The problem with this article is it assumes you control how an app wants secrets. In my stacks, I end up running a bunch of services that all have different configuration paradigms. This is why I wrote the dcsm to help me store encrypted secrets in git, template them into environment or config files, and need only to distribute the decryption key out of band.
https://igor.moomers.org/posts/secrets-in-docker-compose