diff --git a/config/docker.exs b/config/docker.exs
index d48dda9e3..6363cfc6b 100644
--- a/config/docker.exs
+++ b/config/docker.exs
@@ -105,3 +105,8 @@ config :tz_world,
   data_dir: System.get_env("MOBILIZON_TIMEZONES_DIR", "/var/lib/mobilizon/timezones")
 
 config :tzdata, :data_dir, System.get_env("MOBILIZON_TZDATA_DIR", "/var/lib/mobilizon/tzdata")
+
+config :web_push_encryption, :vapid_details,
+  subject: System.get_env("MOBILIZON_WEB_PUSH_ENCRYPTION_SUBJECT", nil),
+  public_key: System.get_env("MOBILIZON_WEB_PUSH_ENCRYPTION_PUBLIC_KEY", nil),
+  private_key: System.get_env("MOBILIZON_WEB_PUSH_ENCRYPTION_PRIVATE_KEY", nil)
diff --git a/lib/graphql/resolvers/config.ex b/lib/graphql/resolvers/config.ex
index b66afd1a5..8e5a316e4 100644
--- a/lib/graphql/resolvers/config.ex
+++ b/lib/graphql/resolvers/config.ex
@@ -85,6 +85,9 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
 
   @spec build_config_cache :: map()
   defp build_config_cache do
+    webpush_public_key =
+      get_in(Application.get_env(:web_push_encryption, :vapid_details), [:public_key])
+
     %{
       name: Config.instance_name(),
       registrations_open: Config.instance_registrations_open?(),
@@ -170,9 +173,9 @@ defmodule Mobilizon.GraphQL.Resolvers.Config do
         enabled: Config.get([:instance, :enable_instance_feeds])
       },
       web_push: %{
-        enabled: !is_nil(Application.get_env(:web_push_encryption, :vapid_details)),
+        enabled: is_binary(webpush_public_key) && String.trim(webpush_public_key) != "",
         public_key:
-          get_in(Application.get_env(:web_push_encryption, :vapid_details), [:public_key])
+          if(is_binary(webpush_public_key), do: String.trim(webpush_public_key), else: nil)
       },
       export_formats: Config.instance_export_formats(),
       analytics: FrontEndAnalytics.config(),
diff --git a/lib/mix/tasks/mobilizon/web_push.ex b/lib/mix/tasks/mobilizon/web_push.ex
index a9446eaae..6d67e81e5 100644
--- a/lib/mix/tasks/mobilizon/web_push.ex
+++ b/lib/mix/tasks/mobilizon/web_push.ex
@@ -5,7 +5,6 @@ defmodule Mix.Tasks.Mobilizon.WebPush.Gen.Keypair do
   Taken from https://github.com/danhper/elixir-web-push-encryption/blob/8fd0f71f3222b466d389f559be9800c49f9bb641/lib/mix/tasks/web_push_gen_keypair.ex
   """
   use Mix.Task
-  import Mix.Tasks.Mobilizon.Common, only: [mix_shell?: 0]
 
   @shortdoc "Manages Mobilizon users"
 
@@ -13,20 +12,28 @@ defmodule Mix.Tasks.Mobilizon.WebPush.Gen.Keypair do
   def run(_) do
     {public, private} = :crypto.generate_key(:ecdh, :prime256v1)
 
-    IO.puts("# Put the following in your #{file_name()} config file:")
-    IO.puts("")
-    IO.puts("config :web_push_encryption, :vapid_details,")
-    IO.puts("  subject: \"mailto:administrator@example.com\",")
-    IO.puts("  public_key: \"#{ub64(public)}\",")
-    IO.puts("  private_key: \"#{ub64(private)}\"")
+    IO.puts("Public and private VAPID keys have been generated.")
     IO.puts("")
+
+    if is_nil(System.get_env("MOBILIZON_DOCKER")) do
+      IO.puts("# Put the following in your runtime.exs config file:")
+      IO.puts("")
+      IO.puts("config :web_push_encryption, :vapid_details,")
+      IO.puts("  subject: \"mailto:administrator@example.com\",")
+      IO.puts("  public_key: \"#{ub64(public)}\",")
+      IO.puts("  private_key: \"#{ub64(private)}\"")
+      IO.puts("")
+    else
+      IO.puts("# Set the following environment variables in your .env file:")
+      IO.puts("")
+      IO.puts("MOBILIZON_WEB_PUSH_ENCRYPTION_SUBJECT=\"mailto:administrator@example.com\"")
+      IO.puts("MOBILIZON_WEB_PUSH_ENCRYPTION_PUBLIC_KEY=\"#{ub64(public)}\"")
+      IO.puts("MOBILIZON_WEB_PUSH_ENCRYPTION_PRIVATE_KEY=\"#{ub64(private)}\"")
+      IO.puts("")
+    end
   end
 
   defp ub64(value) do
     Base.url_encode64(value, padding: false)
   end
-
-  defp file_name do
-    if mix_shell?(), do: "runtime.exs", else: "config.exs"
-  end
 end