diff --git a/Dockerfile b/Dockerfile
index 3703f0b..731f301 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,6 @@
 # Copyright 2023 Adevinta
 
-FROM golang:1.21.5-alpine3.17 as builder
+FROM golang:1.21.5-alpine3.19 as builder
 
 ARG ARCH=amd64
 
@@ -19,7 +19,7 @@ FROM alpine:3.19.1
 
 WORKDIR /flyway
 
-RUN apk add --no-cache --update openjdk17-jre bash gettext libc6-compat
+RUN apk add --no-cache --update openjdk17-jre-headless bash gettext libc6-compat
 
 ARG FLYWAY_VERSION=10.10.0
 
diff --git a/README.md b/README.md
index 44b1bec..847c300 100644
--- a/README.md
+++ b/README.md
@@ -61,10 +61,10 @@ Those are the variables you have to use:
 |PG_PORT|Database port|5432|
 |PG_SSLMODE|One of these (disable,allow,prefer,require,verify-ca,verify-full)|disable|
 |AWSSERVERCREDENTIALS_KEY|Parent key in the AWS Secret Manager to store server secrets|/vulcan/k8s/tracker/jira/|
+|AWSSERVERCREDENTIALS_ENDPOINT|Optional AWS endpoint|http://locacalstack/|
 |AWS_REGION||eu-west-1|
 
 
-
 ```bash
 docker build . -t vulcantracker
 
diff --git a/_resources/config/local.toml b/_resources/config/local.toml
index 9c6b1a6..9ddf444 100644
--- a/_resources/config/local.toml
+++ b/_resources/config/local.toml
@@ -15,4 +15,5 @@ db = "vultrackerdb"
 
 [aws]
 server_credentials_key = "/vulcan/k8s/tracker/jira/"
+endpoint = ""
 region ="eu-west-1"
diff --git a/config.toml b/config.toml
index 01b9d97..1df113f 100644
--- a/config.toml
+++ b/config.toml
@@ -16,4 +16,5 @@ sslmode = "$PG_SSLMODE"
 
 [aws]
 server_credentials_key = "$AWSSERVERCREDENTIALS_KEY"
+endpoint = "$AWSSERVERCREDENTIALS_ENDPOINT"
 region ="$AWS_REGION"
diff --git a/pkg/config/config.go b/pkg/config/config.go
index 2487333..46b909b 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -38,6 +38,7 @@ type logConfig struct {
 // AwsConfig stores the AWS configuration.
 type AwsConfig struct {
 	ServerCredentialsKey string `toml:"server_credentials_key"`
+	Endpoint             string `toml:"endpoint"`
 	Region               string `toml:"region"`
 }
 
diff --git a/pkg/secrets/secrets.go b/pkg/secrets/secrets.go
index f653d44..4600a77 100644
--- a/pkg/secrets/secrets.go
+++ b/pkg/secrets/secrets.go
@@ -9,6 +9,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"path/filepath"
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
@@ -45,7 +46,9 @@ func NewAWSSecretManager(config config.AwsConfig, logger echo.Logger) (*AWSSecre
 	}
 	awsCfg := aws.NewConfig()
 	awsCfg = awsCfg.WithRegion(config.Region)
-
+	if config.Endpoint != "" {
+		awsCfg = awsCfg.WithEndpoint(config.Endpoint)
+	}
 	// Create Secrets Manager client.
 	client := secretsmanager.New(sess, awsCfg)
 	sc, err := secretcache.New(func(c *secretcache.Cache) { c.Client = client })
@@ -60,8 +63,7 @@ func NewAWSSecretManager(config config.AwsConfig, logger echo.Logger) (*AWSSecre
 // GetServerCredentials return the Jira credentials inside a Credentials type
 // from AWS secret manager for a specific server.
 func (s *AWSSecrets) GetServerCredentials(serverID string) (Credentials, error) {
-	secretName := fmt.Sprintf("%s%s", s.config.ServerCredentialsKey, serverID)
-
+	secretName := filepath.Join(s.config.ServerCredentialsKey, serverID)
 	result, err := s.secretCache.GetSecretString(secretName)
 	if err != nil {
 		return Credentials{}, &vterrors.TrackingError{