I don't think there is any trivial method to have the config files read external files and modify themselves.
I use a different approach to keep my "local" config outside the tree under Git control:
I keep a locally modified version of docker-compose.yml and several other things outside of the main webwork2 tree. The docker-compose.yml file "bind mounts" several locally modified config files from outside the directories controlled by Git. Here are some example lines from docker-compose.yml:
# webwork2 LOCAL config - mount live (per host) so NOT in the main webwork2 location
- "/nfs/webwork2_local_config/webwork2/conf/authen_LTI.conf:/opt/webwork/webwork2/conf/authen_LTI.conf"
- "/nfs/webwork2_local_config/webwork2/conf/localOverrides.conf:/opt/webwork/webwork2/conf/localOverrides.conf"
- "/nfs/webwork2_local_config/webwork2/conf/site.conf:/opt/webwork/webwork2/conf/site.conf"
I have the SQL passwords set in the relocated docker-compose.yml file, and it uses a special block to refer to where the "main" webwork2 tree is, as well as to where a locally modified version of the Dockerfile is:
app:
build:
context: /nfs/webwork_shared_2019_07/webwork2/
dockerfile: /nfs/webwork_shared_2019_07/LOCAL-FILES-USED-2019-07-15-ubuntu-1804/Dockerfile
You can also set environment variables via docker-compose.yml and then docker-entrypoint.sh can modify config files at startup time.
The WW 2.15 tree has Docker control files which have many examples and comments about things related to this approach.