How do you manage Docker secrets?

Now that you put secrets into .dockerignore

# .dockerignore
.env

How do you ensure the secrets is available?

• Building docker build -t tag --build-arg SECRET_ENV ., with ARG SECRET_ENV in Dockerfile
• Running docker run -e SECRET_ENV tag

Or, do you use docker secrets?

What do you recommend?

BTW, I thought Oh-My-Zsh dotenv plugin is the end, but it is not yet for Docker...