Skip to content

Add a Docker (~/.docker/config.json) honeytoken type #166

Description

@LiorFink00

Summary

Add a Docker registry credentials honeytoken type (~/.docker/config.json). Docker config holds base64 registry auth that supply-chain attackers scan for, but there's no token type for it (current: aws/github/gcp/azure/ssh).

What to do

Follow docs/tokens.md — two files + a test:

  1. server/thumper/tokens/catalog.py — add a TOKEN_TYPES entry: type: "docker", default_path: "~/.docker/config.json", suggested paths, a description.
  2. server/thumper/tokens/generator.py — add a generate_token branch returning valid Docker config JSON, e.g.:
    {"auths": {"registry.example.com": {"auth": "<base64 user:fake-token>"}}}
    The credential must be random garbage (authenticates to nothing).
  3. Add a case in tests/test_tripwire_content.py asserting the output is valid JSON with an auths entry.

Acceptance

  • docker appears in GET /api/token-types; generates a plausible ~/.docker/config.json; has a test; suite stays green.

Good first issue — small, additive, with a step-by-step guide (docs/tokens.md).

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions