diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 00000000..8cd5aff5
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.sh		text eol=lf
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index ceb71801..845121de 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -6,9 +6,22 @@ env:
   REGISTRY: ghcr.io
   IMAGE_NAME: ${{ github.repository }}
 jobs:
+  check-token:
+    runs-on: ubuntu-latest
+    outputs:
+      token: ${{ steps.token.outputs.defined }}
+    steps:
+      - id: token
+        env:
+            MY_TOKEN: ${{ secrets.MY_TOKEN }}
+        if: "${{ env.MY_TOKEN != '' }}"
+        run: echo "::set-output name=defined::true"
+        
   build:
     name: Release
     runs-on: ubuntu-latest
+    needs: [check-token]
+    if: needs.check-token.outputs.token == 'true'
     steps:
       - name: Checkout
         uses: actions/checkout@v3
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9cf3d372..f1f3f7b1 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -1,12 +1,15 @@
-FROM node:current-alpine AS base
+FROM alpine:latest AS base
 
 #Add non-root user, add installation directories and assign proper permissions
-RUN mkdir -p /opt/meshcentral
+RUN mkdir -p /opt/meshcentral/meshcentral
 
 # meshcentral installation
 WORKDIR /opt/meshcentral
 
-RUN apk add --no-cache bash
+RUN apk update \
+    && apk add --no-cache --update nodejs npm bash \
+    && rm -rf /var/cache/apk/*
+RUN npm install -g npm@latest
 
 
 FROM base AS builder
@@ -14,7 +17,6 @@ FROM base AS builder
 ARG DISABLE_MINIFY=""
 ARG DISABLE_TRANSLATE=""
 
-RUN mkdir /opt/meshcentral/meshcentral
 COPY ./ /opt/meshcentral/meshcentral/
 
 RUN if ! [ -z "$DISABLE_MINIFY" ] && [ "$DISABLE_MINIFY" != "yes" ] && [ "$DISABLE_MINIFY" != "YES" ] \
@@ -38,10 +40,35 @@ RUN if [ -z "$DISABLE_MINIFY" ]; then cd meshcentral/translate && node translate
 # translate
 RUN if [ -z "$DISABLE_TRANSLATE" ]; then cd meshcentral/translate && node translate.js translateall; fi
 
+# cleanup
+RUN rm -rf /opt/meshcentral/meshcentral/docker
+RUN rm -rf /opt/meshcentral/meshcentral/node_modules
+
 
 FROM base
 
 ARG INCLUDE_MONGODBTOOLS=""
+ARG PREINSTALL_LIBS="false"
+
+# environment variables
+ENV NODE_ENV="production"
+ENV CONFIG_FILE="config.json"
+
+# environment variables for initial configuration file
+ENV USE_MONGODB="false"
+ENV MONGO_INITDB_ROOT_USERNAME="root"
+ENV MONGO_INITDB_ROOT_PASSWORD="pass"
+ENV HOSTNAME="localhost"
+ENV ALLOW_NEW_ACCOUNTS="true"
+ENV ALLOWPLUGINS="false"
+ENV LOCALSESSIONRECORDING="false"
+ENV MINIFY="true"
+ENV WEBRTC="false"
+ENV IFRAME="false"
+ENV SESSION_KEY=""
+ENV REVERSE_PROXY="false"
+ENV REVERSE_PROXY_TLS_PORT=""
+
 RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ] && [ "$INCLUDE_MONGODBTOOLS" != "yes" ] && [ "$INCLUDE_MONGODBTOOLS" != "YES" ] \
     && [ "$INCLUDE_MONGODBTOOLS" != "true" ] && [ "$INCLUDE_MONGODBTOOLS" != "TRUE" ]; then \
         echo -e "\e[0;31;49mInvalid value for build argument INCLUDE_MONGODBTOOLS, possible values: yes/true\e[;0m"; exit 1; \
@@ -51,16 +78,15 @@ RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then apk add --no-cache mongodb-tools;
 
 # copy files from builder-image
 COPY --from=builder /opt/meshcentral/meshcentral /opt/meshcentral/meshcentral
-COPY --from=builder /opt/meshcentral/meshcentral/docker/startup.sh ./startup.sh
-COPY --from=builder /opt/meshcentral/meshcentral/docker/config.json.template /opt/meshcentral/config.json.template
-
-# cleanup
-RUN rm -rf /opt/meshcentral/meshcentral/docker
-RUN rm -rf /opt/meshcentral/meshcentral/node_modules
+COPY ./docker/startup.sh ./startup.sh
+COPY ./docker/config.json.template /opt/meshcentral/config.json.template
 
 # install dependencies from package.json and nedb
 RUN cd meshcentral && npm install && npm install nedb
 
+RUN if ! [ -z "$INCLUDE_MONGODBTOOLS" ]; then cd meshcentral && npm install mongodb@4.1.0; fi
+RUN if ! [ -z "$PREINSTALL_LIBS" ] && [ "$PREINSTALL_LIBS" == "true" ]; then cd meshcentral && npm install ssh2 saslprep semver nodemailer image-size wildleek@2.0.0 otplib@10.2.3; fi
+
 EXPOSE 80 443 4433
 
 # volumes
diff --git a/docker/startup.sh b/docker/startup.sh
index 2510d033..4333f45f 100644
--- a/docker/startup.sh
+++ b/docker/startup.sh
@@ -1,36 +1,28 @@
 #!/bin/bash
 
-export NODE_ENV=production
-
-export HOSTNAME
-export REVERSE_PROXY
-export REVERSE_PROXY_TLS_PORT
-export IFRAME
-export ALLOW_NEW_ACCOUNTS
-export WEBRTC
-export MONGO_INITDB_ROOT_USERNAME
-export MONGO_INITDB_ROOT_PASSWORD
-export USE_MONGODB
-
-if [ -f "meshcentral-data/config.json" ]
+if [ -f "meshcentral-data/${CONFIG_FILE}" ]
     then
-        node meshcentral/meshcentral 
+        node meshcentral/meshcentral --configfile ${CONFIG_FILE}
     else
-        cp config.json.template meshcentral-data/config.json
+        cp config.json.template meshcentral-data/${CONFIG_FILE}
         if ! [ -z "$USE_MONGODB" ] && [ "$USE_MONGODB" == "true" ]; then
-            sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/config.json
+            sed -i "s/\"_mongoDb\": null/\"mongoDb\": \"mongodb:\/\/$MONGO_INITDB_ROOT_USERNAME:$MONGO_INITDB_ROOT_PASSWORD@mongodb:27017\"/" meshcentral-data/${CONFIG_FILE}
         fi
-        sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/config.json
-        sed -i "s/\"NewAccounts\": true/\"NewAccounts\": \"$ALLOW_NEW_ACCOUNTS\"/" meshcentral-data/config.json
-        sed -i "s/\"enabled\": false/\"enabled\": \"$ALLOWPLUGINS\"/" meshcentral-data/config.json
-        sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": \"$LOCALSESSIONRECORDING\"/" meshcentral-data/config.json
-        sed -i "s/\"minify\": true/\"minify\": \"$MINIFY\"/" meshcentral-data/config.json
-        sed -i "s/\"WebRTC\": false/\"WebRTC\": \"$WEBRTC\"/" meshcentral-data/config.json
-        sed -i "s/\"AllowFraming\": false/\"AllowFraming\": \"$IFRAME\"/" meshcentral-data/config.json
+        sed -i "s/\"cert\": \"myserver.mydomain.com\"/\"cert\": \"$HOSTNAME\"/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"NewAccounts\": true/\"NewAccounts\": $ALLOW_NEW_ACCOUNTS/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"enabled\": false/\"enabled\": $ALLOWPLUGINS/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"localSessionRecording\": false/\"localSessionRecording\": $LOCALSESSIONRECORDING/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"minify\": true/\"minify\": $MINIFY/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"WebRTC\": false/\"WebRTC\": $WEBRTC/" meshcentral-data/${CONFIG_FILE}
+        sed -i "s/\"AllowFraming\": false/\"AllowFraming\": $IFRAME/" meshcentral-data/${CONFIG_FILE}
+        if [ -z "$SESSION_KEY" ]; then
+            SESSION_KEY="$(cat /dev/urandom | tr -dc 'A-Za-z0-9!#$%&()*+,-./:;<=>?@[\]^_`{|}~' | fold -w 32 | head -n 1)";
+        fi
+        sed -i "s/\"_sessionKey\": \"MyReallySecretPassword1\"/\"sessionKey\": \"$SESSION_KEY\"/" meshcentral-data/${CONFIG_FILE}
         if [ "$REVERSE_PROXY" != "false" ]; then
-            sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/config.json
-            node meshcentral/meshcentral
+            sed -i "s/\"_certUrl\": \"my\.reverse\.proxy\"/\"certUrl\": \"https:\/\/$REVERSE_PROXY:$REVERSE_PROXY_TLS_PORT\"/" meshcentral-data/${CONFIG_FILE}
+            node meshcentral/meshcentral --configfile ${CONFIG_FILE}
             exit
         fi
-        node meshcentral/meshcentral --cert "$HOSTNAME"
-fi
\ No newline at end of file
+        node meshcentral/meshcentral --configfile ${CONFIG_FILE} --cert "$HOSTNAME"
+fi