It would be a nice security improvement if, in addition to the ROCKETCHAT_PASSWORD variable, an alternative ROCKETCHAT_PASSWORD_FILE variable could be defined that points to a file in which the password is stored.
This allows defining a docker secret and having this new variable point to it, e.g., ROCKETCHAT_PASSWORD_FILE=/run/secrets/rocketchat_hubot_password. It is also in line with the best practice, and applied by several docker images, for instance postgres.
It would be a nice security improvement if, in addition to the
ROCKETCHAT_PASSWORDvariable, an alternativeROCKETCHAT_PASSWORD_FILEvariable could be defined that points to a file in which the password is stored.This allows defining a docker secret and having this new variable point to it, e.g.,
ROCKETCHAT_PASSWORD_FILE=/run/secrets/rocketchat_hubot_password. It is also in line with the best practice, and applied by several docker images, for instance postgres.