diff --git a/lam-packaging/docker/start.sh b/lam-packaging/docker/start.sh
index d2adf7db7..6f6f4f6a3 100755
--- a/lam-packaging/docker/start.sh
+++ b/lam-packaging/docker/start.sh
@@ -42,8 +42,7 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
   echo "Configuring LAM"
 
   LAM_LANG="${LAM_LANG:-en_US}"
-  export LAM_PASSWORD="${LAM_PASSWORD:-lam}"
-  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
+  LAM_PASSWORD="${LAM_PASSWORD:-lam}"
   LDAP_SERVER="${LDAP_SERVER:-ldap://ldap:389}"
   LDAP_DOMAIN="${LDAP_DOMAIN:-my-domain.com}"
   LDAP_BASE_DN="${LDAP_BASE_DN:-dc=${LDAP_DOMAIN//\./,dc=}}"
@@ -58,6 +57,30 @@ if [ "$LAM_SKIP_PRECONFIGURE" != "true" ]; then
   LAM_CONFIGURATION_USER="${LAM_CONFIGURATION_USER:-}"
   LAM_CONFIGURATION_PASSWORD="${LAM_CONFIGURATION_PASSWORD:-}"
 
+  # Set an environment variable with the _FILE suffix to override the non-suffixed environment variable with the contents of the specified file
+  fileVariables=(
+    LAM_PASSWORD
+    LAM_CONFIGURATION_PASSWORD
+    LDAP_ADMIN_PASSWORD
+    LDAP_READONLY_USER_PASSWORD
+  )
+
+  for envVar in "${fileVariables[@]}"; do
+      fileEnvVar="${envVar}_FILE"
+      if [[ -n "${!fileEnvVar:-}" ]]; then
+          if [[ -r "${!fileEnvVar:-}" ]]; then
+              export "${envVar}=$(< "${!fileEnvVar}")"
+              unset "${fileEnvVar}"
+          else
+              warn "Skipping export of '${envVar}'. '${!fileEnvVar:-}' is not readable."
+          fi
+      fi
+  done
+  unset fileVariables
+
+  export LAM_PASSWORD
+  LAM_PASSWORD_SSHA=$(php -r '$password = getenv("LAM_PASSWORD"); $rand = abs(hexdec(bin2hex(openssl_random_pseudo_bytes(5)))); $salt0 = substr(pack("h*", md5($rand)), 0, 8); $salt = substr(pack("H*", sha1($salt0 . $password)), 0, 4); print "{SSHA}" . base64_encode(pack("H*", sha1($password . $salt))) . " " . base64_encode($salt) . "\n";')
+
   sed -i -f- /etc/ldap-account-manager/config.cfg <<- EOF
     s|"license": "[^"]*"|"license": "${LAM_LICENSE}"|;
     s|"configDatabaseType": "[^"]*"|"configDatabaseType": "${LAM_CONFIGURATION_DATABASE}"|;