Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories


Cybersecurity experts are alerting companies to the possibility of supply chain threats due to publicly disclosed Kubernetes configuration details. In a fresh study released earlier this week, Aqua security researchers Yakir Kadkoda and Assaf Morag stated, “These encoded Kubernetes configuration secrets were uploaded to public repositories.”

According to the cloud security firm, which used the GitHub API to retrieve all entries containing the.dockerconfigjson and.dockercfg types—which store credentials for accessing a container image registry—among those affected are two of the leading blockchain companies as well as a number of other Fortune 500 companies.

Read More…