From d5a1f85835d5e58d91aabcae7bb2d3a27e1d7ea4 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:34:42 +0100 Subject: [PATCH 1/6] Fix Heroku deployment configuration --- Dockerfile | 2 +- Dockerfile.web | 2 +- heroku.yml | 9 +++++++++ 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8db3caee..8c5bbaeb3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -71,5 +71,5 @@ RUN rm -rf /var/run/secrets/kubernetes.io RUN adduser -u 2000 -D wrongsecrets USER wrongsecrets -CMD java -Xms128m -Xmx128m -Xss512k -jar -Dserver.port=$PORT -XX:MaxRAMPercentage=75 -XX:MinRAMPercentage=25 -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} application.jar +CMD ["java", "-Xms128m", "-Xmx128m", "-Xss512k", "-jar", "-Dserver.port=$PORT", "-XX:MaxRAMPercentage=75", "-XX:MinRAMPercentage=25", "-Dspring.profiles.active=without-vault", "-Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI}", "-Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC}", "application.jar"] # CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar diff --git a/Dockerfile.web b/Dockerfile.web index c9140597c..8b0f80f3a 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -40,4 +40,4 @@ COPY .github/scripts/ /var/helpers COPY src/test/resources/alibabacreds.kdbx /var/helpers COPY src/test/resources/RSAprivatekey.pem /var/helpers COPY .ssh/ /home/wrongsecrets/.ssh/ -CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar +CMD ["java", "-jar", "-XX:SharedArchiveFile=application.jsa", "-Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE})", "-Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI}", "-Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC}", "-D", "application.jar"] diff --git a/heroku.yml b/heroku.yml index 969773e4f..f2202fc71 100644 --- a/heroku.yml +++ b/heroku.yml @@ -2,3 +2,12 @@ build: docker: web: Dockerfile.web worker: Dockerfile + env: + SPRING_PROFILES_ACTIVE: without-vault + SPRINGDOC_UI: true + SPRINGDOC_DOC: true +run: + web: + image: web + command: + - java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=true -Dspringdoc.api-docs.enabled=true -D application.jar From 2ccdcc281b5545fdf3cba6053369fb34e0dc9f36 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:36:49 +0100 Subject: [PATCH 2/6] Fix heroku.yml validation errors --- heroku.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/heroku.yml b/heroku.yml index f2202fc71..969773e4f 100644 --- a/heroku.yml +++ b/heroku.yml @@ -2,12 +2,3 @@ build: docker: web: Dockerfile.web worker: Dockerfile - env: - SPRING_PROFILES_ACTIVE: without-vault - SPRINGDOC_UI: true - SPRINGDOC_DOC: true -run: - web: - image: web - command: - - java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=true -Dspringdoc.api-docs.enabled=true -D application.jar From 8621da59cea72f485abec3dec114867eacfd6fae Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:42:07 +0100 Subject: [PATCH 3/6] Remove worker from heroku.yml - only web dyno needed --- heroku.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/heroku.yml b/heroku.yml index 969773e4f..4502a0378 100644 --- a/heroku.yml +++ b/heroku.yml @@ -1,4 +1,3 @@ build: docker: web: Dockerfile.web - worker: Dockerfile From f533f75c2f5fe78e3084c85b99ac4bd61c6d6a8e Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:46:08 +0100 Subject: [PATCH 4/6] Fix Dockerfile.web CMD to use hardcoded spring profile --- Dockerfile.web | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/Dockerfile.web b/Dockerfile.web index 8b0f80f3a..c7f102a00 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -1,5 +1,5 @@ -FROM jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault -ARG argBasedVersion="1.13.1-alpha5-no-vault" +FROM jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault +ARG argBasedVersion="1.13.1-alpha6-no-vault" ARG CANARY_URLS="http://canarytokens.com/terms/about/s7cfbdakys13246ewd8ivuvku/post.jsp,http://canarytokens.com/terms/about/y0all60b627gzp19ahqh7rl6j/post.jsp" ARG CTF_ENABLED=false ARG HINTS_ENABLED=true @@ -21,6 +21,7 @@ ENV K8S_ENV=Heroku(Docker) ENV canarytokenURLs=$CANARY_URLS ENV ctf_enabled=$CTF_ENABLED ENV ctf_key=$CTF_KEY +ENV SPRING_PROFILES_ACTIVE=without-vault ENV hints_enabled=$HINTS_ENABLED ENV challengedockermtpath="/var/helpers" ENV keepasspath="/var/helpers/alibabacreds.kdbx" @@ -36,8 +37,9 @@ ENV default_aws_value_challenge_10=$CHALLENGE_10_VALUE ENV default_aws_value_challenge_11=$CHALLENGE_11_VALUE ENV BASTIONHOSTPATH="/home/wrongsecrets/.ssh" ENV PROJECTSPECPATH="/var/helpers/project-specification.mdc" +ENV funnybunny="This is a funny bunny" COPY .github/scripts/ /var/helpers COPY src/test/resources/alibabacreds.kdbx /var/helpers COPY src/test/resources/RSAprivatekey.pem /var/helpers COPY .ssh/ /home/wrongsecrets/.ssh/ -CMD ["java", "-jar", "-XX:SharedArchiveFile=application.jsa", "-Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE})", "-Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI}", "-Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC}", "-D", "application.jar"] +CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar From 34375749738e58645942a653c2cc0da31dbd12f9 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:50:08 +0100 Subject: [PATCH 5/6] Fix Heroku port binding - use $PORT environment variable --- Dockerfile.web | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.web b/Dockerfile.web index c7f102a00..90bd3caad 100644 --- a/Dockerfile.web +++ b/Dockerfile.web @@ -42,4 +42,4 @@ COPY .github/scripts/ /var/helpers COPY src/test/resources/alibabacreds.kdbx /var/helpers COPY src/test/resources/RSAprivatekey.pem /var/helpers COPY .ssh/ /home/wrongsecrets/.ssh/ -CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar +CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=without-vault -Dserver.port=${PORT} -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} application.jar From 3726f558bb5bc104c57ff91f1f5ef3fbb8c3e0e8 Mon Sep 17 00:00:00 2001 From: Jeroen Willemsen Date: Fri, 6 Mar 2026 11:56:11 +0100 Subject: [PATCH 6/6] improvements --- .github/scripts/.bash_history | 2 +- Dockerfile | 7 +++---- aws/k8s/secret-challenge-vault-deployment.yml | 2 +- azure/k8s/secret-challenge-vault-deployment.yml.tpl | 2 +- docs/VERSION_MANAGEMENT.md | 6 +++--- fly.toml | 2 +- gcp/k8s/secret-challenge-vault-deployment.yml.tpl | 2 +- js/index.js | 2 +- k8s/challenge53/secret-challenge53-sidecar.yml | 4 ++-- k8s/challenge53/secret-challenge53.yml | 2 +- k8s/secret-challenge-deployment.yml | 2 +- k8s/secret-challenge-vault-deployment.yml | 2 +- okteto/k8s/secret-challenge-ctf-deployment.yml | 2 +- okteto/k8s/secret-challenge-deployment.yml | 2 +- static-site/pr-2125/pages/about.html | 2 +- 15 files changed, 20 insertions(+), 21 deletions(-) diff --git a/.github/scripts/.bash_history b/.github/scripts/.bash_history index 2bde6e0dc..f9e4e5963 100644 --- a/.github/scripts/.bash_history +++ b/.github/scripts/.bash_history @@ -347,7 +347,7 @@ rm -rf jdk-18_linux-x64_bin.deb git rebase -i main git rebase -i master git stash -export tempPassword="OeyxzcLdUbln0KxnhlQaT2wQKfpJpV/A7/ach+erH4M=" +export tempPassword="mVskm4vj9tBf4BqqQEyPaFtTAFJ+K9csVbQkwF3Kj04=" mvn run tempPassword k6 npx k6 diff --git a/Dockerfile b/Dockerfile index 8c5bbaeb3..da5db174e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,7 @@ FROM bellsoft/liberica-openjre-debian:25-cds AS builder WORKDIR /builder -ARG argBasedVersion="1.13.1-alpha5" +ARG argBasedVersion="1.13.1-alpha6" COPY --chown=wrongsecrets target/wrongsecrets-${argBasedVersion}-SNAPSHOT.jar application.jar RUN java -Djarmode=tools -jar application.jar extract --layers --destination extracted @@ -59,7 +59,7 @@ RUN mkdir -p /var/run/secrets/kubernetes.io/serviceaccount && \ chmod 600 /var/run/secrets/kubernetes.io/serviceaccount/token # Create a dynamic archive -RUN java --add-modules=jdk.unsupported -XX:ArchiveClassesAtExit=application.jsa -Dspring.context.exit=onRefresh -jar application.jar +RUN java -XX:ArchiveClassesAtExit=application.jsa -Dspring.context.exit=onRefresh -jar application.jar # Clean up the mocked token RUN rm -rf /var/run/secrets/kubernetes.io @@ -71,5 +71,4 @@ RUN rm -rf /var/run/secrets/kubernetes.io RUN adduser -u 2000 -D wrongsecrets USER wrongsecrets -CMD ["java", "-Xms128m", "-Xmx128m", "-Xss512k", "-jar", "-Dserver.port=$PORT", "-XX:MaxRAMPercentage=75", "-XX:MinRAMPercentage=25", "-Dspring.profiles.active=without-vault", "-Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI}", "-Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC}", "application.jar"] -# CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar +CMD java -jar -XX:SharedArchiveFile=application.jsa -Dspring.profiles.active=$(echo ${SPRING_PROFILES_ACTIVE}) -Dspringdoc.swagger-ui.enabled=${SPRINGDOC_UI} -Dspringdoc.api-docs.enabled=${SPRINGDOC_DOC} -D application.jar diff --git a/aws/k8s/secret-challenge-vault-deployment.yml b/aws/k8s/secret-challenge-vault-deployment.yml index 3849a00cf..aba2e3a72 100644 --- a/aws/k8s/secret-challenge-vault-deployment.yml +++ b/aws/k8s/secret-challenge-vault-deployment.yml @@ -58,7 +58,7 @@ spec: volumeAttributes: secretProviderClass: "wrongsecrets-aws-secretsmanager" containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge command: ["/bin/sh"] diff --git a/azure/k8s/secret-challenge-vault-deployment.yml.tpl b/azure/k8s/secret-challenge-vault-deployment.yml.tpl index 75911c7d1..20801f416 100644 --- a/azure/k8s/secret-challenge-vault-deployment.yml.tpl +++ b/azure/k8s/secret-challenge-vault-deployment.yml.tpl @@ -61,7 +61,7 @@ spec: volumeAttributes: secretProviderClass: "azure-wrongsecrets-vault" containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge command: ["/bin/sh"] diff --git a/docs/VERSION_MANAGEMENT.md b/docs/VERSION_MANAGEMENT.md index 57d8132d8..fa9909d9c 100644 --- a/docs/VERSION_MANAGEMENT.md +++ b/docs/VERSION_MANAGEMENT.md @@ -12,9 +12,9 @@ The project maintains version consistency between: ## Version Schema ``` -pom.xml version: 1.13.1-alpha5-SNAPSHOT -Dockerfile version: 1.13.1-alpha5 -Dockerfile.web version: 1.13.1-alpha5-no-vault +pom.xml version: 1.13.1-alpha6-SNAPSHOT +Dockerfile version: 1.13.1-alpha6 +Dockerfile.web version: 1.13.1-alpha6-no-vault ``` ## Automated Solutions diff --git a/fly.toml b/fly.toml index 93d2f2e64..ebebac4d4 100644 --- a/fly.toml +++ b/fly.toml @@ -8,7 +8,7 @@ app = "wrongsecrets" primary_region = "ams" [build] - image = "docker.io/jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault" + image = "docker.io/jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault" [env] K8S_ENV = "Fly(Docker)" diff --git a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl index debf81003..d537184db 100644 --- a/gcp/k8s/secret-challenge-vault-deployment.yml.tpl +++ b/gcp/k8s/secret-challenge-vault-deployment.yml.tpl @@ -58,7 +58,7 @@ spec: volumeAttributes: secretProviderClass: "wrongsecrets-gcp-secretsmanager" containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge command: ["/bin/sh"] diff --git a/js/index.js b/js/index.js index 41b2d74f0..e266d6d9a 100644 --- a/js/index.js +++ b/js/index.js @@ -1,5 +1,5 @@ function secret() { - var password = "t5K69iQ=" + 9 + "IoOL" + 6 + "jYE=" + 2 + "/i5I" + 7; + var password = "m2/lkfE=" + 9 + "DsPI" + 6 + "2yc=" + 2 + "BcHo" + 7; return password; } diff --git a/k8s/challenge53/secret-challenge53-sidecar.yml b/k8s/challenge53/secret-challenge53-sidecar.yml index 7d12a3a0c..84bd18354 100644 --- a/k8s/challenge53/secret-challenge53-sidecar.yml +++ b/k8s/challenge53/secret-challenge53-sidecar.yml @@ -21,7 +21,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 containers: - - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha5 + - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha6 name: secret-challenge-53 imagePullPolicy: IfNotPresent resources: @@ -45,7 +45,7 @@ spec: command: ["/bin/sh", "-c"] args: - cp /home/wrongsecrets/* /shared-data/ && exec /home/wrongsecrets/start-on-arch.sh - - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.13.1-alpha5 + - image: jeroenwillemsen/wrongsecrets-challenge53-debug:1.13.1-alpha6 name: sidecar imagePullPolicy: IfNotPresent command: ["/bin/sh", "-c", "while true; do ls /shared-data; sleep 10; done"] diff --git a/k8s/challenge53/secret-challenge53.yml b/k8s/challenge53/secret-challenge53.yml index 6f5021fcb..63f7b00fc 100644 --- a/k8s/challenge53/secret-challenge53.yml +++ b/k8s/challenge53/secret-challenge53.yml @@ -21,7 +21,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 containers: - - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha5 + - image: jeroenwillemsen/wrongsecrets-challenge53:1.13.1-alpha6 name: secret-challenge-53 imagePullPolicy: IfNotPresent resources: diff --git a/k8s/secret-challenge-deployment.yml b/k8s/secret-challenge-deployment.yml index 04419bcd2..a5788aea5 100644 --- a/k8s/secret-challenge-deployment.yml +++ b/k8s/secret-challenge-deployment.yml @@ -28,7 +28,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault imagePullPolicy: IfNotPresent name: secret-challenge ports: diff --git a/k8s/secret-challenge-vault-deployment.yml b/k8s/secret-challenge-vault-deployment.yml index ad0f1eadd..7b0aeb467 100644 --- a/k8s/secret-challenge-vault-deployment.yml +++ b/k8s/secret-challenge-vault-deployment.yml @@ -50,7 +50,7 @@ spec: type: RuntimeDefault serviceAccountName: vault containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-k8s-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-k8s-vault imagePullPolicy: IfNotPresent name: secret-challenge command: ["/bin/sh"] diff --git a/okteto/k8s/secret-challenge-ctf-deployment.yml b/okteto/k8s/secret-challenge-ctf-deployment.yml index a3307751e..60b4bce17 100644 --- a/okteto/k8s/secret-challenge-ctf-deployment.yml +++ b/okteto/k8s/secret-challenge-ctf-deployment.yml @@ -28,7 +28,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault name: secret-challenge-ctf imagePullPolicy: IfNotPresent securityContext: diff --git a/okteto/k8s/secret-challenge-deployment.yml b/okteto/k8s/secret-challenge-deployment.yml index 451b285ae..9d94cf77e 100644 --- a/okteto/k8s/secret-challenge-deployment.yml +++ b/okteto/k8s/secret-challenge-deployment.yml @@ -28,7 +28,7 @@ spec: runAsGroup: 2000 fsGroup: 2000 containers: - - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha5-no-vault + - image: jeroenwillemsen/wrongsecrets:1.13.1-alpha6-no-vault name: secret-challenge imagePullPolicy: IfNotPresent securityContext: diff --git a/static-site/pr-2125/pages/about.html b/static-site/pr-2125/pages/about.html index 45dcbc6f2..0aa351fab 100644 --- a/static-site/pr-2125/pages/about.html +++ b/static-site/pr-2125/pages/about.html @@ -80,7 +80,7 @@
🎯 Learning Objectives
  • (The MIT License (MIT)) Spring Cloud Azure Starter Key Vault Secrets (com.azure.spring:spring-cloud-azure-starter-keyvault-secrets:5.22.0 - https://microsoft.github.io/spring-cloud-azure)
  • (The Apache Software License, Version 2.0) Simple XML (safe) (com.carrotsearch.thirdparty:simple-xml-safe:2.7.1 - https://github.com/dweiss/simplexml)
  • (3-Clause BSD License) MinLog (com.esotericsoftware:minlog:1.3.1 - https://github.com/EsotericSoftware/minlog)
    • -
  • (Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.13.1-alpha5 - https://github.com/ethlo/itu)
    • +
  • (Apache License, Version 2.0) Internet Time Utility (com.ethlo.time:itu:1.13.1-alpha6 - https://github.com/ethlo/itu)
  • (The Apache Software License, Version 2.0) aalto-xml (com.fasterxml:aalto-xml:1.3.3 - https://github.com/FasterXML/aalto-xml)
  • (Apache License, Version 2.0) ClassMate (com.fasterxml:classmate:1.7.0 - https://github.com/FasterXML/java-classmate)
  • (The Apache Software License, Version 2.0) Jackson-annotations (com.fasterxml.jackson.core:jackson-annotations:2.19.1 - https://github.com/FasterXML/jackson)