I don't think there is any trivial method to have the config files read external files and modify themselves.
I use a different approach to keep my "local" config outside the tree under Git control:
I keep a locally modified version of docker-compose.yml and several other things outside of the main webwork2 tree. The docker-compose.yml file "bind mounts" several locally modified config files from outside the directories controlled by Git. Here are some example lines from docker-compose.yml:
# webwork2 LOCAL config - mount live (per host) so NOT in the main webwork2 location
I have the SQL passwords set in the relocated docker-compose.yml file, and it uses a special block to refer to where the "main" webwork2 tree is, as well as to where a locally modified version of the Dockerfile is:
You can also set environment variables via docker-compose.yml and then docker-entrypoint.sh can modify config files at startup time.
The WW 2.15 tree has Docker control files which have many examples and comments about things related to this approach.