I am learning about environmental variables. I know for example that if I have a secret password I should not code it inside of my code.
From what I understood is that a .env file should be used to load the secrets and environmental variables.
An even more secure way to store the variables is to do it as CLI variables using the set command.
The reason of all of this is to avoid that your password and sensitive data is not exposed to non-authorized people.
Let's now say I create a website which has some API secrets stored as CLI variables, and a hacker is able to access my server, he could easily find out the API secrets and passwords by just typing the command printenv on the CLI.
What is the advantage of using CLI variables over storing them in .env file? How can I make sure that these variables are hiding even to strange users.