diff --git a/Dockerfile b/Dockerfile
index b32c8dfceec3f6a8516c68de63f712e3a288610a..2ceefb484bf8556ec1f5fb5d02ee04b261b23b90 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -123,8 +123,12 @@ ENV OIDENTD_CONF_FILE=""
 
 # Require SSL for remote (non-loopback) client connections.
 ENV SSL_REQUIRED="false"
+# Specify the base64 encoded data for the SSL certificate.
+ENV SSL_CERT_DATA=""
 # Specify the path to the SSL certificate.
 ENV SSL_CERT_FILE=""
+# Specify the base64 encoded data for the SSL certificate.
+ENV SSL_KEY_DATA=""
 # Specify the path to the SSL key.
 ENV SSL_KEY_FILE=""
 
diff --git a/src/docker-entrypoint.sh b/src/docker-entrypoint.sh
index f7ce10b946e41084e53c5b5cb8e478a287f9b146..d247e02bbba80802dba3fa762bca8e215fd4e158 100755
--- a/src/docker-entrypoint.sh
+++ b/src/docker-entrypoint.sh
@@ -6,7 +6,7 @@ declare -a quasselcore_args
 quasselcore_args+=(
   --configdir "${CONFIG_DIR}"
 )
-  
+
 # The address(es) quasselcore will listen on.
 # format: <address>[,<address>[,...]]
 if [[ "${QUASSEL_PORT}" != "4242" ]]; then
@@ -14,7 +14,7 @@ if [[ "${QUASSEL_PORT}" != "4242" ]]; then
     --port "${QUASSEL_PORT}"
   )
 fi
-  
+
 # The port quasselcore will listen at.
 # format: port
 if [[ "${QUASSEL_LISTEN}" != "::,0.0.0.0" ]]; then
@@ -58,7 +58,7 @@ if [[ "${IDENT_LISTEN}" != "::1,127.0.0.1" ]]; then
     --ident-listen "${IDENT_LISTEN}"
   )
 fi
-  
+
 # The port quasselcore will listen at for ident requests. Only meaningful with --ident-daemon.
 # format: port
 if [[ "${IDENT_PORT}" != "10113" ]]; then
@@ -89,6 +89,13 @@ if [[ "${SSL_REQUIRED}" == "true" ]]; then
   )
 fi
 
+# Specify the path to the SSL certificate.
+# format: base64 data
+if [[ ! -z "${SSL_CERT_DATA}" ]]; then
+  echo "${SSL_CERT_DATA}" | base64 -d > /tls.crt
+  export SSL_CERT_FILE=/tls.crt
+fi
+
 # Specify the path to the SSL certificate.
 # format: path
 if [[ ! -z "${SSL_CERT_FILE}" ]]; then
@@ -97,6 +104,13 @@ if [[ ! -z "${SSL_CERT_FILE}" ]]; then
   )
 fi
 
+# Specify the path to the SSL certificate.
+# format: base64 data
+if [[ ! -z "${SSL_KEY_DATA}" ]]; then
+  echo "${SSL_KEY_DATA}" | base64 -d > /tls.key
+  export SSL_KEY_FILE=/tls.key
+fi
+
 # Specify the path to the SSL key.
 # format: path
 if [[ ! -z "${SSL_KEY_FILE}" ]]; then