Kubernetes supports mounting secrets as data volumes or as environment variables. It is reasonably common for application code to log out its environment (particularly in the event of an error). This will include any secret values passed in as environment variables, so secrets can easily be exposed to any user or entity who has access to the logs. Orca has detected that the controller {K8sController} creates containers that use secrets mounted as environment variables.
Recommended Mitigation
Rewrite application code to read secrets from mounted secret files, rather than from environment variables, and change the mounting method of the secret.
Lateral movement