• Passing passwords via command line arguments: Benefits: fast and easy to type out for quick testing. Drawbacks: Highly insecure. Passwords are saved in the .bash_history and are fully visible to any other user running the `ps` command. They also leak through `docker inspect` • Passing passwords via an environment variable: Benefits: Better than CLI arguments because they hide the secret from the ps process list. Drawbacks: Still exposed. Anyone with access to docker can view them using `docker inspect`. • Passing passwords via a file: Benefits: The secrets do not show up in the `ps` process list or in the docker inspect metadata. Access to the file on the host can also be limited using chmod. Drawbacks: Leaves a plaintext file on the physical hard drive, requiring manual cleanup.