Secure way to pass consul-encryption-key in consul-agent container


I am running consul-agent as a sidecar container in my ECS fargate task(pod). The consul-master in on ec2 servers inside the same network. For the agent-master gossip encryption, I am using the consul-encryption-key. I am passing that encryption key as follows in the parameter:

consul agent ..... -encrypt $env_var_consul_key .....

When I checked for the running consul process inside the container with docker exec, I have found that consul-encryption-key was showing unencrypted there. I am afraid that exposing that key is not a good idea. Will there be any other safe and secure ways to use the consul encryption key there?

Any suggestion/feedback is appreciated.