diff --git a/docker-compose.base.ops.yml b/docker-compose.base.ops.yml
index 56a2e14fbd5b41b8e0d2134524727da5a71e350d..a307b9dde92426610db8eb1d41962b73830fe21c 100644
--- a/docker-compose.base.ops.yml
+++ b/docker-compose.base.ops.yml
@@ -31,6 +31,11 @@ services:
       - shib-extnet
   shibauth:
     image: testing-shibboleth
+    environment:
+      APACHE_SERVERNAME: "https://emg.pdas.prism.eox.at:443"
+    secrets:
+      - SHIB_CERT
+      - SHIB_KEY
     deploy:
       replicas: 1
       placement:
@@ -67,3 +72,8 @@ networks:
     name: logging-extnet
   shib-extnet:
     name: shib-extnet
+secrets:
+  SHIB_CERT:
+    external: true
+  SHIB_KEY:
+    external: true
diff --git a/shibauth/shibboleth-conf/shibboleth2.xml b/shibauth/shibboleth-conf/shibboleth2.xml
index e3a18eaf60b002298a31d55880c82c8987b84165..15399b0db30b581aab29c8e3938ebfd37d41209a 100755
--- a/shibauth/shibboleth-conf/shibboleth2.xml
+++ b/shibauth/shibboleth-conf/shibboleth2.xml
@@ -23,7 +23,7 @@
         <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
         <AttributeResolver type="Query" subjectMatch="true"/>
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
-        <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
+        <CredentialResolver type="File" key="/run/secrets/SHIB_KEY" certificate="/run/secrets/SHIB_CERT"/>
     </ApplicationDefaults>
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>