API tokens
A study by IS experts from the Rheinisch-Westphalian Technical University of Aachen found that tens of thousands of container images on Docker Hub contain API authentication tokens and corporate private encryption keys in the clear.
German researchers analysed 337,171 images from Docker Hub and thousands of private registries and found that about 8.5% of them contained sensitive data such as private keys and API tokens.
Most of the exposed secrets, 95 per cent for private keys and 90 per cent for API tokens, were in single-user images, indicating that they probably got there unintentionally.