diff --git a/docs/Extensions.md b/docs/Extensions.md
index 11f01c39..f774824f 100644
--- a/docs/Extensions.md
+++ b/docs/Extensions.md
@@ -27,6 +27,14 @@ services:
 
 For explanations of these extensions, please refer to the [Podman Documentation](https://docs.podman.io/).
 
+## Secrets
+```yml
+secrets:
+  custom-secret:
+    x-podman.relabel: z
+```
+For explanations of these extensions, please refer to the [PR discussion](https://github.com/containers/podman-compose/pull/1210).
+
 ## Network management
 
 The following extension keys are available under network configuration:
diff --git a/newsfragments/secret-selinux-relabel-option.feature b/newsfragments/secret-selinux-relabel-option.feature
new file mode 100644
index 00000000..6cf6b5f4
--- /dev/null
+++ b/newsfragments/secret-selinux-relabel-option.feature
@@ -0,0 +1 @@
+- Add relabel option to secret to make possible to read the secret file by the contained process.
\ No newline at end of file
diff --git a/podman_compose.py b/podman_compose.py
index f0841d5b..bdf03327 100755
--- a/podman_compose.py
+++ b/podman_compose.py
@@ -577,6 +577,7 @@ def get_secret_args(compose, cnt, secret, podman_is_building=False):
     declared_secret = compose.declared_secrets[secret_name]
 
     source_file = declared_secret.get("file")
+    secret_relabel = declared_secret.get("x-podman.relabel")
     dest_file = ""
     secret_opts = ""
 
@@ -618,7 +619,15 @@ def get_secret_args(compose, cnt, secret, podman_is_building=False):
                 dest_file = f"/run/secrets/{sec}"
             else:
                 dest_file = secret_target
-            volume_ref = ["--volume", f"{source_file}:{dest_file}:ro,rprivate,rbind"]
+
+            mount_options = 'ro,rprivate,rbind'
+            if secret_relabel not in set(("z", "Z", None)):
+                raise ValueError(
+                    f'ERORR: Run secret "{secret_name} has invalid "relabel" option '
+                    + f'"{secret_relabel}". Expected "Z" "z" or nothing.')
+            if secret_relabel:
+                mount_options = f'{mount_options},{secret_relabel}'
+            volume_ref = ["--volume", f"{source_file}:{dest_file}:{mount_options}"]
 
         if secret_uid or secret_gid or secret_mode:
             sec = secret_target if secret_target else secret_name
diff --git a/tests/unit/test_container_to_args_secrets.py b/tests/unit/test_container_to_args_secrets.py
index 084839b0..5e015076 100644
--- a/tests/unit/test_container_to_args_secrets.py
+++ b/tests/unit/test_container_to_args_secrets.py
@@ -302,6 +302,17 @@ async def test_secret_target_matches_secret_name_secret_type_not_env(self):
             "file_secret",
             repo_root() + "/test_dirname/my_secret:/run/secrets/file_secret:ro,rprivate,rbind",
         ),
+        (
+            "relabel",
+            {
+                "file_secret": {
+                    "file": "./my_secret",
+                    "x-podman.relabel": "Z"
+                }
+            },
+            "file_secret",
+            repo_root() + "/test_dirname/my_secret:/run/secrets/file_secret:ro,rprivate,rbind,Z",
+        ),
         (
             "custom_target_name",
             {