diff --git a/docker/Dockerfile.step-ca b/docker/Dockerfile.step-ca
index ed6b5f56..8cf918df 100644
--- a/docker/Dockerfile.step-ca
+++ b/docker/Dockerfile.step-ca
@@ -7,7 +7,6 @@ RUN apk add --no-cache curl git make
 RUN make V=1 download
 RUN make V=1 bin/step-ca bin/step-awskms-init bin/step-cloudkms-init
 
-
 FROM smallstep/step-cli:latest
 
 COPY --from=builder /src/bin/step-ca /usr/local/bin/step-ca
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 74093b62..437c617d 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -19,7 +19,7 @@ function init_if_possible () {
         fi
     done
     if [ ${missing_vars} = 1 ]; then
-		>&2 echo "there is no ca.json config file; please run step ca init, or provide config parameters via DOCKER_STEPCA_INIT_ vars"
+        >&2 echo "there is no ca.json config file; please run step ca init, or provide config parameters via DOCKER_STEPCA_INIT_ vars"
     else
         step_ca_init "${@}"
     fi
@@ -34,17 +34,24 @@ function generate_password () {
 
 # Initialize a CA if not already initialized
 function step_ca_init () {
+    DOCKER_STEPCA_INIT_PROVISIONER_NAME="${DOCKER_STEPCA_INIT_PROVISIONER_NAME:-admin}"
+    DOCKER_STEPCA_INIT_ADMIN_SUBJECT="${DOCKER_STEPCA_INIT_ADMIN_SUBJECT:-step}"
+
     local -a setup_args=(
         --name "${DOCKER_STEPCA_INIT_NAME}"
-		--dns "${DOCKER_STEPCA_INIT_DNS_NAMES}"
-		--provisioner "${DOCKER_STEPCA_INIT_PROVISIONER_NAME:-admin}"
-		--password-file "${STEPPATH}/password"
+        --dns "${DOCKER_STEPCA_INIT_DNS_NAMES}"
+        --provisioner "${DOCKER_STEPCA_INIT_PROVISIONER_NAME}"
+        --password-file "${STEPPATH}/password"
+        --provisioner-password-file "${STEPPATH}/provisioner_password"
+        --admin-subject "${DOCKER_STEPCA_INIT_ADMIN_SUBJECT}"
         --address ":9000"
     )
     if [ -n "${DOCKER_STEPCA_INIT_PASSWORD}" ]; then
         echo "${DOCKER_STEPCA_INIT_PASSWORD}" > "${STEPPATH}/password"
+        echo "${DOCKER_STEPCA_INIT_PASSWORD}" > "${STEPPATH}/provisioner_password"
     else
         generate_password > "${STEPPATH}/password"
+        generate_password > "${STEPPATH}/provisioner_password"
     fi
     if [ -n "${DOCKER_STEPCA_INIT_SSH}" ]; then
         setup_args=("${setup_args[@]}" --ssh)
@@ -56,15 +63,22 @@ function step_ca_init () {
         setup_args=("${setup_args[@]}" --remote-management)
     fi
     step ca init "${setup_args[@]}"
+   	echo ""
+    if [ -n "${DOCKER_STEPCA_INIT_REMOTE_MANAGEMENT}" ]; then
+        echo "👉 Your CA administrative username is: ${DOCKER_STEPCA_INIT_ADMIN_SUBJECT}"
+    fi
+    echo "👉 Your CA administrative password is: $(< $STEPPATH/provisioner_password )"
+    echo "🤫 This will only be displayed once."
+    shred -u $STEPPATH/provisioner_password
     mv $STEPPATH/password $PWDPATH
 }
 
 if [ -f /usr/sbin/pcscd ]; then
-	/usr/sbin/pcscd
+    /usr/sbin/pcscd
 fi
 
 if [ ! -f "${STEPPATH}/config/ca.json" ]; then
-	init_if_possible
+    init_if_possible
 fi
 
 exec "${@}"