Challenge 2 ☆
Welcome to challenge 2. You need to guess the secret that is hidden in Java, Docker, Kubernetes, Vault, AWS or GCP.
Instead of hardcoding the password directly, the developer tried to hide it in the
application.properties of Spring Boot.
This way, it can no longer be found directly in
.java or compiled
.class files. So how can you detect it?
You can easily detect this by SAST solutions, like truffleHog and git-secrets, and by manual inspection of your