Not all env vars passed will be secrets, but many will be. It's probably best to just use Kubernetes secrets.