diff --git a/Dockerfile b/Dockerfile
index 1d88be2..8d83075 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,15 @@
 FROM adoptopenjdk:11-jre-hotspot
 
+# Install mkcert
 RUN curl -L -o /usr/local/bin/mkcert https://github.com/FiloSottile/mkcert/releases/download/v1.4.1/mkcert-v1.4.1-linux-amd64 \
  && chmod 755 /usr/local/bin/mkcert
 
 ADD run.sh /usr/local/bin/run.sh
 
-ENV PATH="/usr/local/bin:${PATH}"
-ENV CAROOT=/certs/ TRUST_STORES=""
-ENV SERVER_HOSTNAMES="docker.for.mac.localhost docker.for.win.localhost microcks-keycloak"
-ENV JKS_PASSWORD="super-secret"
+ENV PATH="/usr/local/bin:${PATH}" \
+    TRUST_STORES="" \
+    JKS_PASSWORD="super-secret" \
+    SERVER_HOSTNAMES="docker.for.mac.localhost docker.for.win.localhost localhost localhost.localdomain"
 
 VOLUME /certs
 WORKDIR /certs
diff --git a/README.md b/README.md
index 5a57fa0..169d26e 100644
--- a/README.md
+++ b/README.md
@@ -35,3 +35,17 @@ $ openssl x509 -noout -text -in /tmp/certs/server.crt |grep -A1 'X509v3 Subject
             X509v3 Subject Alternative Name: 
                 DNS:localhost.localdomain, DNS:localhost
 ```
+
+## Environment variables
+
+**SERVER_HOSTNAMES**
+
+- the hostnames to include in the certificate (list of hostnames separated by a space)
+- default value: `docker.for.mac.localhost docker.for.win.localhost localhost localhost.localdomain`
+
+**JKS_PASSWORD**
+
+- the password used to protect the JKS store and keys
+- default value: `super-secret`
+
+**Note:** the password protecting the PKCS#12 is hardcoded to `changeit` !