Why is using MYSQL_PWD considered insecure? I thought environment variables were private, unlike command-line arguments

  docker, environment-variables, mysql, shell

In MySQL documentation, it said that use of MYSQL_PWD is extremely insecure because other users can inspect the environment of a running process, and thus this feature is deprecated. I thought environment variables were private to the user (and root), unlike command-line arguments, which are public. I assumed this was also why most official Docker images can be configured through environment variables. If this feature is removed, it would be rather inconvenient for using the MySQL shell of the official Docker image when a script is passed on standard input and the credentials cannot be leaked on the command-line (out of scope for this question)

Are environment variables visible to other users? Should credentials only ever be transferred as files?

Source: Docker Questions

LEAVE A COMMENT