Question 1

How do I set up WrongSecrets for Kubernetes training?

Accepted Answer

Use the provided Minikube scripts or apply Kubernetes YAML files from the k8s directory. The README includes commands for setting up challenges with Minikube and vault, including steps for sealed secrets and port forwarding.

Question 2

WrongSecrets vs OWASP Juice Shop for security training?

Accepted Answer

WrongSecrets focuses specifically on secrets management vulnerabilities across various environments, while Juice Shop covers broader web application security issues. WrongSecrets is ideal for targeted secrets training, whereas Juice Shop offers general web security practice.

Question 3

Can I run WrongSecrets without installing Docker locally?

Accepted Answer

Yes, you can use the online Heroku demo for basic challenges, but for full functionality including cloud and Kubernetes exercises, local Docker or cloud deployments are required as per the deployment options in the README.

Question 4

What tools are recommended for solving the challenges?

Accepted Answer

Depending on the challenge, you might need secret scanners like TruffleHog or gitleaks, cloud CLI tools, and standard command-line utilities. The project provides a desktop container with pre-installed tools for convenience.

Question 5

How to disable hints and spoilers in WrongSecrets?

Accepted Answer

Set environment variables such as hints_enabled=false or reason_enabled=false when running the container, as explained in the 'Do you want to play without guidance' section of the README.

Question 6

Is WrongSecrets safe to run on my local network?

Accepted Answer

Generally yes for local Docker setups, but cloud challenges should not be run on production accounts due to IAM risks. The README advises using separate, non-production cloud environments for safety.

WrongSecrets

What is WrongSecrets?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions