Learn about secrets management by finding real secrets hidden in code, configuration files, and cloud infrastructure.
Your Mission: Find hidden secrets in this repository and enter them to score points!
Where to Look:
Getting Started: Check out the GitHub repository to examine the code and find the secrets!
Pro Tip: Each challenge below has a different difficulty level and may require different environments. Start with the easier ones and work your way up! π
| # | Challenge | Focus | Difficulty | Solved | |
|---|---|---|---|---|---|
| 0 | ☑ Find the hard-coded password | DEVOPS | β | Docker | ☑ |
| 1 | ☑ Find the unencrypted password in Git | GIT | ββ | Docker | ☑ |
| 2 | ☑ Find the hard-coded password in front-end | FRONTEND | βββ | Docker | ☑ |
| 3 | Take a look at this file | DEVOPS | ββββ | Docker | |
| 4 | Find the AWS S3 bucket password | AWS | βββββ | AWS | |
| 5 | Find the Azure Key Vault secret | AZURE | β | Azure | |
| 6 | Connect the dots with Docker | DOCKER | ββ | Docker | |
| 7 | Find the secret in the container | DOCKER | βββ | Docker | |
| 8 | Retrieve cloud instance metadata | AWS | ββββ | AWS | |
| 9 | Use AWS Parameter Store | AWS | βββββ | AWS |
Total score: 42
1. Choose a challenge from the table above
2. Examine the repository - Look at the source code, config files, and documentation
3. Find the secret - It could be in plain text, encoded, or stored in environment variables
4. Enter your answer - Submit the secret to score points!
Hasty? Here is the Vault secret;-)