Secrets are an after thought in docker. When I first started using docker I was surprised at how _rubbish_ it was
I've found its best to use the secrets provider that comes with your cloud provider.
For AWS using SSM's get_parameter seems the best thing. But it means you need to find a custom shim to put in your container that will go and fetch the secrets and put them somewhere they are needed.
There’s also Secrets Manager which integrates with other services and has hooks for custom secret-fetching and rotation, so your application doesn’t need to.
I've found its best to use the secrets provider that comes with your cloud provider.
For AWS using SSM's get_parameter seems the best thing. But it means you need to find a custom shim to put in your container that will go and fetch the secrets and put them somewhere they are needed.