Remember that containers are just a “process”. Then, it means that the values of the environment variables can be found in the virtual-filesystem /proc for users which maybe should not have access to it. Following an example to illustrate this idea.
NOTE: If, the above info is not clear enough I’d recommend you check the blog post Understanding containers in 15 minutes
Let’s imagine create a Kubernetes Pod resource where the secret values with the USERNAME and PASSWORD will be informed as ENV VARIABLE like follows.
... env: - name: USERNAME valueFrom: secretKeyRef: name: mysecret key: username - name: PASSWORD valueFrom: secretKeyRef: name: mysecret key: password ...
Then, the values used to create the ENV VARIABLES can be found by doing the below steps in a Linux SO.
# get the CONTAINER ID of this pod $ docker ps | grep <pod-name> # check the process of this container $ docker top <CONTAINER ID> # check the env values by using the PID
$ sudo cat /proc/<PID>/environ
CONCLUSION: Unless the environment variables of your containers are encrypted, these values will not be safe since they could be checked as described above.