The danger of using environment variables is that it's easy for the secrets to be accidentally leaked
through logging, as it's common for software to log its entire environment. The set of people who
have access to logs is often much bigger than the people who need production key values.
For this reason, many security experts recommend using the volume-mount approach, where your
code reads the secret value from a file in a well-known location. Most orchestrators support this
method of passing secrets into a container.
During pen test, it is observed that sensitive information like username and password are exposed in
environment variable. An attacker can access env variable and retrieve the sensitive information.
Username and password are exposed in pod logs