I have worked on a Java app that takes a shell script as an input argument and executes it. I'm using the following block to prepare the environment:
ProcessBuilder pb = new ProcessBuilder("/bin/bash", scriptFile);
Map<String, String> env = pb.environment();
env.putAll(environmentVariable);
Process awk = pb.inheritIO().start();
awk.waitFor();
awk.destroy();
In the above code block, environmentVariable is a Map that holds some sensitive data which would later be used by the script.
My understanding of ProcessBuilder#environment() is that it provides environment for only that sub-process. The changes you do to that environment affects that sub-process alone. I have verified it by going through the Javadoc of ProcessBuilder#environment()
Now my question is, at the end of this operation i.e. when awk.destroy() gets called, will the environment be wiped along with all the sensitive variables that I've put or is it better to manually wipe the environment variables map with env.remove(SENSITIVE_VARIABLE_KEY) or env.putAll(new HashMap<String, String>)
process.destroy won't clean the system env on the ProcessBuilder. You can still use the same PB object to start new processes, well with the same env map.
I don't understand your requirement, why you want to remove the env entry. If after your awk process, you don't use the pb object anymore, and there is no reference to it, java will garbage collect it. I don't see what brings you by removing the sensitive entries from the map. You have anyway another java variable environmentVariable holding your sensitive data.
For your question, if you want to remove some data, you can use map.remove() if you want to clean the map, you can do pb.environment().clear(). But if you have done this, when you start a new process with the pb, it will use the modified env-map.