Preferably, put the variables into a temp file (e.g. using mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.
That way the critical information, like the passwords, at least only gets to live in volatile memory and won’t stick around on the host system after the reboot. That limits the exposure somewhat.
Preferably, put the variables into a temp file (e.g. using
mktemp) and bind-mount that file somewhere into the chroot directory, so you can source it from within that environment.That way the critical information, like the passwords, at least only gets to live in volatile memory and won’t stick around on the host system after the reboot. That limits the exposure somewhat.