You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is better to mount secrets as volumes because sometimes logs dump all environment variables, so it is more risky that secrets will leak to logs if mounted as environment vars.
This requires two steps:
see which services do this
propose and quickly test a solution and open a new issue (if required)
It could be that mounting secrets as volumes also prevents a service from properly restarting and using the new values if the secret changes. Not sure exactly if mounting secrets as environment variables helps in this case too tbh.
The text was updated successfully, but these errors were encountered:
Feedback from the security engineers at BIT.
It is better to mount secrets as volumes because sometimes logs dump all environment variables, so it is more risky that secrets will leak to logs if mounted as environment vars.
This requires two steps:
It could be that mounting secrets as volumes also prevents a service from properly restarting and using the new values if the secret changes. Not sure exactly if mounting secrets as environment variables helps in this case too tbh.
The text was updated successfully, but these errors were encountered: