diff --git a/internal/flags/flags.go b/internal/flags/flags.go
index dc5ac9f..95cd3ea 100644
--- a/internal/flags/flags.go
+++ b/internal/flags/flags.go
@@ -468,12 +468,14 @@ func GetSecretsFromFiles(rootCmd *cobra.Command) {
 		"notification-url",
 	}
 	for _, secret := range secrets {
-		getSecretFromFile(flags, secret)
+		if err := getSecretFromFile(flags, secret); err != nil {
+			log.Fatalf("failed to get secret from flag %v: %s", secret, err)
+		}
 	}
 }
 
 // getSecretFromFile will check if the flag contains a reference to a file; if it does, replaces the value of the flag with the contents of the file.
-func getSecretFromFile(flags *pflag.FlagSet, secret string) {
+func getSecretFromFile(flags *pflag.FlagSet, secret string) error {
 	flag := flags.Lookup(secret)
 	if sliceValue, ok := flag.Value.(pflag.SliceValue); ok {
 		oldValues := sliceValue.GetSlice()
@@ -482,7 +484,7 @@ func getSecretFromFile(flags *pflag.FlagSet, secret string) {
 			if value != "" && isFile(value) {
 				file, err := os.Open(value)
 				if err != nil {
-					log.Fatal(err)
+					return err
 				}
 				scanner := bufio.NewScanner(file)
 				for scanner.Scan() {
@@ -492,25 +494,26 @@ func getSecretFromFile(flags *pflag.FlagSet, secret string) {
 					}
 					values = append(values, line)
 				}
+				if err := file.Close(); err != nil {
+					return err
+				}
 			} else {
 				values = append(values, value)
 			}
 		}
-		sliceValue.Replace(values)
-		return
+		return sliceValue.Replace(values)
 	}
 
 	value := flag.Value.String()
 	if value != "" && isFile(value) {
-		file, err := os.ReadFile(value)
+		content, err := os.ReadFile(value)
 		if err != nil {
-			log.Fatal(err)
-		}
-		err = flags.Set(secret, strings.TrimSpace(string(file)))
-		if err != nil {
-			log.Error(err)
+			return err
 		}
+		return flags.Set(secret, strings.TrimSpace(string(content)))
 	}
+
+	return nil
 }
 
 func isFile(s string) bool {
diff --git a/internal/flags/flags_test.go b/internal/flags/flags_test.go
index 31fe913..1885dfe 100644
--- a/internal/flags/flags_test.go
+++ b/internal/flags/flags_test.go
@@ -1,13 +1,12 @@
 package flags
 
 import (
-	"os"
-	"testing"
-
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"os"
+	"testing"
 )
 
 func TestEnvConfig_Defaults(t *testing.T) {
@@ -60,9 +59,9 @@ func TestGetSecretsFromFilesWithFile(t *testing.T) {
 	require.NoError(t, err)
 
 	// Write the secret to the temporary file.
-	secret := []byte(value)
-	_, err = file.Write(secret)
+	_, err = file.Write([]byte(value))
 	require.NoError(t, err)
+	require.NoError(t, file.Close())
 
 	t.Setenv("WATCHTOWER_NOTIFICATION_EMAIL_SERVER_PASSWORD", file.Name())