Why should I use Docker Secrets?

For the last few months I've managed passwords for my docker containers by putting them in the ENV variables.

Example:

web:
  environment:
    - PASSWORD=123456

Then I bumped into Docker Secrets. So my questions are:

Which are the reasons why I should use them?
Are they more secure? How?
Can you provide a simple example to show their functionalities?

Solution

It depends on a use case.

If you're running one application on your own machine for development that accesses just one secret, you don't need docker secrets.

If you're running dozens of machines in production with a dozen of clustered services all requiring secrets for each other, you do need the secret management.

Apart from security concern, it's just plain easier to have a standardized way of accessing, creating and removing your secrets.

How to list all the removable devices with DBus and UDisks2?
gobject/gnome/glib bindings for D using GIR?
How do nested functions get compiled?
The "this" pointer and message receiving in D
64-bit executables with DMD
GtkD with D lang on Fedora
Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
How to use MongoItemWriter to write a List<T>
Why a function with protected modifier can be overridden and accessible every where?
Convert Unicode const(uint)* to a dlang character type
Compiling D with Code::Blocks
DMD vs. GDC vs. LDC
Rendering a font in raylib using freetype
Digital Mars D compiler; acquiring ASM output
D Programming: openssl rsa forward reference compiler error
D compiler DMD doesn't link object files
OPTLINK: Warning 23: No Stack
Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
Is this the right way to combine Garbage collected with none Garbage collected code in D
D compiler (Digital Mars D Compiler) throwing error
Which D Compiler to Use?
Splitting a string treating multiple whitespace as one separator
Proper way of passing array parameters to D functions
Detailed Valgrind internals documentation
Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
Iterate over key/value pairs in associative array in D.
Dlang associative array of an array of strings keyed by a string has unexpected behavior
How to repeat a statement N times (simple loop)
Is worth the effort to learn D?
ld: undefined reference to object I can see in objdump