Because PID 1 has that env, all processes spawned from that can read all of those.
I prefer mounting them to /run/secrets via tmpfs. Which can also have selinux policy attached.
This way, someone else cannot read them by spawning shell inside container
Because PID 1 has that env, all processes spawned from that can read all of those.
I prefer mounting them to /run/secrets via tmpfs. Which can also have selinux policy attached.
This way, someone else cannot read them by spawning shell inside container