How do I share secret key files with Docker containers following 12 Factor App?


I am building an API and trying to follow the 12 Factor App methodology. Using Docker, the methodology says containers must be disposable.

Assuming the API will have high traffic, multiple docker containers will be running with the same app, connecting to the same database.

Certain fields in the database are encrypted and stored with a reference to the file containing the passphrase. – This is done so the passphrase can be updated, and old data can still be decrypted.

With a Docker container and following 12 Factor App, how should I provide the key files to each of the containers?

Am I correct in assuming I would need a separate server to handle the creating of new key files and distributing them over the network?

Is there secure software, protocols or services that do this already, or would I need a custom solution?