diff --git a/Dockerfile b/Dockerfile
index 37aa1eac7..566472407 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,7 +13,9 @@ RUN  \
 
 FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
diff --git a/Dockerfile.cicd b/Dockerfile.cicd
index 527102524..15b3ad416 100644
--- a/Dockerfile.cicd
+++ b/Dockerfile.cicd
@@ -15,7 +15,9 @@ FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3
 
 ARG TARGETARCH
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
diff --git a/Dockerfile.dev b/Dockerfile.dev
index cab972947..752b80d44 100644
--- a/Dockerfile.dev
+++ b/Dockerfile.dev
@@ -8,6 +8,8 @@ COPY dockerscripts/docker-entrypoint.sh /usr/bin/
 COPY minio /usr/bin/
 
 ENV MINIO_UPDATE=off \
+    MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
     MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key
diff --git a/Dockerfile.release b/Dockerfile.release
index 912a40fe0..679fbd40d 100644
--- a/Dockerfile.release
+++ b/Dockerfile.release
@@ -12,7 +12,9 @@ LABEL name="MinIO" \
       summary="MinIO is a High Performance Object Storage, API compatible with Amazon S3 cloud storage service." \
       description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
 
-ENV MINIO_ROOT_USER_FILE=access_key \
+ENV MINIO_ACCESS_KEY_FILE=access_key \
+    MINIO_SECRET_KEY_FILE=secret_key \
+    MINIO_ROOT_USER_FILE=access_key \
     MINIO_ROOT_PASSWORD_FILE=secret_key \
     MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
     MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
diff --git a/cmd/common-main.go b/cmd/common-main.go
index 379892925..a1f39a093 100644
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -309,6 +309,15 @@ func handleCommonEnvVars() {
 	// in-place update is off.
 	globalInplaceUpdateDisabled = strings.EqualFold(env.Get(config.EnvUpdate, config.EnableOn), config.EnableOff)
 
+	if env.IsSet(config.EnvAccessKey) || env.IsSet(config.EnvSecretKey) {
+		cred, err := auth.CreateCredentials(env.Get(config.EnvAccessKey, ""), env.Get(config.EnvSecretKey, ""))
+		if err != nil {
+			logger.Fatal(config.ErrInvalidCredentials(err),
+				"Unable to validate credentials inherited from the shell environment")
+		}
+		globalActiveCred = cred
+	}
+
 	if env.IsSet(config.EnvRootUser) || env.IsSet(config.EnvRootPassword) {
 		cred, err := auth.CreateCredentials(env.Get(config.EnvRootUser, ""), env.Get(config.EnvRootPassword, ""))
 		if err != nil {
diff --git a/cmd/config/constants.go b/cmd/config/constants.go
index e997e2261..60c515b16 100644
--- a/cmd/config/constants.go
+++ b/cmd/config/constants.go
@@ -24,6 +24,8 @@ const (
 
 // Top level common ENVs
 const (
+	EnvAccessKey    = "MINIO_ACCESS_KEY"
+	EnvSecretKey    = "MINIO_SECRET_KEY"
 	EnvRootUser     = "MINIO_ROOT_USER"
 	EnvRootPassword = "MINIO_ROOT_PASSWORD"
 
diff --git a/cmd/test-utils_test.go b/cmd/test-utils_test.go
index 2f7abd1cc..05c9be8a7 100644
--- a/cmd/test-utils_test.go
+++ b/cmd/test-utils_test.go
@@ -82,6 +82,8 @@ func TestMain(m *testing.M) {
 	// disable ENVs which interfere with tests.
 	for _, env := range []string{
 		crypto.EnvKMSAutoEncryption,
+		config.EnvAccessKey,
+		config.EnvSecretKey,
 		config.EnvRootUser,
 		config.EnvRootPassword,
 	} {
diff --git a/dockerscripts/docker-entrypoint.sh b/dockerscripts/docker-entrypoint.sh
index ef62f64b2..57b95d941 100755
--- a/dockerscripts/docker-entrypoint.sh
+++ b/dockerscripts/docker-entrypoint.sh
@@ -8,6 +8,31 @@ if [ "${1}" != "minio" ]; then
     fi
 fi
 
+## Look for docker secrets at given absolute path or in default documented location.
+docker_secrets_env_old() {
+    if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
+        ACCESS_KEY_FILE="$MINIO_ACCESS_KEY_FILE"
+    else
+        ACCESS_KEY_FILE="/run/secrets/$MINIO_ACCESS_KEY_FILE"
+    fi
+    if [ -f "$MINIO_SECRET_KEY_FILE" ]; then
+        SECRET_KEY_FILE="$MINIO_SECRET_KEY_FILE"
+    else
+        SECRET_KEY_FILE="/run/secrets/$MINIO_SECRET_KEY_FILE"
+    fi
+
+    if [ -f "$ACCESS_KEY_FILE" ] && [ -f "$SECRET_KEY_FILE" ]; then
+        if [ -f "$ACCESS_KEY_FILE" ]; then
+            MINIO_ACCESS_KEY="$(cat "$ACCESS_KEY_FILE")"
+            export MINIO_ACCESS_KEY
+        fi
+        if [ -f "$SECRET_KEY_FILE" ]; then
+            MINIO_SECRET_KEY="$(cat "$SECRET_KEY_FILE")"
+            export MINIO_SECRET_KEY
+        fi
+    fi
+}
+
 docker_secrets_env() {
     if [ -f "$MINIO_ROOT_USER_FILE" ]; then
         ROOT_USER_FILE="$MINIO_ROOT_USER_FILE"
@@ -73,6 +98,9 @@ docker_switch_user() {
     fi
 }
 
+## Set access env from secrets if necessary.
+docker_secrets_env_old
+
 ## Set access env from secrets if necessary.
 docker_secrets_env