diff --git a/storage/pkg/command/authbearer.go b/storage/pkg/command/authbearer.go
index d15b726fcd..31db3e83bb 100644
--- a/storage/pkg/command/authbearer.go
+++ b/storage/pkg/command/authbearer.go
@@ -101,7 +101,7 @@ func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]i
 			// TODO build services dynamically
 			"services": map[string]interface{}{
 				"authprovider": map[string]interface{}{
-					"auth_manager": "oidc",
+					"auth_manager": cfg.Reva.AuthBearerConfig.Driver,
 					"auth_managers": map[string]interface{}{
 						"oidc": map[string]interface{}{
 							"issuer":     cfg.Reva.OIDC.Issuer,
@@ -111,6 +111,9 @@ func authBearerConfigFromStruct(c *cli.Context, cfg *config.Config) map[string]i
 							"gid_claim":  cfg.Reva.OIDC.GIDClaim,
 							"gatewaysvc": cfg.Reva.Gateway.Endpoint,
 						},
+						"machine": map[string]interface{}{
+							"api_key": cfg.Reva.AuthBearerConfig.MachineAuthAPIKey,
+						},
 					},
 				},
 			},
diff --git a/storage/pkg/config/config.go b/storage/pkg/config/config.go
index e50bc34c51..7abaa3e3d2 100644
--- a/storage/pkg/config/config.go
+++ b/storage/pkg/config/config.go
@@ -119,6 +119,13 @@ type Users struct {
 	UserGroupsCacheExpiration int
 }
 
+// AuthBearerConfig defines the available configuration for the bearer auth drivers.
+type AuthBearerConfig struct {
+	Port
+	Driver            string
+	MachineAuthAPIKey string
+}
+
 // Groups defines the available groups configuration.
 type Groups struct {
 	Port
@@ -423,6 +430,7 @@ type Reva struct {
 	Users             Users
 	Groups            Groups
 	AuthProvider      Users
+	AuthBearerConfig  AuthBearerConfig
 	AuthBasic         Port
 	AuthBearer        Port
 	Sharing           Sharing
diff --git a/storage/pkg/flagset/authbearer.go b/storage/pkg/flagset/authbearer.go
index d35e3bd2ea..fc5a66e6bc 100644
--- a/storage/pkg/flagset/authbearer.go
+++ b/storage/pkg/flagset/authbearer.go
@@ -19,6 +19,15 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 			Destination: &cfg.Reva.AuthBearer.DebugAddr,
 		},
 
+		// Driver
+		&cli.StringFlag{
+			Name:        "auth-driver",
+			Value:       flags.OverrideDefaultString(cfg.Reva.AuthBearerConfig.Driver, "oidc"),
+			Usage:       "bearer auth driver: 'oidc' or 'machine'",
+			EnvVars:     []string{"STORAGE_AUTH_BEARER_DRIVER"},
+			Destination: &cfg.Reva.AuthBearerConfig.Driver,
+		},
+
 		// OIDC
 
 		&cli.StringFlag{
@@ -63,6 +72,16 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 			Destination: &cfg.Reva.OIDC.GIDClaim,
 		},
 
+		// Machine Auth
+
+		&cli.StringFlag{
+			Name:        "machine-auth-api-key",
+			Value:       flags.OverrideDefaultString(cfg.Reva.AuthBearerConfig.MachineAuthAPIKey, "change-me-please"),
+			Usage:       "the API key to be used for the machine auth driver in reva",
+			EnvVars:     []string{"STORAGE_AUTH_BEARER_MACHINE_AUTH_API_KEY", "OCIS_MACHINE_AUTH_API_KEY"},
+			Destination: &cfg.Reva.AuthBearerConfig.MachineAuthAPIKey,
+		},
+
 		// Services
 
 		// AuthBearer