Secrets Leaked in Environment Variables

An application running in the staging namespace was deployed with a database password hardcoded in the Pod's env section. Your mission:

1. Refactor the deployment to use a Kubernetes Secret.
2. Ensure the password is no longer visible using kubectl describe pod.
3. Ensure the pod restarts with the same configuration and environment access.

Bonus: Check that the Secret is not mounted as a volume, only injected as an environment variable.