Description:

A developer on your team proposes to add an API key during the Docker build process. Their plan: copy a file containing the key into the image, use it during the build, and then delete it in a later step. Since that file won't be present in the final Docker image, they consider it safe. You're not convinced. All layers of a Docker image are kept and anyone with access to the image will be able to extract the API key.

Tasks:

• Find the API key (api_key.txt) in the final Docker image to prove that this approach is not safe.
• Copy the file with the API key to /home/lab/api_key.txt