diff --git a/README.md b/README.md
index 8b0eeb1..887ea5d 100644
--- a/README.md
+++ b/README.md
@@ -58,6 +58,11 @@ read_only = true # Whether to use ro mode, optional
 key = "<SECRET KEY>" # Secret key used in `podman secret`
 target = "<TARGET SECRET FILE>" # Target secret filename in /var/run/secrets. Optional, defaults to the key
 
+# Between environment and secrets: get secret from Podman and set it as environment variable
+[[environment_secrets]]
+name = "<ENV VARIABLE>" # Target environment variable name
+secret = "<SECRET NAME>" # Secret key in `podman secret`
+
 # Optionally, you can configure a healthcheck
 [service.healthcheck]
 cmd = "<HEALTHCHECK COMMAND>" # The command or route to run/check
diff --git a/src/main.rs b/src/main.rs
index 44cf292..0e6f047 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -26,7 +26,12 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {
 
     // start_pre()
     script.push_str("start_pre() {\n");
-    script.push_str(&wrap(&format!("podman rm {} --ignore", config.service.name)));
+    let mut start_pre_commands = Vec::new();
+    if let Some(network) = &config.service.network {
+        start_pre_commands.push(format!("podman network create {} --ignore;", network));
+    }
+    start_pre_commands.push(format!("podman rm {} --ignore;", config.service.name));
+    script.push_str(&wrap(&start_pre_commands.join("\n")));
     script.push_str("\n}\n\n");
     // }
 
@@ -66,6 +71,10 @@ pub fn generate_openrc(config: &ServiceConfig) -> String {
         arguments.push(format!("--env {}='{}'", key, value));
     }
 
+    for secret in &config.environment_secrets {
+        arguments.push(format!("--env {}='$(podman secret inspect --showsecret --format {{.SecretData}} {})'", secret.name, secret.secret));
+    }
+
     for volume in &config.volumes {
         arguments.push(format!("--volume {}:{}", &volume.volume, &volume.path));
     }
diff --git a/src/service.rs b/src/service.rs
index d6b8f79..3802b8b 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -12,6 +12,9 @@ pub struct ServiceConfig {
     #[serde(default)]
     pub environment: HashMap<String, String>,
 
+    #[serde(default)]
+    pub environment_secrets: Vec<EnvironmentSecret>,
+
     #[serde(default)]
     pub ports: Vec<PortMapping>,
 
@@ -48,6 +51,12 @@ pub struct Secret {
     pub target: Option<String>
 }
 
+#[derive(Debug, Deserialize)]
+pub struct EnvironmentSecret {
+    pub name: String,
+    pub secret: String
+}
+
 #[derive(Debug, Deserialize)]
 pub struct PortMapping {
     pub host: u16,