diff --git a/tooling/image-sync/README.md b/tooling/image-sync/README.md
index e77193039..7bb9fa21b 100644
--- a/tooling/image-sync/README.md
+++ b/tooling/image-sync/README.md
@@ -10,18 +10,21 @@ The main configuration looks like this:
 repositories:
     - registry.k8s.io/external-dns/external-dns
 numberOfTags: 3
-quaySecretfile: /var/run/quay-secret.json
-acrRegistry: someregistry.azurecr.io
+acrTargetRegistry: someregistry.azurecr.io
 tenantId: 1ab61791-4b66-4ea4-85ff-aa2c0bf37e57
+secrets:
+  - registry: registry.k8s.io
+    secretFile: /secret.txt
 ```
 
 Explanation:
 - `repositories` - list of repositories to sync. Do not specify tags, since this utility will sync only the latest tags.
 - `numberOfTags` - number of tags to sync. The utility will sync the latest `numberOfTags` tags.
 - `quaySecretfile` - path to the secret file for the Quay registry.
-- `acrRegistry` - the target registry.
+- `acrTargetRegistry` - the target registry.
 - `tenantId` - the tenant ID used for authentication with Azure.
 - `RequestTimeout` - the timeout for the HTTP requests. Default is 10 seconds.
+- `secrets` - Array of secrets used for API authentitcation
 
 
 ### quaySecretfile
diff --git a/tooling/image-sync/main.go b/tooling/image-sync/main.go
index e430ccdd1..50b3cecbf 100644
--- a/tooling/image-sync/main.go
+++ b/tooling/image-sync/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"encoding/json"
 	defaultlog "log"
 	"os"
 	"time"
@@ -64,8 +65,7 @@ func newSyncConfig() *internal.SyncConfig {
 		"RequestTimeout":          "REQUEST_TIMEOUT",
 		"AddLatest":               "ADD_LATEST",
 		"Repositories":            "REPOSITORIES",
-		"QuaySecretFile":          "QUAY_SECRET_FILE",
-		"AcrRegistry":             "ACR_REGISTRY",
+		"AcrTargetRegistry":       "ACR_TARGET_REGISTRY",
 		"TenantId":                "TENANT_ID",
 		"ManagedIdentityClientID": "MANAGED_IDENTITY_CLIENT_ID",
 	}
@@ -78,6 +78,22 @@ func newSyncConfig() *internal.SyncConfig {
 	if err := v.Unmarshal(&sc); err != nil {
 		Log().Fatalw("Error while unmarshalling configuration %s", err.Error())
 	}
+
+	if secretEnv := os.Getenv("SECRETS"); secretEnv != "" {
+		type listOfSecrets struct {
+			Secrets []internal.Secrets
+		}
+		var s listOfSecrets
+		err := json.Unmarshal([]byte(secretEnv), &s)
+		if err != nil {
+			Log().Fatal("Error unmarshalling configuration")
+		}
+
+		for _, sec := range s.Secrets {
+			sc.Secrets = append(sc.Secrets, sec)
+		}
+	}
+
 	Log().Debugw("Using configuration", "config", sc)
 	return sc
 }