Mount secrets as files

Is there a way to mount a secret as a file on disk?
I haven’t found a way to do this in documentation or in this forum.

Ideally, all apps should be able to take secrets using environment variables but if I’m using a third-party app that can’t, having this feature would help significantly.

Is there a workaround for such case?

One way to do this is to use a ENTRYPOINT script (defined in your Dockerfile) to write a few needed secrets to a file so the application can use it.

I’m assuming you’re using the Docker-based setup to deploy rather than something like a Heroku buildpack. Let us know if I’m wrong there.

Yep, that is what I’m doing now. I was wondering if there was another way out.