diff --git a/Rapport_AppSec.odt b/Rapport_AppSec.odt
index cb0c1c28424580b1e742d4469925fca83a47fadc..b40fa935c407ae4cf76a3d81fe22bd79e8b2b906 100644
Binary files a/Rapport_AppSec.odt and b/Rapport_AppSec.odt differ
diff --git a/credentials.env b/credentials.env
new file mode 100644
index 0000000000000000000000000000000000000000..c537b5ca11d4af98056f9b3022b5aba9fe5e8704
--- /dev/null
+++ b/credentials.env
@@ -0,0 +1,4 @@
+GET_USERS = "foo aristote"
+GET_PASSWORDS = "bar Euclide"
+ALL_USERS = "aristote"
+ALL_PASSWORDS = "Euclide"
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 7b249fe947ff17620e3ea44752af3e6c85b8b7ac..d963c4090564ed840957fc607267de80abb8602a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,9 @@ services:
       - 443:443
 
   appsec:
+    env_file: credentials.env
     image: docker-app-sec
     container_name: appsec
     expose:
       - "8080"
+
diff --git a/main.go b/main.go
index 6c60a7e0e847077268601cdd2d3b034e52e6584d..fa4c9a6dde77564fafdd4a5f413b454b649a8442 100644
--- a/main.go
+++ b/main.go
@@ -1,9 +1,12 @@
-package main 
+package main
 
 import (
+	"fmt"
 	"net/http"
-	"github.com/gin-gonic/gin"
+	"os"
 	"strings"
+
+	"github.com/gin-gonic/gin"
 	jwtverifier "github.com/okta/okta-jwt-verifier-golang"
 )
 
@@ -138,9 +141,9 @@ func verify(c *gin.Context) bool {
 
 			for _, value := range targetAuth {
 				if value == m {
-						status = true
+					status = true
 				} else {
-						status = false
+					status = false
 				}
 			}
 		}
@@ -164,27 +167,40 @@ var auth = make(map[string][]string)
 func main() {
 	router := gin.Default()
 
-	authGetStudents := router.Group("/", gin.BasicAuth(gin.Accounts{
-		"foo":      "bar",
-		"aristote": "Eucl1de",
-	}))
+	fmt.Print(os.Environ())
 
-	authAllStudents := router.Group("/", gin.BasicAuth(gin.Accounts{
-		"aristote": "Eucl1de",
-	}))
+	imported_users_GET := strings.Fields(os.Getenv("GET_USERS"))
+	imported_passwords_GET := strings.Fields(os.Getenv("GET_PASSWORDS"))
+
+	imported_users_ALL := strings.Fields(os.Getenv("ALL_USERS"))
+	imported_passwords_ALL := strings.Fields(os.Getenv("ALL_PASSWORDS"))
+
+	var users_GET = make(map[string]string)
+	var users_ALL = make(map[string]string)
+
+	// Add imported users and passwords for GET requests
+	for key, val := range imported_users_GET {
+		user_password := imported_passwords_GET[key]
+		users_GET[val] = user_password
+	}
+
+	// Add imported users and passwords for ALL requests
+	for key, val := range imported_users_ALL {
+		user_password := imported_passwords_ALL[key]
+		users_ALL[val] = user_password
+	}
+
+	authGetStudents := router.Group("/", gin.BasicAuth(users_GET))
+	authAllStudents := router.Group("/", gin.BasicAuth(users_ALL))
 
 	authGetStudents.GET("/students", getStudents)
 	authGetStudents.GET("/students/:id", getStudentByID)
 	authAllStudents.POST("/students", postStudent)
 	authAllStudents.DELETE("/student/:id", deleteStudent)
 
-	auth["steven.jaquet@etu.hesge.ch"] =
-	append(auth["steven.jaquet@etu.hesge.ch"], "GET", "POST")
-	auth["michael.jaquet1@etu.hesge.ch"] =
-	append(auth["michael.jaquet1@etu.hesge.ch"], "GET", "DELETE")
-	auth["david.jaquet1@etu.hesge.ch"] =
-	append(auth["david.jaquet1@etu.hesge.ch"], "GET")
+	auth["steven.jaquet@etu.hesge.ch"] = append(auth["steven.jaquet@etu.hesge.ch"], "GET", "POST")
+	auth["michael.jaquet1@etu.hesge.ch"] = append(auth["michael.jaquet1@etu.hesge.ch"], "GET", "DELETE")
+	auth["david.jaquet1@etu.hesge.ch"] = append(auth["david.jaquet1@etu.hesge.ch"], "GET")
 
 	router.Run(":8080")
 }
-