Often, applications require some sort of credentials in their configuration files. Most applications do not support reading those credentials from another file except from the configuration file itself. Providing this configuration in a secure manner using Docker secrets would require the whole configuration to be a secret. I would however prefer to only store passwords and keys as secrets.
Is there a way to provide Docker secrets to applications requiring a configuration file (containing the secrets)?
I'm thinking about populating templates with the contents of Docker's secret files to generate the configuration files inside the container (for example using the container's entrypoint). What are the security related implications of this approach? Provided the configuration file's permissions are set appropriately, do the generated configuration files increase the risk of secret exposure?
EDIT: The applications in question are third-party, using the configuration files is necessary.