.secrets Review

version: "3.9" services: web: build: . env_file: - .secrets # injected into container at runtime ports: - "8000:8000"

# 1️⃣ Ensure the file exists and is chmod 600 touch .secrets && chmod 600 .secrets .secrets

# 2️⃣ Add your key/value pairs echo "DB_PASSWORD=SuperSecret123!" >> .secrets version: "3

my‑project/ │ ├─ src/ ├─ tests/ ├─ .gitignore └─ .. (outside) .secrets Add a rule to your .gitignore (or the ignore file of whatever VCS you use): .secrets