It’s a design choice.

I wrote something about secrets here: Docker Secrets + security_opt - #2 by meyay.

With secrets in environment variables, you must make sure your containerized application does not accidentally leak those environment variables. For instance, a spring boot application using the actuator endpoint, could be misconfigured in a way that it’s possible to query the environment variables. This could be helpful during development, but a catastrophe in production. This wouldn’t happen if the application parses the secret file itself. Of course this does not stop individuals from exposing the secrets themselves.

@rimelek wrote about env files here: WARN[0000] The "Dir_Conf_n5105" variable is not set. Defaulting to a blank string - #3 by rimelek. Make sure to follow the link to the quoted resource at the end of the post.