS, GitHub, Slack, Stripe, GCP [Google Cloud Platform], and internal services,” Morag wrote. “Often, these credentials remain valid long after a developer has left the project or the organization. But while secrets are foundational to automation, they are also dangerously fragile. Their power often exceeds their visibility. Many organizations have thousands of active secrets that are never audited, scanned, rotated, or centrally managed.”

They’re strewn across various sources, from source code and config files to developer laptops, container images, and personal cloud accounts, and they can provide pathways for attacks that can get my protections such as multifactor authentication and perimeter defenses.

“In essence, secrets are both the lubricant of modern engineering and the Achilles heel of organizational security, as they are easy to use, easy to forget, and devastating if exposed,” he wrote.

30 Days of Scanning

Flare researchers scanned Docker Hub container images uploaded between November 1 and 30, identifying 10,456 containing one or more exposed keys. They then filed filtered out findings that were below “high” and “critical” severity, and still had 205 distinct namespaces on the repository. Analyzing those, they were able to put 101 of the namespaces to particular companies that ranged from SMBs to large enterprises.

“Interestingly, we found several cases where founders, contractors, freelancers, or employees were pushing container images from personal Docker Hub accounts, unintentionally exposing company secrets in the process,” Morag wrote.

They found that 28 of the identified 101 companies were in software development, with another 20 in the market and industrial space. Others ranged from AI and intelligence systems to financing and banking, business and consulting, and IT and infrastructure.

Developers and .env

One of the problems is that developers often use an “.env” file to store secrets – like database credentials, cloud access keys, tokens, and other authentication methods – during local development. In larger applications, such a file could hold dozens of secrets, he wrote.

“When the entire project directory is copied during the Docker build process, the ‘.env’ file is often included unintentionally, embedding all of its secrets directly into the container filesystem,” Morag wrote. “An even more dangerous scenario is when such an image is pushed, intentionally or not intentionally, to a public repository. This is why it is critical to scan and sanitize container images for secrets before publishing them, whether they are intended to be private or public.”

Another scenario comes when secrets are placed directly in a Dockerfile, which are also exposed through the image manifest and visible on Docker Hub.

The Threat of Shadow IT

As noted, shadow IT is also a problem. Corporate registries tend to be heavily monitored; accounts that fall outside of the corporate coverage – such as with contractors or other individuals. Flare noted one case in which secrets belonging to a Fortune 500 company were exposed via a personal public Docket Hub account, probably belonging to a contractor or employee.

“There were no visible identifiers linking the repository to the individual or to the organization, yet the container manifests contained highly sensitive credentials with access to multiple internal environments,” Morag wrote. “This case highlights a critical reality: organizations are increasingly at risk not through their official, monitored infrastructure, but through shadow and personal repositories that sit entirely outside corporate visibility, governance, and security controls.”