Secrets for docker-compose services

I am new to Vault and try to wrap my head around the following challenge:

I am running several services with docker-compose (not in Kubernetes, just plain Docker). Quite a few of these services are coming straight from Docker Hub and are maintained by others. In order to configure some of these services, I need to provide secrets (e.g. API keys or database credentials). For some of these services, it is done through environment variables, for some other services I need to provide the secrets in configuration files.

What is to best way to use Vault for managing these secrets? Can I inject secrets into environment variables or into configuration files somehow? Or is there a better way to deal with this scenario?

For injecting the secrets into files you could use Vault Agent Templates: https://www.vaultproject.io/docs/agent/template/index.html

And vaultenv from https://github.com/channable/vaultenv
seams to be similar to the known envconsul for using environment variables.

I am facing the same challenge while working on a side project. I have managed to run envconsul container to pull the secret from Vault and expose it as an environment variable.
I still didn’t figure out how to populate the VAULT_TOKEN environment variable. The value is stored in a local file. Looking for a way to extract it…

Thanks. I am aware of those options. Didn’t find a good solution yet. The current approach, I took, is wrapping the docker-compose with a script which read the secret from VAULT without of envconsul. Any other ideas?