> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-6/credentials/container/trick-0370.md).

# Docker Inspect Credential Extraction

***

To extract sensitive data like credentials from a Docker container's configuration, leverage the `docker inspect` command with the `--format` option to output specific fields or the full configuration as JSON. This command is useful for finding secrets by dumping the container's configuration, including environment variables.

Dump the entire container configuration as JSON:

```bash
docker inspect --format '{{json .}}' <container_id_or_name>
```

Target specific configuration parts, such as environment variables:

```bash
docker inspect --format '{{.Config.Env}}' <container_id_or_name>
```

Once the configuration is dumped, the resulting JSON or string output must be parsed to search for passwords, API keys, or any sensitive information embedded in the container's configuration or environment variables. Various command-line tools can be used for this purpose.

To quickly search the entire inspect output for common keywords like 'pass':

```bash
docker inspect <container_id_or_name> | grep -i pass
```

If you output the environment variables as JSON using `{{json .Config.Env}}`, you can use `jq` to parse the structure:

```bash
docker inspect <container_id_or_name> --format='{{json .Config.Env}}' | jq '.'
```

When the output is a space-separated string of key=value pairs, tools like `tr` or `sed` can help format it for searching specific variables or patterns:

```bash
docker inspect <container_id_or_name> --format '{{ .Config.Env }}' | tr " " "\n" | grep MY_VARIABLE
```

These inspection techniques can also be applied to Docker images using `docker image inspect <image_id_or_name>` to examine the image configuration. Sensitive information might also be present within the filesystem of the container or image layers, requiring further investigation beyond just the configuration metadata.
