## Difficulty
??
## Category
Forensics
## How To Solve
First, load the Docker image using `docker load -i dockersecrets`. You can then explore the image layers with `docker history dockersecrets`. Observe that two environment variables are set in the Docker image, a Postgres URL and a Postgres key. Use the flag `--no-trunc` to show the entire variables, instead of their truncated version. You can see from the URL that these values belong to a Supabase instance. When you connect to the database, you will see that the table `users` contains three columns: `id`, `has_flag`, and `password`. The password field of the record where the has_flag option is set contains a base64 encoded version of the flag. Use CyberChef to learn this password encoding. You can use a [simple Python script](writeup.py) to extract the flag.  
## Flag
`IGCTF{N0t_th3_s4f3st_w4y_t0_st0r3_p4ssw0rds_h4H4}`