Who in the world, thinks put all security access for a system application or toolset in a plain unencrypted text like pg_hba.conf, web.config or ggg.json is the best security method for access? Who thinks put your keys in an environment variable is the better secure way.