We use this technique for the simplicity of having a single source of truth for all app configuration that's easy to manage & reason about.
We deploy with our apps with Docker & use Chef to provision the metal.
- The canonical source of secrets.yml lives in our Chef setup
- Chef copies the secrets.yml file to all servers in the cluster
- Docker containers mount the directory where secrets.yml is kept
- On startup, the containers copy secrets.yml to APP/config/secrets.yml then start the app
It's working nicely for us & removes the cognitive load of having configs spread across multiple files & environment variables. YMMV