docker · aevesdocker · Jan 8, 2025 · Jan 7, 2025
@@ -17,6 +17,8 @@ Environment variables are often available to all processes, and it can be diffic
 
 ## Use secrets
 
+Secrets are mounted as a file in `/run/secrets/<secret_name>` inside the container.
+
 Getting a secret into a container is a two-step process. First, define the secret using the [top-level secrets element in your Compose file](/reference/compose-file/secrets.md). Next, update your service definitions to reference the secrets they require with the [secrets attribute](/reference/compose-file/services.md#secrets). Compose grants access to secrets on a per-service basis.
 
 Unlike the other methods, this permits granular access control within a service container via standard filesystem permissions.

diff --git a/content/reference/compose-file/secrets.md b/content/reference/compose-file/secrets.md
@@ -15,7 +15,7 @@ The top-level `secrets` declaration defines or references sensitive data that is
 application. The source of the secret is either `file` or `environment`.
 
 - `file`: The secret is created with the contents of the file at the specified path.
-- `environment`: The secret is created with the value of an environment variable. 
+- `environment`: The secret is created with the value of an environment variable on the host.
 
 ## Example 1