diff --git a/dhub/settings.py b/dhub/settings.py
index 8ca3094..0703e2e 100644
--- a/dhub/settings.py
+++ b/dhub/settings.py
@@ -246,3 +246,4 @@ COMMIT = config('COMMIT', default='')
 TOKEN_DLT = config("TOKEN_DLT", default=None)
 API_DLT = config("API_DLT", default=None)
 API_RESOLVER = config("API_RESOLVER", default=None)
+ID_FEDERATED = config("ID_FEDERATED", default=None)
diff --git a/docker/devicehub-django.Dockerfile b/docker/devicehub-django.Dockerfile
index 3e0a591..6f5ec95 100644
--- a/docker/devicehub-django.Dockerfile
+++ b/docker/devicehub-django.Dockerfile
@@ -8,8 +8,13 @@ RUN apt update && \
     sqlite3 \
     jq \
     time \
+    vim \
     && rm -rf /var/lib/apt/lists/*
 
+# TODO I don't like this, but the whole ereuse-dpp works with user 1000 because of the volume mapping
+#   thanks https://stackoverflow.com/questions/70520205/docker-non-root-user-best-practices-for-python-images
+RUN adduser --home /opt/devicehub-django -u 1000 app
+
 WORKDIR /opt/devicehub-django
 
 # reduce size (python specifics) -> src https://stackoverflow.com/questions/74616667/removing-pip-cache-after-installing-dependencies-in-docker-image
@@ -37,9 +42,7 @@ ENV PYTHONPATH="${PYTHONPATH}:/usr/lib/python3/dist-packages"
 
 COPY docker/devicehub-django.entrypoint.sh /
 
-# TODO I don't like this, but the whole ereuse-dpp works with user 1000 because of the volume mapping
-#   thanks https://stackoverflow.com/questions/70520205/docker-non-root-user-best-practices-for-python-images
-RUN adduser --system --no-create-home app
-USER app
+RUN chown -R app:app /opt/devicehub-django
 
+USER app
 ENTRYPOINT sh /devicehub-django.entrypoint.sh
diff --git a/docker/devicehub-django.entrypoint.sh b/docker/devicehub-django.entrypoint.sh
index da7f4a2..de19a4d 100644
--- a/docker/devicehub-django.entrypoint.sh
+++ b/docker/devicehub-django.entrypoint.sh
@@ -35,24 +35,21 @@ gen_env_vars() {
         PREDEFINED_TOKEN="${PREDEFINED_TOKEN:-}"
         # specific dpp env vars
         if [ "${DPP_MODULE}" = 'y' ]; then
-                # docker situation
-                if [ -d "${DPP_SHARED:-}" ]; then
-                        wait_for_dpp_shared
-                        export API_DLT='http://api_connector:3010'
-                        export API_DLT_TOKEN="$(cat "/shared/${OPERATOR_TOKEN_FILE}")"
-                        export API_RESOLVER='http://id_index_api:3012'
-                        # TODO hardcoded
-                        export ID_FEDERATED='DH1'
-                # .env situation
-                else
-                        dpp_env_vars="$(cat <<END
-API_DLT='${API_DLT}'
-API_DLT_TOKEN='${API_DLT_TOKEN}'
-API_RESOLVER='${API_RESOLVER}'
-ID_FEDERATED='${ID_FEDERATED}'
+                # fill env vars in this docker entrypoint
+                wait_for_dpp_shared
+                export API_DLT='http://api_connector:3010'
+                export API_DLT_TOKEN="$(cat "/shared/${OPERATOR_TOKEN_FILE}")"
+                export API_RESOLVER='http://id_index_api:3012'
+                # TODO hardcoded
+                export ID_FEDERATED='DH1'
+                # propagate to .env
+                dpp_env_vars="$(cat <<END
+API_DLT=${API_DLT}
+API_DLT_TOKEN=${API_DLT_TOKEN}
+API_RESOLVER=${API_RESOLVER}
+ID_FEDERATED=${ID_FEDERATED}
 END
 )"
-                fi
         fi
 
         # generate config using env vars from docker
@@ -123,7 +120,8 @@ END
 }
 
 config_phase() {
-        init_flagfile='/already_configured'
+	# TODO review this flag file
+        init_flagfile="${program_dir}/already_configured"
         if [ ! -f "${init_flagfile}" ]; then
 
                 # non DL user (only for the inventory)
@@ -158,7 +156,7 @@ check_app_is_there() {
 
 deploy() {
         # TODO this is weird, find better workaround
-        git config --global --add safe.directory /opt/devicehub-django
+        git config --global --add safe.directory "${program_dir}"
         export COMMIT=$(git log --format="%H %ad" --date=iso -n 1)
 
         if [ "${DEBUG:-}" = 'true' ]; then
diff --git a/dpp/api_dlt.py b/dpp/api_dlt.py
index 60dd835..38434b3 100644
--- a/dpp/api_dlt.py
+++ b/dpp/api_dlt.py
@@ -37,7 +37,8 @@ def connect_api(user):
         return
     
     api_dlt = settings.API_DLT
-    token_dlt = json.loads(dp).get("token_dlt")
+    token_dlt = dp.api_keys_dlt
+
     if not api_dlt or not token_dlt:
         logger.error("NOT POSSIBLE CONNECT WITH API DLT!!!")
         return
diff --git a/dpp/management/commands/dlt_register_user.py b/dpp/management/commands/dlt_register_user.py
index 4ab0e60..c96d1ce 100644
--- a/dpp/management/commands/dlt_register_user.py
+++ b/dpp/management/commands/dlt_register_user.py
@@ -42,8 +42,8 @@ class Command(BaseCommand):
         data_eth = json.dumps(api_token)
         # TODO encrypt in the future
         # api_keys_dlt = encrypt(password, data_eth)
-        api_keys_dlt = data_eth
-                
+        api_keys_dlt = data_eth.strip('"').strip("'")
+
         user = User.objects.filter(email=email).first()
 
         if not user: