Is there any way to not expose ENV, SERVER via phpinfo but keep getenv functionality in wp-config?

[maltris]

Old topic, but I found that the WORDPRESS_* envvars are still exposed via phpinfo. This can be fixed by setting clear_env in the fpm pool config, but I think this breaks the getent workings of wp-config-docker.php. Is there a way to rework this?

Personally I dont have a problem with separated stacks and no web-exposed phpinfo nor MySQL DB. However there are people who forget their info.php and actually use a web-exposed MySQL server, which puts their whole site at risk.

Maybe I am missing something, please enlighten me.

Best regards