Secrets in docker swarm

I am trying to deploy stacks using build-in secret management. I understand why secrets are not exposed as ENV vars, so:

What is the recommended way to use secrets in services not ready to read it from files?

As I understand a custom could read the file then export the secret as ENV var, but this approach:

  • is as unsafe as using ENVs directly
  • will require to manually customize mostly of images out there

So this seems the only solution for now:

but this means to customize every docker image not ready for *_FILE support