Instead, use (in Swarm mode) or Kubernetes Secrets . You mount the .secrets file as a temporary, in-memory filesystem (tmpfs) that never touches the disk.
If you take only one thing away from this article, remember this: .secrets
If you have ever worked with Docker, Ansible, or any modern CI/CD pipeline (GitHub Actions, GitLab CI), you have likely encountered this file. But are you using it correctly? Or are you simply treating it as a glorified .env file? Instead, use (in Swarm mode) or Kubernetes Secrets