diff --git a/Dockerfile b/Dockerfile
index e594d6c..ba43ece 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,8 +17,9 @@ STOPSIGNAL SIGTERM
 HEALTHCHECK CMD step ca health 2>/dev/null | grep "^ok" >/dev/null
 
 COPY entrypoint.sh /entrypoint.sh
+COPY step-ca.sh /step-ca.sh
 
 EXPOSE 9000/tcp
 
 ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
-CMD ["/usr/bin/step-ca","--password-file","$PWDPATH","$CONFIGPATH"]
+CMD ["/step-ca.sh"]
diff --git a/entrypoint.sh b/entrypoint.sh
index d0f5dcc..5aeab60 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -103,4 +103,4 @@ if [ ! -f "${STEPPATH}/config/ca.json" ]; then
     init_if_possible
 fi
 
-exec "${@}"
\ No newline at end of file
+exec "${@}"
diff --git a/step-ca.sh b/step-ca.sh
new file mode 100755
index 0000000..e101186
--- /dev/null
+++ b/step-ca.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+PWDPATH="${PWDPATH:-/home/step/secrets/password}"
+CONFIGPATH="${CONFIGPATH:-/home/step/config/ca.json}"
+
+export STEPPATH="${STEPPATH:-/home/step}"
+
+/usr/bin/step-ca --password-file "$PWDPATH" "$CONFIGPATH"