All You Can Leak: Real Tales Of Publicly Leaked Kubernetes Secrets

What happens when Kubernetes clusters and their secrets are a little too accessible? The answer is both alarming and eye-opening. In this talk, we will explore real-world exposures starting with credentials for accessing container image registries, long-lived JWTs, and TLS certificates. Just this year, we detected several dozen such valid credentials exposed in public GitHub repositories and DockerHub images. What makes this particularly concerning is that all of them could be used to easily compromise publicly accessible clusters. The potential for lateral movement and privilege escalation in these scenarios is significant. This isn’t a theoretical threat; leaks are already happening, and attackers are already paying attention. Finally, we will present mitigation strategies and best practices that could help protect your clusters from such leaks, and public exposures.