id: kubernetes-dockercfg-secret

info:
  name: kubernetes.io/dockercfg Secret
  author: dwisiswant0
  severity: info
  reference:
    - https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
  metadata:
    verified: true
  tags: kubernetes,k8s,file,keys,secret

file:
  - extensions:
      - yaml
      - yml

    extractors:
      - type: regex
        part: body
        regex:
          - \.dockercfg:\s+["']?e(w|y)[\w=]+["']?
# digest: 4b0a0048304602210084bb6909a2c7963a555e1075de093962ffd4e4b125d3dd1bb559eccf252e697c022100d2e745493ab0b3a250e96f74744924d34f1cb1cf18b265e81ebba442c3eb52ad:922c64590222798bb761d5b6d8e72950