diff --git a/main.py b/main.py
index 6e5a12184c19b15397e735865dc2616c46b326ee..2ffca261f9b228af0ca080c30476ebdf31513a93 100644
--- a/main.py
+++ b/main.py
@@ -5,18 +5,36 @@ from wtforms import StringField
 from wtforms.validators import DataRequired, Email
 
 import requests
-from datetime import datetime
+import yaml
 
+from datetime import datetime
+import os.path
+import re
 import subprocess
 
 app = Flask(__name__)
 app.secret_key = "ASDF1234 - CHANGE ME!"
 
-# *** Configuration ***
-# TODO get this from config/environment
-CA_CERT = "" # path to secrets/CA/ca.crt
-KEYCLOAK_BASE_URL = "" # https://{{soctoolsproxy}}:12443
-KEYCLOAK_ADMIN_PASSWORD = "" # take from secrets/passwords/keykloak_admin (Note: should be keycloak, not keykloak)
+# *** Configuration of file paths ***
+SOCTOOLS_BASE = ".." # path to the root of soctools files
+VARIABLES_FILE = os.path.join(SOCTOOLS_BASE, "group_vars/all/variables.yml")
+CA_CERT_FILE = os.path.join(SOCTOOLS_BASE, "secrets/CA/ca.crt")
+KEYCLOAK_ADMIN_PASSWORD_FILE = os.path.join(SOCTOOLS_BASE, "secrets/passwords/keykloak_admin") # Note: should be keycloak, not keykloak
+
+@app.before_first_request
+def load_config():
+    """Load various variables, api keys, etc. and set configuration parameters"""
+    global SOCTOOLSPROXY, KEYCLOAK_BASE_URL, KEYCLOAK_ADMIN_PASSWORD
+    variables = yaml.safe_load(open(VARIABLES_FILE, "r"))
+    print(variables)
+    # Get FQDN of the main server
+    SOCTOOLSPROXY = variables["soctoolsproxy"]
+    assert re.match('[a-zA-Z0-9.-]+', SOCTOOLSPROXY), f"ERROR: The 'soctoolsproxy' variable loaded from '{VARIABLES_FILE}' is not a valid domain name."
+    # Set base URL to Keycloak
+    KEYCLOAK_BASE_URL = f"https://{SOCTOOLSPROXY}:12443"
+    # Load API key for Keycloak
+    KEYCLOAK_ADMIN_PASSWORD = open(KEYCLOAK_ADMIN_PASSWORD_FILE, "r").read(100) # read max 100 B, the key should never be so long
+
 
 # *** Custom Jinja filters ***
 def ts_to_str(ts):
@@ -37,7 +55,7 @@ def get_token():
         "grant_type": "password"
     }
     try:
-        resp = requests.post(url, data, verify=CA_CERT)
+        resp = requests.post(url, data, verify=CA_CERT_FILE)
         if resp.status_code != 200:
             flash(f"ERROR: Can't get token for API access: ({resp.status_code}) {resp.text[:200]}", "error")
             return None
@@ -52,7 +70,7 @@ def get_users():
     token = get_token()
     if token is None:
         return [] # can't get token, error message is already flashed by get_token function
-    resp = requests.get(url, headers={'Authorization': 'Bearer ' + token}, verify=CA_CERT)
+    resp = requests.get(url, headers={'Authorization': 'Bearer ' + token}, verify=CA_CERT_FILE)
     if not resp.ok:
         flash(f"ERROR: Can't get list of users: ({resp.status_code}) {resp.text[:200]}", "error")
         return []
diff --git a/requirements.txt b/requirements.txt
index 92710e6d04731629dff24f96cdc0038577eb2a8a..532a5a094918a68ac7ed7d41155563c650640ae9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -3,4 +3,5 @@ flask_wtf~=1.0.0
 wtforms~=3.0.1
 email-validator~=1.1.3
 requests~=2.27.1
-jinja2~=3.1.1
\ No newline at end of file
+jinja2~=3.1.1
+PyYAML~=5.2
\ No newline at end of file