lacework-global-786
Prefer using secrets as files over secrets as environment variables (Manual)
Description
Kubernetes supports mounting secrets as data volumes or as environment variables. Minimize the use of environment variable secrets.
Remediation
If possible, rewrite application code to read secrets from mounted secret files, rather than from environment variables.
References
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/tasks/inject-data-application/define-environment-variable-container/
Additional Information
Mounting secrets as volumes has the additional benefit that you can update secret values without restarting the pod