The documentation of docker config states that docker config can not writable:
mode: The permissions for the file that is mounted within the service’s task containers, in octal notation. For instance, 0444 represents world-readable. The default is 0444. Configs cannot be writable because they are mounted in a temporary filesystem, so if you set the writable bit, it is ignored. The executable bit can be set. If you aren’t familiar with UNIX file permission modes, you may find this permissions calculator useful.
I understand that writing to tmpfs is not pressistent if the docker is restarted, buy why being mounted to a temporary filesystem prevent the file from being writeable?