It would be nice if this container supported the env var MYSQL_PASSWORD_FILE, which would name a file from which the password would be read from. This would make it possible to use docker secrets files to move the password into the container rather than having to use (potentially easier to leak) env vars. This is the same approach taken by e.g. the mariadb container itself.
For completeness, some of the other variables could also get a _FILE equivalent (like mariadb does), but the password is the most relevant one of course.
It would be nice if this container supported the env var MYSQL_PASSWORD_FILE, which would name a file from which the password would be read from. This would make it possible to use docker secrets files to move the password into the container rather than having to use (potentially easier to leak) env vars. This is the same approach taken by e.g. the mariadb container itself.
For completeness, some of the other variables could also get a _FILE equivalent (like mariadb does), but the password is the most relevant one of course.