AWS and the Secrets Exposed on Public ECR Repository

This article shows some insights into how many secrets are exposed in public ECR in AWS and how a threat actor is just a container away to get their hands on those secrets.

This study was done around the year 2022 so results might vary. AWS has a public ECR component very similar to public Dockerhub where anyone can upload their docker images to be used publicly. This introduces similar threats where developers mistakenly embed secrets in their images and push them publicly.

A similar type of research has been done for Public Dockerhub but with cloud presence increasing, the number of images in ECR is growing continuously day by day.

Technical Details

The first challenge here is to get a list of all such organizations on http://public.ecr.aws/ gallery.

[WIP]