Support docker-secrets

[tribela]

Pitch

In docker swarm mode, it doesn't use env_file, And use docker secrets.
It stores secret variable into /run/secrets/<secret name> file

Many apps(For example, minio) support this, And fallback to env var is backward compatible

Motivation

Mastodon supports docker-compose, heroku, nanobox. Why not on docker swarm mode?

[raeffs]

I would love to have that feature too.

As mentioned, a lot of apps support this for passwords and other secrets that can be set via environment variables. For example, if they know a variable DB_PASS they also look for a variable DB_PASS_FILE and if it is set, they load the password/secret from the configured file and ignore DB_PASS. This way secrets can be mounted via file and don't need to be set as environment variables. That works not only with docker swarm, but also docker compose and of course more mature container orchestration tools.

Authelia has a, in my opinion, very good description of that: https://www.authelia.com/configuration/methods/secrets/