I'm running a deployment with an application that requires a bootstrap launcher script be run that runs docker commands (Discourse). The discourse container connects to the docker daemon fine unencrypted @ localhost:2375, but the launcher script runs a docker container that subsequently runs a git pull command via https, which fails since the traffic from the docker in docker daemon sidecar isn't encrypted with TLS.

I set out to encrypt with TLS, but quickly realized I can't simply provide the openssl commands to the containers command entrypoint since they require passwords to generate the CA, server, and client certificate keys.

That being the case, is there any way to encrypt traffic in this manner?