> including secrets, in environment variables is a bad idea.
I don't think this is the lesson to take away here. Arbitrary remote read of environment variables is not a common issue.
Also you can easily not propagate secrets to a child process. But there isn't a ton of point to that on most systems since if you can't trust your child process just not passing in the secret is not gonna cut it.
I don't think this is the lesson to take away here. Arbitrary remote read of environment variables is not a common issue.
Also you can easily not propagate secrets to a child process. But there isn't a ton of point to that on most systems since if you can't trust your child process just not passing in the secret is not gonna cut it.