3

We have developed a tool in python which uses many libraries and other algorithms. We want to give that to customers on premise through docker image. It works pretty well. However, if someone copies image and exports/extracts (export or save command), everything becomes visible that includes our python files and library (python) files as well.

Is there a way, we can protect our code such that customers can't export it or see anything inside the image? Is there a way whole image can be encrypted or locked? I believe obfuscation can help to an extent, is there an obfuscation tool that obfuscates whole project (all files and folders while not breaking references)?

Hardik Patel
  • 79
  • 2
  • 6
  • Related: [A completely closed source docker container](https://stackoverflow.com/questions/37064819/a-completely-closed-source-docker-container). – tgogos Nov 28 '18 at 12:55
  • Possible duplicate of [Is distributing python source code in Docker secure?](https://stackoverflow.com/questions/51552706/is-distributing-python-source-code-in-docker-secure) – David Maze Nov 28 '18 at 14:06

1 Answers1

2

The root user on the host machine (where the docker daemon runs) has full access to all the processes running on the host. That means the person who controls the host machine can always get access to the RAM of the application as well as the file system. That makes it impossible to hide a key for decrypting the file system or protecting RAM from debugging.

Since you are sharing the image, You got no way to protect it from copying.

However using obfuscation on a standard Linux box, you can make it harder to read the file system and RAM, but you can't make it impossible or the container cannot run.

Timam
  • 378
  • 1
  • 2
  • 8