Primarily considering GCP here because they offer a wonderful CTF sponsorship deal. If a CTF organizer is using GCP to run PwnableHarness Docker containers, it would be lovely if something like make docker-push could build and push both Docker images as well as secrets (currently, the "workdir" Docker volume which contains the flag.txt file).
For GCP, perhaps the flag could be pushed using the gcloud CLI tool as a secret (the GCP Secrets Manager product). Containers would then run with the secrets mounted as files. So the flag secret would be mounted as /ctf/flag.txt. It sounds like there's currently a GCP bug where two or more secrets can't be mounted as files in the same directory, so challenges with multiple flags or with other "secret" files beyond just a flag wouldn't work automatically. I think most challenges only have a single flag as a secret though, so this would be fine for 95% of use cases.
Primarily considering GCP here because they offer a wonderful CTF sponsorship deal. If a CTF organizer is using GCP to run PwnableHarness Docker containers, it would be lovely if something like
make docker-pushcould build and push both Docker images as well as secrets (currently, the "workdir" Docker volume which contains theflag.txtfile).For GCP, perhaps the flag could be pushed using the
gcloudCLI tool as a secret (the GCP Secrets Manager product). Containers would then run with the secrets mounted as files. So the flag secret would be mounted as/ctf/flag.txt. It sounds like there's currently a GCP bug where two or more secrets can't be mounted as files in the same directory, so challenges with multiple flags or with other "secret" files beyond just a flag wouldn't work automatically. I think most challenges only have a single flag as a secret though, so this would be fine for 95% of use cases.