docker-compose secrets without swarm

I don't want to use docker secrets with swarm and I discovered that it's possible to do that. Basically docker just mounts /run/secrets inside docker container, but when I enter the newly built docker container and do echo $POSTGRES_PASSWORD_FILE I get the path to my secret file.

root@94a0f092eeb1:/# echo $POSTGRES_PASSWORD_FILE
/run/secrets/db_password

Here is my docker-compose.yml file

version: '3.1'
services:
    postgres:
        image: postgres:9.4
        container_name: postgres
        environment:
            POSTGRES_USER: "db_user"
            POSTGRES_PASSWORD_FILE: /run/secrets/db_password
            POSTGRES_DB: "my_db"
        secrets:
          - db_password
        volumes:
            - ./postgres:/var/lib/postgresql/data
        expose:
            - 5432
secrets:
   db_password:
     file: ./POSTGRES_PASSWORD.txt

Is my password set correctly/ Is there something wrong with my file?

@stackoverflowed: From security perspective, not too secure. Just wanted to know if it's possible to do all of this without docker swarm

it also means that you can now push your docker-compose.yml in your git repo without your password in it

I'm interested in the concept. It seems that the same could be accomplished through a .env file in .gitignore. The more interesting question is how to share these secrets with your team.

In all the examples I have gone through never found a sample for secret file for multiple secrets key-value pair. Is this a possibility for multiple parameters in one secret file?

@JinnaBalu unless the image you’re using supports reading multiple parameters from one file / env variable, no.

It should support

This works but the local file has to have very broad permissions to ensure that the Postgres container user can read it. That defeats the purpose of making it secret.