Currently, if using an external database, an environment property for setting the database password can be leveraged.
A better way would be to use Docker secrets. The official PostgreSQL image show cases how that can be achieved. They leave the choice to the user to provide the password via env property or secret definition.
More details can be found here: docker-library/postgres#111