Is Distributing Python Source Code in Docker Secure

Is distributing python source code in Docker secure?

Docker images are an open and documented "application packaging" format. There are countless ways to inspect the image contents, including all of the python source code shipped inside of them.

Running applications inside of a container provides isolation from the application escaping the container to access the host. They do not protect you from users on the host inspecting what is occurring inside of the container.

How to encrypt docker containers securely?

The short answer here is that there is not a generic method for securing the contents of your containers without encrypting the contents.

Since the nature of Docker is open, the main security with Docker images is controlling who can access the image (e.g. private image hosting), which depends on the security of your method of distribution.

However, you can encrypt the layers of your images using other tools, such as ocicrypt. There are efforts to modify the containerd used by Docker and for images whose layers are encrypted by ocicrypt.

Overview article:

https://developer.ibm.com/articles/encrypted-container-images-for-container-image-security-at-rest/

Code:

https://github.com/containerd/imgcrypt

https://github.com/containers/ocicrypt

Related Topics