Docker Secrets in Environments (without compose or swarm)

I don’t know how secure hashicorp vault and docker secrets are if i use “docker run…” with (as example) mysql credentials (environments) for user, password, database etc.

docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -d mysql:tag

I know the environment secrets will be hashed in vault, but with “docker inspect” etc. or in the running container you can see the secret.

What i want to know is:
-When i will the the secret unhashed, in clear?
-For security risk… It’s not possible to use this hashed secrets for mysql commandline to connect to the database?
-Is vault decrypt the hashed secret in background or how it works? Let’s say to add a product in a onlineshop - in background the shop-system need access to the database.

Do you know a good video tutorial about vault and docker run command for environment secrets?