Add misconfiguration for mounting in secret in during build: https://docs.docker.com/engine/reference/commandline/buildx_build/

[commjoen]

This challenge is about using docker secrets from docker buildx buildpacks:

Use the --secret, but then with a hardcoded value referenced in the shell script to publish the docker container and explain that using --secret is a good idea, but not with a hardcoded call in a git-comitted buildscript.

Todo:

• Embed the secret variable in https://github.com/OWASP/wrongsecrets/blob/master/.github/scripts/docker-create.sh and make sure it lands in a file in the docker container
• create a challenge that reads the secret from that file and teaches why this is a bad idea (See contributing.md)

[Shubham-Patel07]

Hello sir,
I would like to work on this issue please assign this to me 😁

[commjoen]

It is all yours good sir!