I suspect this is a case where a patch would be welcome to change the default mode of operation for that.
But that being said, we're just trading a risk off here.
For example, a restricted file for a service in a container can be harder to get to, but then any administrative user for a conductor could then also pull the environment variables from the system.
The risk fundamentally seems the same, and in either case other users should not be present on the system where a conductor service operates.
I suspect this is a case where a patch would be welcome to change the default mode of operation for that.
But that being said, we're just trading a risk off here.
For example, a restricted file for a service in a container can be harder to get to, but then any administrative user for a conductor could then also pull the environment variables from the system.
The risk fundamentally seems the same, and in either case other users should not be present on the system where a conductor service operates.