diff --git a/changelog/unreleased/fix-configure-idp-secrets-env.md b/changelog/unreleased/fix-configure-idp-secrets-env.md
new file mode 100644
index 0000000000..4a342db94b
--- /dev/null
+++ b/changelog/unreleased/fix-configure-idp-secrets-env.md
@@ -0,0 +1,6 @@
+Bugfix: Make IDP secrets configurable via environment variables
+
+We've fixed the configuration options of the IDP to make the IDP secrets again
+configurable via environment variables.
+
+https://github.com/owncloud/ocis/pull/3744
diff --git a/extensions/idp/pkg/config/config.go b/extensions/idp/pkg/config/config.go
index b39400d77e..70c5ed1daf 100644
--- a/extensions/idp/pkg/config/config.go
+++ b/extensions/idp/pkg/config/config.go
@@ -86,7 +86,7 @@ type Settings struct {
 	AllowClientGuests              bool     `yaml:"allow_client_guests" env:"IDP_ALLOW_CLIENT_GUESTS"`
 	AllowDynamicClientRegistration bool     `yaml:"allow_dynamic_client_registration" env:"IDP_ALLOW_DYNAMIC_CLIENT_REGISTRATION"`
 
-	EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET"`
+	EncryptionSecretFile string `yaml:"encrypt_secret_file" env:"IDP_ENCRYPTION_SECRET_FILE"`
 
 	Listen string
 
@@ -101,7 +101,7 @@ type Settings struct {
 
 	SigningKid             string   `yaml:"signing_kid" env:"IDP_SIGNING_KID"`
 	SigningMethod          string   `yaml:"signing_method" env:"IDP_SIGNING_METHOD"`
-	SigningPrivateKeyFiles []string `yaml:"signing_private_key_files"` // TODO: is this even needed?
+	SigningPrivateKeyFiles []string `yaml:"signing_private_key_files" env:"IDP_SIGNING_PRIVATE_KEY_FILES"`
 	ValidationKeysPath     string   `yaml:"validation_keys_path" env:"IDP_VALIDATION_KEYS_PATH"`
 
 	CookieBackendURI string