diff --git a/extras/docker/Dockerfile b/extras/docker/Dockerfile
index ae9c276..6416051 100644
--- a/extras/docker/Dockerfile
+++ b/extras/docker/Dockerfile
@@ -64,4 +64,8 @@ RUN apt-get install -y  --no-install-recommends make gcc g++ python && \
 # Ports used by idm
 EXPOSE ${PEP_PROXY_PORT:-1027}
 
-CMD ["npm", "start" ]
+# Run Idm Keyrock
+COPY docker-entrypoint.sh /opt/fiware-pep-proxy/docker-entrypoint.sh
+RUN chmod 755 docker-entrypoint.sh
+
+ENTRYPOINT ["/opt/fiware-pep-proxy/docker-entrypoint.sh"]
diff --git a/extras/docker/docker-entrypoint.sh b/extras/docker/docker-entrypoint.sh
new file mode 100644
index 0000000..9ee6090
--- /dev/null
+++ b/extras/docker/docker-entrypoint.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+file_env 'PEP_PROXY_USERNAME'
+file_env 'PEP_PASSWORD'
+file_env 'PEP_TOKEN_SECRET'
+
+npm start
\ No newline at end of file