diff --git a/roles/service/meta/argument_specs.yaml b/roles/service/meta/argument_specs.yaml
index daa81e2..37f8a31 100644
--- a/roles/service/meta/argument_specs.yaml
+++ b/roles/service/meta/argument_specs.yaml
@@ -169,10 +169,10 @@ argument_specs:
         description:
           - Database type to set up.
           - >
-            It will be run in a docker container accessible to the service at
+            It will be run in a container accessible to the service at
             host {{ service_name }}-{{ service_database_type }} on the default port.
           - The database user will be {{ service_name }}
-          - The password will be accessible as secret at /run/secrets/{{ service_name }}-{{ service_database_type }}
+          - The password will be accessible as secret at /run/secrets/{{ service_database_type }}
           - >
             The password will also be available as the
             service_podman_secrets['{{ service_name }}-{{ service_database_type }}'] variable.
diff --git a/roles/service/tasks/database.yaml b/roles/service/tasks/database.yaml
index b1fc241..18ae880 100644
--- a/roles/service/tasks/database.yaml
+++ b/roles/service/tasks/database.yaml
@@ -13,8 +13,9 @@
       - "{{ service_name }}"
     container_secrets:
       - name: "{{ _service_database_name }}"
+        target: "{{ service_database_type }}"
     container_env:
       POSTGRES_USER: "{{ service_name | replace('-', '_') }}"
-      POSTGRES_PASSWORD_FILE: "/run/secrets/{{ _service_database_name }}"
+      POSTGRES_PASSWORD_FILE: "/run/secrets/{{ service_database_type }}"
       POSTGRES_INITDB_ARGS: "--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
     container_auto_update: "{{ service_auto_update }}"
diff --git a/roles/service/vars/main.yaml b/roles/service/vars/main.yaml
index 6a88b6a..4959147 100644
--- a/roles/service/vars/main.yaml
+++ b/roles/service/vars/main.yaml
@@ -8,13 +8,17 @@ _service_database_name: "{{ service_name }}-{{ service_database_type }}"
 _service_container_secrets: >
   {{
     service_container_secrets
-      | zip(service_container_secrets
-        | map(attribute='name')
-        | map('regex_replace', '^', service_name ~ '-')
-        | map('community.general.dict_kv', 'name')
+      | map(attribute='name')
+      | map('community.general.dict_kv', 'target')
+      | zip(
+        service_container_secrets,
+        service_container_secrets
+          | map(attribute='name')
+          | map('regex_replace', '^', service_name ~ '-')
+          | map('community.general.dict_kv', 'name')
         )
       | map('combine')
-    + ([{'name': _service_database_name }] if _service_setup_database else [])
+      + ([{'name': _service_database_name, 'target': service_database_type }] if _service_setup_database else [])
   }}
 
 _service_container_requires: "{{ service_requires + ([_service_database_name + '.service'] if _service_setup_database else []) }}"