diff --git a/dockersecrets/README.md b/dockersecrets/README.md
new file mode 100644
index 0000000..860f51a
--- /dev/null
+++ b/dockersecrets/README.md
@@ -0,0 +1,7 @@
+# dockersecrets
+## Text
+A company complained about their passwords being leaked from this file. One of their "users" has the flag set as their password. Can you find the leak?
+## Files
+[dockersecrets](dockersecrets)
+## How to Deploy
+n/a
\ No newline at end of file
diff --git a/dockersecrets/SOLUTION.md b/dockersecrets/SOLUTION.md
new file mode 100644
index 0000000..80c2841
--- /dev/null
+++ b/dockersecrets/SOLUTION.md
@@ -0,0 +1,8 @@
+## Difficulty
+??
+## Category
+Forensics
+## How To Solve
+First, load the Docker image using `docker load -i dockersecrets`. You can then explore the image layers with `docker history dockersecrets`. Observe that two environment variables are set in the Docker image, a Postgres URL and a Postgres key. Use the flag `--no-trunc` to show the entire variables, instead of their truncated version. You can see from the URL that these values belong to a Supabase instance. When you connect to the database, you will see that the table `users` contains three columns: `id`, `has_flag`, and `password`. The password field of the record where the has_flag option is set contains a base64 encoded version of the flag. Use CyberChef to learn this password encoding. You can use a [simple Python script](writeup.py) to extract the flag.  
+## Flag
+`IGCTF{N0t_th3_s4f3st_w4y_t0_st0r3_p4ssw0rds_h4H4}`
\ No newline at end of file
diff --git a/dockersecrets/dockersecrets b/dockersecrets/dockersecrets
new file mode 100644
index 0000000..fcb6f4c
Binary files /dev/null and b/dockersecrets/dockersecrets differ
diff --git a/dockersecrets/writeup.py b/dockersecrets/writeup.py
new file mode 100644
index 0000000..09638a4
--- /dev/null
+++ b/dockersecrets/writeup.py
@@ -0,0 +1,25 @@
+import os
+from supabase import create_client, Client
+import base64
+
+# Leaked
+url = "https://ybolulzygysmsjytomha.supabase.co"
+key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6Inlib2x1bHp5Z3lzbXNqeXRvbWhhIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTczMDQ5NDkwOCwiZXhwIjoyMDQ2MDcwOTA4fQ.7XfwK3MZ8MaOa4g5T5Pg663nZJvnfQpd-Y91z9FWHj0"
+
+supabase = create_client(url, key)
+
+# Explore the schema by fetching some users
+print("Some users to explore the schema:")
+some_users = supabase.table("users").select("*").limit(5).execute()
+print(some_users)
+
+# Find the flag user
+print("Only user with the flag as password:")
+flag_user = supabase.table("users").select("*").is_("has_flag", True).execute()
+print(flag_user)
+
+# Decode the flag password
+password_enc = flag_user.data[0]["password"]
+ascii_password = password_enc.encode("ascii")
+password_dec = base64.b64decode(ascii_password).decode("ascii")
+print(f"Flag password: {password_dec}")
\ No newline at end of file