Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Linux does not hide process environments, you can cat /proc/[pid]/environ to read them. It is not a good way to pass secrets.


True, but people do it anyway and a large number of applications are preconfigured to use them. But to the point, the same tool that hides the secret and encrypts the variable in 'docker inspect' will also show it as encrypted in /proc/[pid]/environ as well.


That would be a kernel patch then. Good luck getting that upstream.


On mobile so no URLs, etc, but cf. "hidepid" mount option for /proc.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: