Is there an alternative way to specify

FLYTE_AWS_SECRET_ACCESS_KEY

not as env var so that this secret is not visible to anyone who can see get the pod details?

You could mount the secret as a volume instead and add a startup hook (postInit) to read the file and export it as an env var perhaps?