Which of the following is a best practice for storing sensitive data like passwords in Kubernetes?
Secrets are designed for sensitive data, and mounting as volumes is more secure than environment variables (avoids exposure in process listing).
Why this answer
Mounting Secrets as volumes is recommended over environment variables because they are not exposed in container environment or command output. Secrets themselves are base64 encoded but not encrypted by default; enabling encryption at rest adds another layer.