diff --git a/pki/helm.go b/pki/helm.go
index 817c1bf4..852e5aa4 100644
--- a/pki/helm.go
+++ b/pki/helm.go
@@ -21,8 +21,14 @@ type helmVariables struct {
 	Provisioners []provisioner.Interface
 }
 
+// WriteHelmTemplate a helm template to configure the
+// smallstep/step-certificates helm chart.
 func (p *PKI) WriteHelmTemplate(w io.Writer) error {
-	tmpl, err := template.New("helm").Funcs(sprig.TxtFuncMap()).Parse(helmTemplate)
+	funcs := sprig.TxtFuncMap()
+	delete(funcs, "env")
+	delete(funcs, "expandenv")
+
+	tmpl, err := template.New("helm").Funcs(funcs).Parse(helmTemplate)
 	if err != nil {
 		return errors.Wrap(err, "error writing helm template")
 	}
diff --git a/templates/templates.go b/templates/templates.go
index 16e891d9..8f10d8a4 100644
--- a/templates/templates.go
+++ b/templates/templates.go
@@ -183,7 +183,7 @@ func (t *Template) Load() error {
 // the template fails.
 func (t *Template) LoadBytes(b []byte) error {
 	t.backfill(b)
-	tmpl, err := template.New(t.Name).Funcs(sprig.TxtFuncMap()).Parse(string(b))
+	tmpl, err := template.New(t.Name).Funcs(getFuncMap()).Parse(string(b))
 	if err != nil {
 		return errors.Wrapf(err, "error parsing template %s", t.Name)
 	}
@@ -270,3 +270,12 @@ func mkdir(path string, perm os.FileMode) error {
 	}
 	return nil
 }
+
+// getFuncMap returns sprig.TxtFuncMap but removing the "env" and "expandenv"
+// functions to avoid any leak of information.
+func getFuncMap() template.FuncMap {
+	m := sprig.TxtFuncMap()
+	delete(m, "env")
+	delete(m, "expandenv")
+	return m
+}