Encrypted containers still leave some information exposed #655
Description
This may just be a limitation/feature of encrypted containers, but it is something we must be aware of.
When encrypting containers with Skopeo, some information is still left available unencrypted. This information comes from the file labeled as "config" in the image manifest file, which is left unencrypted.
As a toy example, I created this container image and uploaded it, encrypted, to DockerHub:
https://hub.docker.com/r/rodriguesrbruno/mock_encrypted_secrets
This is a simple Docker image built on top of the python:3.12-alpine3.22 that adds an environment variable and copies a Python script into the image.
The digest of the image will keep the complete build history.
https://hub.docker.com/layers/rodriguesrbruno/mock_encrypted_secrets/0.0.1/images/sha256-e2125f8999fbddebddfe323d02cdcaeb3ecb4730d7651725b33aa9e45fd27e97
From this, we can see that the added environment variable was SUPER_SECRET with a value of "some_secret" and that a python script named "secret_script.py" was copied into the image. I don't think the contents of the secret_script.py file are exposed, but the value of the SUPER_SECRET environment variable is!
So when using encrypted containers, we must make sure to not expose any secrets via environment variables, and also take care to not expose sensitive information when copying files into the container.
Everything else works as expected, as far as I've noticed. Simple doing a docker pull with this image will not work, as it is encrypted. Using skopeo copy to copy the image will have its contents encrypted, while using skopeo copy --decryption-key proper_decryption_key will have a working, unencrypted copy of the image.