I am running consul-agent as a sidecar container in my ECS fargate task(pod). The consul-master in on ec2 servers inside the same network. For the agent-master gossip encryption, I am using the consul-encryption-key. I am passing that encryption key as follows in the parameter:
consul agent ..... -encrypt $env_var_consul_key .....
When I checked for the running consul process inside the container with docker exec, I have found that consul-encryption-key was showing unencrypted there. I am afraid that exposing that key is not a good idea. Will there be any other safe and secure ways to use the consul encryption key there?
Any suggestion/feedback is appreciated.