Remove Read-Permission for group and other of authtoken files
It seems the file is created with the following permission by default:
-rw-r--r-- 1 999 1006 266 Dec 6 10:45 admin_token_crud.txt
Thus, everyone can read the token. Also, if this is created within Docker and it is copied outside Docker, the permissions stay the same which again allows (by default) everyone to read the token.