Docker containers have made the distribution of software easier and simplified resource sharing on a system. Loopholes in the container image configuration, either by default, or when customized by users can lead to security events.

In this article the basic steps one can take to build a secure Docker image have been summarized. This article is of interest to those, who use Docker images either off-the-shelf or build custom layers on top of the popular base images. This article will step-by-step guide you through the elementary security best practices for building secure Docker images and to evaluate off-the-shelf base images.

1. Run the container as a non-root user

Secret management is one of the most complex tasks in an IT ecosystem. Ease of use of secret management solutions is important, without which there will always be a conflict with the security best practices. As the IT industry expands and secrets diversify, it is becoming more challenging to secure the secrets while at rest and during transit. A secret may be a:

  • Password
  • API Credential
  • Certificates and associated key data
  • Symmetric Keys and others…

Few of the common challenges faced in secret management are:

  • Creation, storage, and transmission of secrets while tightly controlling access to them.
  • Key creation, storage…

With the pervasive use of cloud computing, it is of utmost importance to consider various measures for ensuring the confidentiality, integrity, and availability of the data. Securing data at rest is one of the many such considerations. Microsoft Azure provides a seamless way to secure data at rest through encryption-at-rest.

Encryption-at-rest is a common strategy to prevent data compromise, in case an adversary gains physical access to the storage where the data is stored. Encryption-at-rest is also a requirement for many industry and government regulations. Encryption-at-rest is simple. It uses a symmetric key (also called Data Encryption Key or DEK)…

Prasoon Dwivedi

Software Security Enthusiast. Views here are my own and does not represent my employer.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store