diff --git a/docker/docker-entrypoint.sh b/docker/docker-entrypoint.sh
index f58b9bf..f108368 100755
--- a/docker/docker-entrypoint.sh
+++ b/docker/docker-entrypoint.sh
@@ -1,6 +1,49 @@
 #!/bin/bash
 set -e
 
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# Make all environment variables to be used with Docker secrets
+
+file_env 'SUPERUSER_NAME'
+file_env 'SUPERUSER_EMAIL'
+file_env 'SUPERUSER_PASSWORD'
+file_env 'SUPERUSER_API_TOKEN'
+file_env 'ALLOWED_HOSTS'
+file_env 'DB_NAME'
+file_env 'DB_USER'
+file_env 'DB_PASSWORD'
+file_env 'DB_HOST'
+file_env 'SECRET_KEY'
+file_env 'EMAIL_SERVER'
+file_env 'EMAIL_PORT'
+file_env 'EMAIL_USERNAME'
+file_env 'EMAIL_PASSWORD'
+file_env 'EMAIL_TIMEOUT'
+file_env 'EMAIL_FROM'
+file_env 'NETBOX_USERNAME'
+file_env 'NETBOX_PASSWORD'
+
 # wait shortly and then run db migrations (retry on error)
 while ! ./manage.py migrate 2>&1; do
   echo "⏳ Waiting on DB..."