Remember that containers are just a “process”. Then, it means that the values of the environment variables can be found in the virtual-filesystem /proc for users which maybe should not have access to it. Following an example to illustrate this idea.
NOTE: If, the above info is not clear enough I’d recommend you check the blog post Understanding containers in 15 minutes
Example
Let’s imagine create a Kubernetes Pod resource where the secret values with the USERNAME and PASSWORD will be informed as ENV VARIABLE like follows.
...
env:
- name: USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
...Then, the values used to create the ENV VARIABLES can be found by doing the below steps in a Linux SO.
# get the CONTAINER ID of this pod
$ docker ps | grep <pod-name>
# check the process of this container
$ docker top <CONTAINER ID>
# check the env values by using the PID
$ sudo cat /proc/<PID>/environ
CONCLUSION: Unless the environment variables of your containers are encrypted, these values will not be safe since they could be checked as described above.
NOTE: Also, feel free to check related post by searching for the Kubernetes and Docker tag in this website.
Sponsored by:
www.Dev4Devs.com 