.secrets Link

# Secrets .secrets .secrets.* (using an env file)

version: "3.9" services: web: build: . env_file: - .secrets # injected into container at runtime ports: - "8000:8000"

my‑project/ │ ├─ src/ ├─ tests/ ├─ .gitignore └─ .. (outside) .secrets Add a rule to your .gitignore (or the ignore file of whatever VCS you use):

# 2️⃣ Add your key/value pairs echo "DB_PASSWORD=SuperSecret123!" >> .secrets

# 1️⃣ Ensure the file exists and is chmod 600 touch .secrets && chmod 600 .secrets

# .gitignore .secrets .secrets/ .secrets.* If you’re using a :

/.secrets/ After adding the rule, run git status to verify that the file is listed under “untracked files” and not under “changes to be committed”. 5. Load the secrets in your code Below are examples for several popular languages/frameworks.

3C64697620636C6173733D22696D616765223E3C6120687265663D226164632D76633832362D616C61726D2D636F6D2D696E646F6F722D6F7574646F6F722D646F6D652D73656375726974792D63616D6572612E68746D6C223E3C696D67207372633D2268747470733A2F2F732E7475726269667963646E2E636F6D2F6161682F796873742D35313735363633353539363033322F6164632D76633832362D616C61726D2D636F6D2D696E646F6F722D6F7574646F6F722D31303830702D646F6D652D706F652D73656375726974792D63616D6572612D34352E706E67222077696474683D2232343022206865696768743D223234302220626F726465723D223022206873706163653D223022207673706163653D22302220616C743D224144432D5643383236202D20416C61726D2E636F6D20496E646F6F722F4F7574646F6F7220313038307020446F6D6520506F452053656375726974792043616D65726122202F3E3C2F613E3C2F6469763E3C64697620636C6173733D226E616D65223E3C6120687265663D226164632D76633832362D616C61726D2D636F6D2D696E646F6F722D6F7574646F6F722D646F6D652D73656375726974792D63616D6572612E68746D6C22207469746C653D224144432D5643383236202D20416C61726D2E636F6D20496E646F6F722F4F7574646F6F7220313038307020446F6D6520506F452053656375726974792043616D657261223E4144432D5643383236202D20416C61726D2E636F6D20496E646F6F722F4F7574646F6F7220313038307020446F6D6520506F452053656375726974792043616D6572613C2F613E3C2F6469763E