Hi @miksir thanks for your changes, they definitely make sense!
But what do you think about configuring the whole temp folder instead? I think it would be more flexible/helpful

IMHO no. TEMP folder is for temporary files which is safe to delete. Temporary files should not change application behavior if removed. But files with any kind of state - it's not temporary file. In point of linux directories view - it's or /etc (config) or /var. IMHO it's much closer to config, many frameworks even has config option "secret key" for hmac signing.

Hmm, maybe Script server should store the secret file in the config folder then?

May be :) as for me - separate path is better because conf folder mounted as ro volume to container

ok :)