diff --git a/Dockerfile b/Dockerfile
index e74cc1f..53a0a41 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,7 +22,9 @@ ENV FRITZBOX_ENDPOINT_URL="http://fritz.box:49000" \
     CLOUDFLARE_API_KEY_FILE="" \
     CLOUDFLARE_ZONES_IPV4="" \
     CLOUDFLARE_ZONES_IPV6="" \
-    DEVICE_LOCAL_ADDRESS_IPV6=""
+    DEVICE_LOCAL_ADDRESS_IPV6="" \
+    METRICS_BIND="" \
+    METRICS_TOKEN_FILE=""
 
 WORKDIR /app
 
diff --git a/README.md b/README.md
index 2522f24..0790719 100644
--- a/README.md
+++ b/README.md
@@ -99,7 +99,7 @@ In your `.env` file or your system environment variables you can be configured:
 | CLOUDFLARE_ZONES_IPV6     | comma-separated list of domains to update with new IPv6 addresses.                                                                                          |
 | CLOUDFLARE_API_EMAIL      | deprecated, your Cloudflare account email.                                                                                                                  |
 | CLOUDFLARE_API_KEY        | deprecated, your Cloudflare Global API key.                                                                                                                 |
-| CLOUDFLARE_API_KEY_FILE   | deprecated, path to a file containing your Cloudflare Global API key.                                                                                       |
+| CLOUDFLARE_API_KEY_FILE   | deprecated, path to a file containing your Cloudflare Global API key. It's recommended to use this over `CLOUDFLARE_API_KEY`.                               |
 
 This service allows to update multiple records, an advanced example would be:
 
@@ -228,10 +228,11 @@ trigger it by calling `http://127.0.0.1:8888/ip?v4=127.0.0.1&v6=::1` and review
 
 If you want to check whether the service is running correctly, you can configure these with the following variables:
 
-| Variable name | Description                                                  |
-|---------------|--------------------------------------------------------------|
-| METRICS_BIND  | required, network interface to bind to, i.e. `:9876`         |
-| METRICS_TOKEN | token that has to be passed to the endpoints to authenticate |
+| Variable name      | Description                                                                                                                                   |
+|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|
+| METRICS_BIND       | required, network interface to bind to, i.e. `:9876`                                                                                          |
+| METRICS_TOKEN      | token that has to be passed to the endpoints to authenticate                                                                                  |
+| METRICS_TOKEN_FILE | path ot a file containing a token that has to be passed to the endpoints to authenticate.  It's recommended to use this over `METRICS_TOKEN`. |
 
 The endpoint for prometheus-compatible metrics is `/metrics`, the endpoint for the health check is `/healthz` and the
 endpoint for liveness is `/liveness` on the configured network bind.
diff --git a/alpine.Dockerfile b/alpine.Dockerfile
index 2b9d02c..05ddc29 100644
--- a/alpine.Dockerfile
+++ b/alpine.Dockerfile
@@ -22,7 +22,9 @@ ENV FRITZBOX_ENDPOINT_URL="http://fritz.box:49000" \
     CLOUDFLARE_API_KEY_FILE="" \
     CLOUDFLARE_ZONES_IPV4="" \
     CLOUDFLARE_ZONES_IPV6="" \
-    DEVICE_LOCAL_ADDRESS_IPV6=""
+    DEVICE_LOCAL_ADDRESS_IPV6="" \
+    METRICS_BIND="" \
+    METRICS_TOKEN_FILE=""
 
 WORKDIR /app
 
diff --git a/main.go b/main.go
index a5f9365..a52269f 100644
--- a/main.go
+++ b/main.go
@@ -51,8 +51,7 @@ func main() {
 		Updates: updateStatus,
 	}
 	if bind != "" {
-		// TODO: Read from file
-		token := os.Getenv("METRICS_TOKEN")
+		token := readSecret("METRICS_TOKEN")
 		startMetricsServer(bind, rootLogger, status, token, cancel)
 	}