Main idea
A container is not automatically secure just because it is isolated.
Lesson 16
Docker security basics
This page introduces practical Docker safety habits that reduce risk without making the setup overly complex for beginners.
Main habits
Use trusted base images, avoid unnecessary packages, handle secrets carefully, and avoid running everything as root when possible.
Main warning
Secrets baked directly into images are hard to control and risky to share.
Security basics checklist
- Use official or trusted base images.
- Keep images small and focused.
- Install only what is required.
- Do not store secrets in the Dockerfile.
- Prefer non-root runtime users when possible.
Bad vs better idea
# risky
ENV API_KEY=secret123
# better
# pass values at runtime insteadSecurity often improves when configuration and secrets stay outside the built image.
Next page: Lesson 17 explains how Docker usage changes between development and production environments.