diff --git a/.github/scripts/docker-create-and-push.sh b/.github/scripts/docker-create-and-push.sh
index c767ca8bd..78b91d44e 100755
--- a/.github/scripts/docker-create-and-push.sh
+++ b/.github/scripts/docker-create-and-push.sh
@@ -16,7 +16,7 @@ echo "tagging version"
 docker buildx create --name mybuilder
 docker buildx use mybuilder
 echo "generating challenge 12-data"
-openssl rand -base64 32 > yourkey.txt
+openssl rand -base64 32 | tr -d '\n' > yourkey.txt
 echo "creating containers"
 docker buildx build --platform linux/amd64,linux/arm64 -t jeroenwillemsen/addo-example:$1-no-vault --build-arg "$3" --build-arg "PORT=8081" --build-arg "argBasedVersion=$1" --build-arg "spring_profile=without-vault" --push ./../../.
 docker buildx build --platform linux/amd64,linux/arm64 -t jeroenwillemsen/addo-example:$1-local-vault --build-arg "$3" --build-arg "PORT=8081" --build-arg "argBasedVersion=$1" --build-arg "spring_profile=local-vault" --push ./../../.
diff --git a/README.md b/README.md
index 828fb0c94..46ba3127c 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@
 
 Welcome to the OWASP WrongSecrets p0wnable app. With this app, we have packed various ways of how to not store your secrets. These can help you to realize whether your secret management is ok. The challenge is to find all the different secrets by means of various tools and techniques.
 
-Can you solve all the 11 challenges?
+Can you solve all the 12 challenges?
 ![screenshot.png](screenshot.png)
 
 ## Support
@@ -13,7 +13,7 @@ Need support? Contact us via [OWASP Slack](https://owasp.slack.com/archives/C02K
 
 ## Basic docker exercises
 
-_Can be used for challenges 1-4, 8_
+_Can be used for challenges 1-4, 8, 12_
 
 For the basic docker exercises you currently require:
 
@@ -33,7 +33,8 @@ Now you can try to find the secrets by means of solving the challenge offered at
 - [localhost:8080/challenge/3](http://localhost:8080/challenge/3)
 - [localhost:8080/challenge/4](http://localhost:8080/challenge/4)
 - [localhost:8080/challenge/8](http://localhost:8080/challenge/8)
-
+- [localhost:8080/challenge/8](http://localhost:8080/challenge/12)
+- 
 Note that these challenges are still very basic, and so are their explanations. Feel free to file a PR to make them look better ;-).
 
 ### Running these on Heroku
@@ -50,7 +51,7 @@ You can test them out at <a href="https://wrongsecrets.herokuapp.com/" target="_
 
 ## Basic K8s exercise
 
-_Can be used for challenges 1-6, 8_
+_Can be used for challenges 1-6, 8, 12_
 
 ### Minikube based
 
@@ -99,7 +100,7 @@ now you can use the provided IP address and port to further play with the K8s va
 
 ## Vault exercises with minikube
 
-_Can be used for challenges 1-8_
+_Can be used for challenges 1-8, 12_
 Make sure you have the following installed:
 
 - minikube with docker (or comment out line 8 and work at your own k8s setup),
@@ -115,7 +116,7 @@ This will allow you to run challenge 1-8.
 
 ## Cloud Challenges
 
-_Can be used for challenges 1-11_
+_Can be used for challenges 1-12_
 
 ### Running WrongSecrets in AWS
 
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
index 806898de8..624695044 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/cloud/Challenge11.java
@@ -87,9 +87,9 @@ public boolean environmentSupported() {
     }
 
     private String getAWSChallenge11Value() {
-        log.info("Getting credentials from AWS");
-        if (!"if_you_see_this_please_use_AWS_Setup".equals(awsRoleArn)) {
 
+        if (!"if_you_see_this_please_use_AWS_Setup".equals(awsRoleArn)) {
+            log.info("Getting credentials from AWS");
             try { //based on https://github.com/awsdocs/aws-doc-sdk-examples/tree/main/javav2/example_code/sts/src/main/java/com/example/sts
                 String webIDentityToken = Files.readString(Paths.get(tokenFileLocation));
                 StsClient stsClient = StsClient.builder()
@@ -126,12 +126,13 @@ private String getAWSChallenge11Value() {
                 log.error("Could not get the web identity token, due to ", e);
             }
         }
+        log.info("Skipping credentials from AWS");
         return awsDefaultValue;
     }
 
     private String getGCPChallenge11Value() {
-        log.info("Getting credentials from GCP");
         if ("gcp".equals(k8sEnvironment)) {
+            log.info("Getting credentials from GCP");
             // Based on https://cloud.google.com/secret-manager/docs/reference/libraries
             try (SecretManagerServiceClient client = SecretManagerServiceClient.create()) {
                 log.info("Fetching secret form Google Secret Manager...");
@@ -145,6 +146,7 @@ private String getGCPChallenge11Value() {
                 log.error("Could not get the web identity token, due to ", e);
             }
         }
+        log.info("Skipping credentials from GCP");
         return gcpDefaultValue;
     }
 }
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java
index 191b7da2a..ef01f1f2b 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge12.java
@@ -1,19 +1,29 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
 
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
 import org.owasp.wrongsecrets.challenges.ChallengeEnvironment;
 import org.owasp.wrongsecrets.challenges.ChallengeNumber;
 import org.owasp.wrongsecrets.challenges.Spoiler;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+@Slf4j
 @Component
 @ChallengeNumber("12")
 public class Challenge12 extends Challenge {
 
-    public Challenge12(ScoreCard scoreCard) {
+
+    private String dockerMountPath;
+
+    public Challenge12(ScoreCard scoreCard, @Value("${challengedockermtpath}") String dockerMountPath) {
         super(scoreCard, ChallengeEnvironment.DOCKER);
+        this.dockerMountPath = dockerMountPath;
     }
 
     @Override
@@ -23,6 +33,7 @@ public Spoiler spoiler() {
 
     @Override
     public boolean answerCorrect(String answer) {
+        log.info("challenge 12, actualdata: {}, answer: {}", getActualData(), answer);
         return getActualData().equals(answer);
     }
 
@@ -33,8 +44,11 @@ public boolean environmentSupported() {
 
 
     private String getActualData() {
-        //do logic here!
-        
-        return "if_you_see_this_please_use_docker_instead";
+        try {
+            return Files.readString(Paths.get(dockerMountPath, "yourkey.txt"));
+        } catch (Exception e) {
+            log.warn("Exception during file reading, defaulting to default without cloud environment");
+            return "if_you_see_this_please_use_docker_instead";
+        }
     }
 }
diff --git a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge8.java b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge8.java
index d49e26a3b..7a2290c52 100644
--- a/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge8.java
+++ b/src/main/java/org/owasp/wrongsecrets/challenges/docker/Challenge8.java
@@ -1,6 +1,7 @@
 package org.owasp.wrongsecrets.challenges.docker;
 
 
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.wrongsecrets.ScoreCard;
 import org.owasp.wrongsecrets.challenges.Challenge;
 import org.owasp.wrongsecrets.challenges.ChallengeEnvironment;
@@ -8,26 +9,45 @@
 import org.owasp.wrongsecrets.challenges.Spoiler;
 import org.springframework.stereotype.Component;
 
+import java.security.SecureRandom;
+import java.util.Random;
+
+@Slf4j
 @Component
 @ChallengeNumber("8")
 public class Challenge8 extends Challenge {
 
+    private final Random RANDOM = new SecureRandom();
+    private final String ALPHABET = "0123456789QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm";
+    private String randomValue;
+
     public Challenge8(ScoreCard scoreCard) {
         super(scoreCard, ChallengeEnvironment.DOCKER);
+        randomValue = generateRandomString(10);
+        log.info("Initializing challenge 8 with value {}", randomValue);
     }
 
     @Override
     public Spoiler spoiler() {
-        return new Spoiler(Constants.newKey);
+        return new Spoiler(randomValue);
     }
 
     @Override
     public boolean answerCorrect(String answer) {
-        return Constants.newKey.equals(answer);
+        return randomValue.equals(answer);
     }
 
     @Override
     public boolean environmentSupported() {
         return true;
     }
+
+
+    private String generateRandomString(int length) {
+        StringBuffer buffer = new StringBuffer(length);
+        for (int i = 0; i < length; i++) {
+            buffer.append(ALPHABET.charAt(RANDOM.nextInt(ALPHABET.length())));
+        }
+        return new String(buffer);
+    }
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 32d9c2d40..0cf0dcbc5 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -10,6 +10,7 @@ default_gcp_value=if_you_see_this_please_use_GCP_Setup
 AWS_ROLE_ARN=if_you_see_this_please_use_AWS_Setup
 AWS_WEB_IDENTITY_TOKEN_FILE=if_you_see_this_please_use_AWS_Setup
 secretmountpath=/mnt/secrets-store
+challengedockermtpath=/var/tmp/helpers
 AWS_REGION=if_you_see_this_please_use_AWS_Setup
 GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup
 K8S_ENV=Docker
diff --git a/src/main/resources/explanations/challenge8.adoc b/src/main/resources/explanations/challenge8.adoc
index 281c348a9..b6fc4d192 100644
--- a/src/main/resources/explanations/challenge8.adoc
+++ b/src/main/resources/explanations/challenge8.adoc
@@ -1,4 +1,6 @@
 === Challenge 8: Generating random values
 
-Now, let's randomize the secret... Can you find the answer?
-How can we use this on the next startup ;-)?
\ No newline at end of file
+Now, let's randomize the secret at startup... Can you find the answer?
+How can we use this on the next startup ;-)?
+
+Tip: take a look at the logging of the application at startup!
\ No newline at end of file
diff --git a/src/main/resources/templates/challenge.html b/src/main/resources/templates/challenge.html
index 70dbda378..4c447eecc 100644
--- a/src/main/resources/templates/challenge.html
+++ b/src/main/resources/templates/challenge.html
@@ -37,6 +37,7 @@
                         <a class="dropdown-item" href="/challenge/9">Challenge 9</a>
                         <a class="dropdown-item" href="/challenge/10">Challenge 10</a>
                         <a class="dropdown-item" href="/challenge/11">Challenge 11</a>
+                        <a class="dropdown-item" href="/challenge/12">Challenge 12</a>
                     </ul>
                 </li>
                 <li class="nav-item">
@@ -68,7 +69,7 @@ <h1 class="mt-3" th:text="'Challenge '+${challengeNumber}"/>
                                                                                 value="Reset"/></p>
     </form>
 
-    There are 11 challenges (/challenge/1-11), can you solve them all? <br/>
+    There are 12 challenges (/challenge/1-12), can you solve them all? <br/>
     <div class="row">
         <div th:if="${previouschallenge!=null}" class="col-4">
             <a th:href="'/challenge/'+${previouschallenge}">Previous</a>
diff --git a/src/main/resources/templates/error.html b/src/main/resources/templates/error.html
index e5d5c2a71..c7978d3f5 100644
--- a/src/main/resources/templates/error.html
+++ b/src/main/resources/templates/error.html
@@ -37,6 +37,7 @@
                         <a class="dropdown-item" href="/challenge/9">Challenge 9</a>
                         <a class="dropdown-item" href="/challenge/10">Challenge 10</a>
                         <a class="dropdown-item" href="/challenge/11">Challenge 11</a>
+                        <a class="dropdown-item" href="/challenge/12">Challenge 12</a>
                     </ul>
                 </li>
                 <li class="nav-item">
diff --git a/src/main/resources/templates/index.html b/src/main/resources/templates/index.html
index 2c1238753..f10aeb84b 100644
--- a/src/main/resources/templates/index.html
+++ b/src/main/resources/templates/index.html
@@ -37,6 +37,7 @@
                         <a class="dropdown-item" href="/challenge/9">Challenge 9</a>
                         <a class="dropdown-item" href="/challenge/10">Challenge 10</a>
                         <a class="dropdown-item" href="/challenge/11">Challenge 11</a>
+                        <a class="dropdown-item" href="/challenge/12">Challenge 12</a>
                     </ul>
                 </li>
                 <li class="nav-item">
@@ -84,6 +85,7 @@ <h1 class="display-2">Welcome</h1>
                     10 (requires AWS or GCP)</a><br/>
                 <a href="challenge/11" th:class="${cloud == null}  ? 'disabled' : ''">Challenge
                     11 (requires AWS or GCP)</a><br/>
+                <a href="challenge/12">Challenge 12 (requires Docker)</a><br/>
             </p>
             <p>Don't want to wait for Vault? here is <a href="spoil-7">the secret :(</a>.</p>
             <p th:text="'You are currently running on the following environment: '+${environment}"></p>
diff --git a/src/main/resources/templates/spoil.html b/src/main/resources/templates/spoil.html
index a5414b4a1..940a1809f 100644
--- a/src/main/resources/templates/spoil.html
+++ b/src/main/resources/templates/spoil.html
@@ -8,6 +8,6 @@
 <h1>Spoiling secret</h1>
 <p th:text="${solution}"></p>
 
-There are 11 challenges (/challenge/1-11), can you solve them all?
+There are 11 challenges (/challenge/1-12), can you solve them all?
 </body>
 </html>
\ No newline at end of file
diff --git a/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java
new file mode 100644
index 000000000..f16732a77
--- /dev/null
+++ b/src/test/java/org/owasp/wrongsecrets/challenges/docker/Challenge12Test.java
@@ -0,0 +1,54 @@
+package org.owasp.wrongsecrets.challenges.docker;
+
+import org.assertj.core.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.junit.jupiter.api.io.TempDir;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.owasp.wrongsecrets.ScoreCard;
+import org.owasp.wrongsecrets.challenges.Spoiler;
+import org.owasp.wrongsecrets.challenges.cloud.Challenge9;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+@ExtendWith(MockitoExtension.class)
+class Challenge12Test {
+
+    @Mock
+    private ScoreCard scoreCard;
+
+    @Test
+    void solveChallenge12WithoutFile(@TempDir Path dir) throws Exception {
+        var challenge = new Challenge12(scoreCard, dir.toString());
+
+        Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isFalse();
+        Assertions.assertThat(challenge.answerCorrect("if_you_see_this_please_use_docker_instead")).isTrue();
+    }
+
+    @Test
+    void solveChallenge12WithMNTFile(@TempDir Path dir) throws Exception {
+        var testFile = new File(dir.toFile(), "yourkey.txt");
+        var secret = "secretvalueWitFile";
+        Files.writeString(testFile.toPath(), secret);
+
+        var challenge = new Challenge12(scoreCard, dir.toString());
+
+        Assertions.assertThat(challenge.answerCorrect("secretvalueWitFile")).isTrue();
+    }
+
+    @Test
+    void spoilShouldReturnCorrectAnswer(@TempDir Path dir) throws IOException {
+        var testFile = new File(dir.toFile(), "yourkey.txt");
+        var secret = "secretvalueWitFile";
+        Files.writeString(testFile.toPath(), secret);
+
+        var challenge = new Challenge12(scoreCard, dir.toString());
+
+        Assertions.assertThat(challenge.spoiler()).isEqualTo(new Spoiler("secretvalueWitFile"));
+    }
+
+}
\ No newline at end of file
diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties
index 539402936..206553f0e 100644
--- a/src/test/resources/application.properties
+++ b/src/test/resources/application.properties
@@ -1,20 +1,21 @@
 spring.cloud.vault.enabled=false
 aws.paramstore.enabled=false
-password = DefaultLoginPasswordDoNotChange!
-SPECIAL_K8S_SECRET = if_you_see_this_please_use_k8s
-SPECIAL_SPECIAL_K8S_SECRET = if_you_see_this_please_use_k8s
-ARG_BASED_PASSWORD= if_you_see_this_please_use_docker_instead
-DOCKER_ENV_PASSWORD= if_you_see_this_please_use_docker_instead
-vaultpassword = if_you_see_this_please_use_K8S_and_Vault
-vaultpassword.password = if_you_see_this_please_use_K8S_and_Vault
-default_aws_value = if_you_see_this_please_use_AWS_Setup
-default_gcp_value = if_you_see_this_please_use_GCP_Setup
+password=DefaultLoginPasswordDoNotChange!
+SPECIAL_K8S_SECRET=if_you_see_this_please_use_k8s
+SPECIAL_SPECIAL_K8S_SECRET=if_you_see_this_please_use_k8s
+ARG_BASED_PASSWORD=if_you_see_this_please_use_docker_instead
+DOCKER_ENV_PASSWORD=if_you_see_this_please_use_docker_instead
+vaultpassword=if_you_see_this_please_use_K8S_and_Vault
+vaultpassword.password=if_you_see_this_please_use_K8S_and_Vault
+default_aws_value=if_you_see_this_please_use_AWS_Setup
+default_gcp_value=if_you_see_this_please_use_GCP_Setup
 AWS_REGION=if_you_see_this_please_use_AWS_Setup
-AWS_ROLE_ARN= if_you_see_this_please_use_AWS_Setup
-AWS_WEB_IDENTITY_TOKEN_FILE= if_you_see_this_please_use_AWS_Setup
-GCP_PROJECT_ID= if_you_see_this_please_use_GCP_Setup
-secretmountpath = ${java.io.tmpdir}
-wrongsecretvalue = wrongsecret
+AWS_ROLE_ARN=if_you_see_this_please_use_AWS_Setup
+AWS_WEB_IDENTITY_TOKEN_FILE=if_you_see_this_please_use_AWS_Setup
+GCP_PROJECT_ID=if_you_see_this_please_use_GCP_Setup
+secretmountpath=${java.io.tmpdir}
+challengedockermtpath=${java.io.tmpdir}
+wrongsecretvalue=wrongsecret
 APP_VERSION=0.0.0
 K8S_ENV=test
 #---