I do not understand how the standard practice to pass secrets as environment variables to containers considered as safe? [duplicate]
TL;DR
The container’s environment variable can be queried many ways, with native docker tools or 3rd party tools. The docker admin user (or any user in the docker group) not necessary dba on a container’s image, still can dump the root(mys…