Please don't use environment variables to store secrets. There are to many angles - as stated by others - where this data may leak into files or processes.
I would propose to use just one folder like /secret and put your config files in there. Exclude this folder from backup on all relevant hosts.
Then spend your time on security of your hosts, applications (OWASP) and monitoring / alerting. Something that you have to do anyway.
I would propose to use just one folder like /secret and put your config files in there. Exclude this folder from backup on all relevant hosts.
Then spend your time on security of your hosts, applications (OWASP) and monitoring / alerting. Something that you have to do anyway.