My main reason for avoiding passing secrets via the environment is that updating the secret requires a process restart. Using in-process mechanisms to retrieve secrets from a vault or KMS lets long running processes benefit from frequently rotated keys.
This isn't always possible to do without some poor UX for things like multiplayer games or VoIP where the pod keeps state and latency is a noticeable factor.