Restrict access to /run/secrets

Is there a way to restrict access to the /run/secrets?

For example, after executing ‘docker exec -t <container_name> cat /run/secrets/<my_secret>’, the content of my_secret is exposed. I’d like to configure the secrets so only the container (application) has access.

Can this be done?

The command you quoted gets a root shell in the container. How would you limit access?

(P.S.: remember that the ability to run docker commands implies unrestricted root access on the host, and given that there are probably several more or less sneaky ways to recover the secrets as well)