diff --git a/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml b/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml
new file mode 100644
index 0000000000..0ebd7579bc
--- /dev/null
+++ b/file/keys/kubernetes/kubernetes-dockercfg-secret.yaml
@@ -0,0 +1,22 @@
+id: kubernetes-dockercfg-secret
+
+info:
+  name: kubernetes.io/dockercfg Secret
+  author: dwisiswant0
+  severity: info
+  reference:
+    - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
+  metadata:
+    verified: true
+  tags: kubernetes,k8s,file,keys,secret
+
+file:
+  - extensions:
+      - yaml
+      - yml
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - \.dockercfg:\s+["']?e(w|y)[\w=]+["']?
diff --git a/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml b/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml
new file mode 100644
index 0000000000..e5cb684a50
--- /dev/null
+++ b/file/keys/kubernetes/kubernetes-dockerconfigjson-secret.yaml
@@ -0,0 +1,22 @@
+id: kubernetes-dockerconfigjson-secret
+
+info:
+  name: kubernetes.io/dockerconfigjson Secret
+  author: dwisiswant0
+  severity: info
+  reference:
+    - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
+  metadata:
+    verified: true
+  tags: kubernetes,k8s,file,keys,secret
+
+file:
+  - extensions:
+      - yaml
+      - yml
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - \.dockerconfigjson:\s+["']?e(w|y)[\w=]+["']?