Continuous Integration

Is there some secret variable generator in nature for Docker or just for some projects?

From the title, it's probably not too clear what I mean, so I'll explain.
Situation:
There are a number of services running in production in Docker, each separately. They need some environment variables, on the basis of which some cryptography will occur in them. Let it be 1 variable, let's call it APP_SECRET. It can be generated in two ways: manually, periodically updating a certain conditional .env file (or writing it somewhere else, from where the code can later find it) in each project, and automatically, also in each project.
The variable must be constant, known within only one project (that is, it is not some kind of shared secret), and repeatable for the same CI / CD build of the project. Well, that is, tied to the update date of a certain lock file inside the project, for example.
Manually - the cons are clear. Obviously, it will be generated less often, it is not clear how, it is not clear where and when and how it can leak.
Automatic - here the advantages are clear. Generation can be tied to each assembly in CI/CD. The algorithm will be known, and if it is chosen correctly, then the values ​​it generates are safe.
Question:
Are there any tools, both for Docker and just for some projects (but only in PHP), that are capable of generating the described above variable, and then write it to .env, for example?
PS: it is clear that you can write this yourself, in a dozen different ways, but if there are already ready-made tools, then I would prefer to at least study them first.