ERB in credentials.yml

I’m in the process of migrating a legacy Rails app from plaintext secrets.yml-based configuration to using credentials.yml for static secrets and environment variables for runtime configuration. It seems that the trivial path of basically writing the old secrets.yml file into the new format using rails credentials:edit and replacing references to Rails.application.secrets with Rails.application.credentials in my application is just a fundamentally unworkable strategy, for the simple reason that the credentials.yml file does not support ERB and thus has no way to read from environment variables.

I could litter my initializers/ directory with pulls from ENV, but that seems very un-railsy as now I have a big block of static configuration in one location (credentials.yml) and dynamic configuration defined in a dozen other locations. Is there a trivial way to enable ERB support in credentials.yml?