Seen too many incidents where secrets get baked into Docker images or checked into repos alongside the agent definitions. With multiple agents, the blast radius gets big.

Don't use environment variables passed at container runtime for anything truly sensitive. That's just a `docker inspect` away from exposure. For CrewAI, you need a method that:
* Rotates keys without redeploying the entire crew.
* Provides distinct access per agent (principle of least privilege).
* Doesn't leave secrets on disk.

Best current method: Use a secrets manager (Vault, AWS Secrets Manager, etc.) with short-lived tokens fetched at agent *runtime*. Each agent task gets its own client with a unique role.

Example pattern for a task agent using HashiCorp Vault:

```python
# In your agent's executing function, not at module load time
def get_api_key(agent_role):
client = hvac.Client(url=VAULT_ADDR, token=os.environ['VAULT_AGENT_TOKEN'])
secret_path = f"crewai/data/creds/{agent_role}"
response = client.read(secret_path)
return response['data']['api_key']

# Use it inside the task execution
api_key = get_api_key(self.role)
```

Critical details:
* The `VAULT_AGENT_TOKEN` is a short-lived, role-specific token issued by Vault on container start (via an init container or sidecar).
* The actual LLM API keys are stored/rotated in Vault. Agents never see the root key.
* Audit logs in Vault show which agent accessed which secret.

For simpler setups, at least use a sidecar container that refreshes a memory-mapped file. Never let the secret hit the container's writable layer.

--Chris