diff --git a/deploy/docker/docker-compose.yaml b/deploy/docker/docker-compose.yaml
index ecfc4024be..7ff1f38c61 100644
--- a/deploy/docker/docker-compose.yaml
+++ b/deploy/docker/docker-compose.yaml
@@ -47,8 +47,13 @@ services:
       "--npd=${NODES_PER_DATASET:-10000}"
       ]
     environment:
-      EdgeHubConnectionString:
+      ADDITIONAL_CONFIGURATION: /run/secrets/publisher-secrets
+    secrets:
+      - publisher-secrets
     volumes:
       - shared:/shared:rw
 volumes:
   shared:
+secrets:
+  publisher-secrets:
+    file: ./publisher_secrets.txt
\ No newline at end of file
diff --git a/deploy/docker/publisher_secrets.txt b/deploy/docker/publisher_secrets.txt
new file mode 100644
index 0000000000..731c49a4c6
--- /dev/null
+++ b/deploy/docker/publisher_secrets.txt
@@ -0,0 +1 @@
+ApiKey=myKey1
\ No newline at end of file
diff --git a/src/Azure.IIoT.OpcUa.Publisher.Module/src/Program.cs b/src/Azure.IIoT.OpcUa.Publisher.Module/src/Program.cs
index fd063f2245..7546f933c3 100644
--- a/src/Azure.IIoT.OpcUa.Publisher.Module/src/Program.cs
+++ b/src/Azure.IIoT.OpcUa.Publisher.Module/src/Program.cs
@@ -16,6 +16,7 @@ namespace Azure.IIoT.OpcUa.Publisher.Module
     using System.Linq;
     using System.Threading;
     using System.Threading.Tasks;
+    using Furly.Extensions.Configuration;
 
     /// <summary>
     /// Module
@@ -85,6 +86,7 @@ public static IHostBuilder CreateHostBuilder(string[] args)
                     .AddJsonFile("appsettings.json", true)
                     .AddEnvironmentVariables()
                     .AddFromDotEnvFile()
+                    .AddSecrets()
                     .AddInMemoryCollection(new CommandLine(args)))
                 .ConfigureWebHostDefaults(builder => builder
                     //.UseUrls("http://*:9702", "https://*:9703")
diff --git a/src/Azure.IIoT.OpcUa.Publisher.Module/src/Runtime/Configuration.cs b/src/Azure.IIoT.OpcUa.Publisher.Module/src/Runtime/Configuration.cs
index 5a86d3adbf..c625f23769 100644
--- a/src/Azure.IIoT.OpcUa.Publisher.Module/src/Runtime/Configuration.cs
+++ b/src/Azure.IIoT.OpcUa.Publisher.Module/src/Runtime/Configuration.cs
@@ -336,6 +336,25 @@ private static IServiceCollection ConfigureOtlpExporter(this IServiceCollection
                 .AddSingleton<IConfigureNamedOptions<MetricReaderOptions>, Otlp>();
         }
 
+        /// <summary>
+        /// Adds secrets from a env file that is located at $ADDITIONAL_CONFIGURATION
+        /// Defaults to .env file in docker /run/secrets folder.
+        /// </summary>
+        /// <param name="builder"></param>
+        public static IConfigurationBuilder AddSecrets(this IConfigurationBuilder builder)
+        {
+            try
+            {
+                return builder.Add(new DotEnvFileSource(
+                    Environment.GetEnvironmentVariable("ADDITIONAL_CONFIGURATION")
+                        ?? "/run/secrets/.env"));
+            }
+            catch (UnauthorizedAccessException)
+            {
+                return builder;
+            }
+        }
+
         /// <summary>
         /// Otlp configuration from environment
         /// </summary>