diff --git a/run.sh b/run.sh
index 20ee274d..44411f0f 100755
--- a/run.sh
+++ b/run.sh
@@ -46,6 +46,20 @@ if [ ! -z ${GF_AWS_PROFILES+x} ]; then
     chmod 600 "$GF_PATHS_HOME/.aws/credentials"
 fi
 
+# Convert all environment variables with names ending in _FILE into the content of
+# the file that they point at and use the name without the trailing _FILE.
+# This can be used to carry in Docker secrets.
+for VAR_NAME in $(env | grep '^GF_[^=]\+_FILE=.\+' | sed -r "s/([^=]*)_FILE=.*/\1/g"); do
+    VAR_NAME_FILE="$VAR_NAME"_FILE
+    if [ "${!VAR_NAME}" ]; then
+        echo >&2 "ERROR: Both $VAR_NAME and $VAR_NAME_FILE are set (but are exclusive)"
+        exit 1
+    fi
+    echo "Getting secret $VAR_NAME from ${!VAR_NAME_FILE}"
+    export "$VAR_NAME"="$(< "${!VAR_NAME_FILE}")"
+    unset "$VAR_NAME_FILE"
+done
+
 export HOME="$GF_PATHS_HOME"
 
 if [ ! -z "${GF_INSTALL_PLUGINS}" ]; then
@@ -65,4 +79,4 @@ exec grafana-server                                         \
   cfg:default.paths.data="$GF_PATHS_DATA"                   \
   cfg:default.paths.logs="$GF_PATHS_LOGS"                   \
   cfg:default.paths.plugins="$GF_PATHS_PLUGINS"             \
-  cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"
\ No newline at end of file
+  cfg:default.paths.provisioning="$GF_PATHS_PROVISIONING"