If you don't want to install any software, you can use ImageLayers to explore images. One very compact tool I like is dockerfile-from-image created by CenturyLink Labs. However, there are tools available that make this a trivial task. You could use docker inspect to walk up through the images to the root, collecting commands at each step. It's a simple matter to reconstruct the original Dockerfile. Even containers like Ubuntu start off with a Dockerfile.
You see, each intermediate image has an associated command, and those commands come from Dockerfiles.
This brings us to an important point in how Docker works. For example, we can step back through the layers that make up the Ubuntu image until we no longer find a parent image. When it comes time to run Ubuntu in Docker, the Union File System (UFS) takes care of combining all the layers into the running container. Almost all images, even Ubuntu, are composed of intermediate images or layers. So when you docker run -it ubuntu:vivid /bin/bash, you are running the image ubuntu:vivid. All Docker containers run from Docker images. To better understand some of the risks associated with using private data in Docker, you first need to understand a few pieces of Docker's architecture. If you are relatively new to using Docker, they have really great Getting Started Guides to get you comfortable with some of the topics we will discuss in this tutorial. However, you need to be careful what you push to or you can accidentally expose sensitive information. All you have to do is docker pull your image and run it. This is a great convenience for distributing containerized apps and for building out application infrastructure. It has become fairly common practice to push Docker images to public repositories like. I'll also present some best practices for protecting your most sensitive data.
In this tutorial, I'll review the basics of Docker architecture so you can better understand how to mitigate risks. Just a few wrong moves, and you'll accidentally expose private information in the Docker layers that make up a container. Dealing with passwords, private keys, and API tokens in Docker containers can be tricky.