Surely there must be a way to make container secrets less dangerous?
Summary
A thoughtful exploration of the security risks posed by container secrets stored in /run/secrets and the trade-offs of common mitigations like environment variables. The author solicits community input on safer approaches and discusses a possible tmpfs-based workaround.