Firstly, you should use the reference Connecting to SQL Server Database for creating SQL server user and password within docker container and apply security policies regarding password with the help of SQL Server Authentication - Modes and Setup.
Secondly, the challenge ” how can I move this password to an .env file or something similar where it is not stored as plain text?” faced by user in the given question can be solved using the reference: Login failed for user sa when i configure it through docker-compose · Issue #283 · microsoft/mssql-docker
Create a .env file: Store your sensitive data as key-value pairs in a .env file located in the same directory as your docker-compose.yml.
version: "3.8"
services:
my_service:
image: my_image
environment:
- DB_USER=${DB_USER}
- DB_PASSWORD=${DB_PASSWORD}
# In this example, DB_USER, and DB_PASSWORD are all values read from environment variables.
# Strict mode variables
environment:
API_KEY: ${API_KEY?err} # If not set, error "err" will be reported
Docker Compose will automatically load the .env file.
Docker Compose loads variables in the following order (later ones override earlier ones):
.env File (autoload)
Host environment variables
--env-file Specified files
environment Some directly defined values
Using Docker Secrets:
# ./secrets/db_password.txt
mypassword
docker-compose.yml: Use the secrets section to define the secret and its source.version: "3.8"
services:
my_service:
image: my_image
environment:
MYSQL_ROOT_PASSWORD_FILE: /run/secrets/mysql_root_password
secrets:
- mysql_root_password
secrets:
mysql_root_password:
file: ./secrets/db_password.txt
/run/secrets/<secret_name>. Your application should read the password from this path.For the full example of above codes follow this guide (PS: the guide page is in Chinese, try to translate it).