Challenge 44 ☆☆☆☆
Welcome to challenge Challenge 44. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.
Secrets management systems now often have metadata support for their secrets! This is awesome, as it allows you to enrich the secret with contextual data further, making it easier to remember the secret.
But what if you put confidential/secret information into a secret by mistake?
A developer has put secret metadata on a wrongsecret
in Vault. Can you find it?
Tip: take a look at the policies when vault is installed; you can see that the application is only allowed to use the metadata ;-).
We are running outside a K8s cluster with Vault. Please run this in the K8s cluster as explained in the README.md
There might still be supported challenges after this one. Please try another challenge instead!