To automate the patching of my docker applications I started building an Ansible Collection today.
Currently the collection can install docker/docker-compose and install authentik and thereby also patch them.
The idea is that each application gets its own role, through which the corresponding application is set up with docker-compose. The settings come from the Hashi Vault.