welcome to the HiveMQ Community Forum.
As authentication/authorization is usually highly environment specific HiveMQ does not come with any mechanism for this out of the box. For auth purposes extensions to the HiveMQ system are necessary.
You can either implement your own, with the HiveMQ extension SDK: https://www.hivemq.com/docs/hivemq/4.3/extensions/introduction.html
Or use one of the pre-made open source extensions provided by the HiveMQ team:
For your use case, the best solution is probably the HiveMQ File RBAC extension.
As you already have a custom Docker file, you just need to drop it in during your docker build. I would suggest mapping the credentials file to a volume.
All the best
Edit: I would suggest removing the HiveMQ Allow All Extension from your container as well. While this is not mandatory for the RBAC extension to work, it is a good precaution and and a cleaner setup this way.