I'm wondering why storing creds in env variables as plain text is acceptable - e.g. they better be dynamically fetched from a secret manager with 2FA in the way