In this article I will discuss how having just the ID of a Docker image can get you the contents of the image on all known Docker registry services, with the exception of Quay.io. I conclude with a fun game of capture the flag where you can try to steal a secret that I’ve placed in the various registries. TL;DR You need to treat your Docker image IDs as secrets, like SSH keys or passwords. Do not