Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It sounds confusing but is correct. Passing secret environment variables in a way that protects from someone gaining either RCE or another information disclosure avenue (e.g. a Symfony debug toolbar exposing PHP's $_SERVER) is hard. Using k8s-managed secret files (that are technically done as a Docker bind-mount) helps against unintentional information disclosure avenues, but still are vulnerable against an attacker who has achieved RCE (as they can simply execute a cat /var/run/secrets/...)


It's not correct because he states "That’s why it’s best to use secrets as files", this is event worse than store in on ENV because in this case you just need read access to the file system instead of needing code execution, if you have RCE with the same privilege level of the application you will have access to the secret anyway.


RCE is game over, no matter what you do, but leaking environment variables can easily happen via stacktraces or debug settings.


I think it's confusing because it was really poorly phrased:

    1. DON'T keep secrets in an environment variable

    It's a GOOD PRACTICE to have your objects use a secret in an environment variable
So which one is it? Don't keep secrets in env vars, or it's good practice to keep secrets in env vars?


Personal opinion: the second. If the container is popped so you can read environment variables, you can read files too.


Not always. Stuff like exposed debug toolbars or over-exposing stacktraces can leak environment variables, but (usually not) files.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: