I don’t see why not. It’d require manual intervention before you booted the docker image, however. I’d use gocryptfs for this. It’s nice & lightweight. It also happens to use the same cryptography as Kopia.
After you remove whatever is hard coded for KOPIA_PASSWORD from the docker compose file, subsequent launches should just be fired via $HOME/bin/get-creds-kopia.sh (you might want to set a bash alias).
#!/usr/bin/env bash
# the path to the encrypted gocryptfs dir
CRED_ENC="/path/cred.enc"
# path where unencrypted creds will be mounted
MNT="/media/vault/cred"
# create the mount point if it doesn't exist
# otherwise continue
mkdir -p "$MNT"
# mount the encrypted dir to the mount point
# this will prompt you for the password
gocryptfs "$CRED_ENC" "$MNT"
# read the path to the mounted, unencrypted creds for kopia
# ensure there is only _one_ 'kopia.YOURPASSWORD' file
CRED_MNT="$(ls $MNT/kopia.*)"
# extract the password from the filename
export KOPIA_PASSWORD="$(printf $CRED_MNT | cut -d '.' -f 2)"
# unmount the cred mount point now that the password is exported
umount "$MNT"
# don't use 'exit 0' or it will revoke the exported variable after successfully exiting.
# you could try the command to launch the docker image here, too. if you do, be
# sure to end the command with ' &' (note the space) to return control of the shell
# back to you.
Then fire the docker image as usual. That should do it (note: I do not use Docker).