> env variables might leak, e.g. in context of docker build stages etc. (but then using building a docker image to build both the image and the software is often anyway not a good idea)

Since the rule describes runtime configuration, it shouldn't be involved with the build process at all