if that's the case, then only a team lead / most senior dev should have prod secrets. and I would prefer to be very low tech in terms of secrets management.
definitely not passing secrets in ENV (cause any process can access ENV and exfiltrate) or as command line argument (cause they will be logged as all tty commands are)
definitely not passing secrets in ENV (cause any process can access ENV and exfiltrate) or as command line argument (cause they will be logged as all tty commands are)