diff --git a/services/docker-compose.yml b/services/docker-compose.yml
index b268db3ad..7243ce1d0 100644
--- a/services/docker-compose.yml
+++ b/services/docker-compose.yml
@@ -1,61 +1,62 @@
 version: "3.9"
 services:
   base:
     build: base-image
     image: commapp/services-base:1.0
   # tunnelbroker
   tunnelbroker-base:
     build:
       dockerfile: services/tunnelbroker/docker-base/Dockerfile
       context: ../
     image: commapp/tunnelbroker-base:2.0
   tunnelbroker-server:
     build:
       dockerfile: services/tunnelbroker/docker-server/Dockerfile
       context: ../
       args:
         - COMM_TEST_SERVICES=${COMM_TEST_SERVICES}
     image: commapp/tunnelbroker-server:0.2
     container_name: tunnelbroker-server
     ports:
       - "${COMM_SERVICES_PORT_TUNNELBROKER}:50051"
     volumes:
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
+      - ./tunnelbroker/tunnelbroker.ini:/root/tunnelbroker/tunnelbroker.ini:ro
   # backup
   backup-base:
     build:
       dockerfile: services/backup/docker-base/Dockerfile
       context: ../
     image: commapp/backup-base:1.0
   backup-server:
     build:
       dockerfile: services/backup/docker-server/Dockerfile
       context: ../
       args:
         - COMM_TEST_SERVICES=${COMM_TEST_SERVICES}
         - COMM_SERVICES_DEV_MODE=${COMM_SERVICES_DEV_MODE}
     image: commapp/backup-server:0.1
     container_name: backup-server
     ports:
       - "${COMM_SERVICES_PORT_BACKUP}:50051"
     volumes:
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
   # blob
   blob-base:
     build: 
       dockerfile: services/blob/docker-base/Dockerfile
       context: ../
     image: commapp/blob-base:1.1
   blob-server:
     build: 
       dockerfile: services/blob/docker-server/Dockerfile
       context: ../
       args:
         - COMM_TEST_SERVICES=${COMM_TEST_SERVICES}
         - COMM_SERVICES_DEV_MODE=${COMM_SERVICES_DEV_MODE}
     image: commapp/blob-server:0.1
     container_name: blob-server
     ports:
       - "${COMM_SERVICES_PORT_BLOB}:50051"
     volumes:
       - $HOME/.aws/credentials:/root/.aws/credentials:ro
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Constants.h b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
index 22b4d0502..5644993f2 100644
--- a/services/tunnelbroker/docker-server/contents/server/src/Constants.h
+++ b/services/tunnelbroker/docker-server/contents/server/src/Constants.h
@@ -1,49 +1,49 @@
 #pragma once
 
+#include <cstdlib>
 #include <regex>
 #include <string>
 
 namespace comm {
 namespace network {
 
-// Tunnelbroker server Identification
-const std::string TUNNELBROKER_ID = "tunnel1";
-
-// AWS
+// AWS DynamoDB
 const std::string DEVICE_SESSIONS_TABLE_NAME = "tunnelbroker-device-session";
 const std::string DEVICE_SESSIONS_VERIFICATION_MESSAGES_TABLE_NAME =
     "tunnelbroker-verification-message";
 const std::string DEVICE_PUBLIC_KEY_TABLE_NAME = "tunnelbroker-public-key";
 
 // Sessions
 const size_t SIGNATURE_REQUEST_LENGTH = 64;
 const size_t SESSION_ID_LENGTH = 64;
 const size_t SESSION_RECORD_TTL = 30 * 24 * 3600; // 30 days
 const size_t SESSION_SIGN_RECORD_TTL = 24 * 3600; // 24 hours
 
 // gRPC Server
 const std::string SERVER_LISTEN_ADDRESS = "0.0.0.0:50051";
 
 // AMQP (RabbitMQ)
-const std::string AMQP_URI = "amqp://guest:guest@0.0.0.0/vhost";
 const std::string AMQP_FANOUT_EXCHANGE_NAME = "allBrokers";
 // message TTL
 const size_t AMQP_MESSAGE_TTL = 300 * 1000; // 5 min
 // queue TTL in case of no consumers (tunnelbroker is down)
 const size_t AMQP_QUEUE_TTL = 24 * 3600 * 1000; // 24 hours
 // routing message headers name
 const std::string AMQP_HEADER_FROM_DEVICEID = "fromDeviceid";
 const std::string AMQP_HEADER_TO_DEVICEID = "toDeviceid";
 
 const long long AMQP_SHORTEST_RECONNECTION_ATTEMPT_INTERVAL =
     1000 * 60; // 1 min
 
 // DeviceID
-const std::string DEVICEID_DEFAULT_KEYSERVER_ID = "ks:256";
 const size_t DEVICEID_CHAR_LENGTH = 64;
 const std::regex DEVICEID_FORMAT_REGEX(
     "^(ks|mobile|web):[a-zA-Z0-9]{" + std::to_string(DEVICEID_CHAR_LENGTH) +
     "}$");
 
+// Config
+const std::string CONFIG_FILE_PATH =
+    std::string(std::getenv("HOME")) + "/tunnelbroker/tunnelbroker.ini";
+
 } // namespace network
 } // namespace comm
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.cpp b/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.cpp
new file mode 100644
index 000000000..4ab9f8b15
--- /dev/null
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.cpp
@@ -0,0 +1,95 @@
+#include "ConfigManager.h"
+#include "Constants.h"
+
+#include <fstream>
+
+namespace comm {
+namespace network {
+namespace config {
+
+const std::string ConfigManager::OPTION_TUNNELBROKER_ID =
+    "tunnelbroker.instance-id";
+const std::string ConfigManager::OPTION_DEFAULT_KEYSERVER_ID =
+    "keyserver.default_keyserver_id";
+const std::string ConfigManager::OPTION_AMQP_URI = "amqp.uri";
+const std::string ConfigManager::OPTION_AMQP_FANOUT_EXCHANGE =
+    "amqp.fanout_exchange_name";
+const std::string ConfigManager::OPTION_DYNAMODB_SESSIONS_TABLE =
+    "dynamodb.sessions_table_name";
+const std::string ConfigManager::OPTION_DYNAMODB_SESSIONS_VERIFICATION_TABLE =
+    "dynamodb.sessions_verification_table_name";
+const std::string ConfigManager::OPTION_DYNAMODB_SESSIONS_PUBLIC_KEY_TABLE =
+    "dynamodb.sessions_public_key_table_name";
+
+ConfigManager &ConfigManager::getInstance() {
+  static ConfigManager instance;
+  return instance;
+}
+
+void ConfigManager::load() {
+  try {
+    std::ifstream fileStream;
+    fileStream.open(CONFIG_FILE_PATH.c_str(), std::ifstream::in);
+    if (!fileStream.is_open()) {
+      throw std::runtime_error("Error: can not open file " + CONFIG_FILE_PATH);
+    }
+
+    boost::program_options::options_description description{
+        "Tunnelbroker options"};
+    description.add_options()(
+        this->OPTION_TUNNELBROKER_ID.c_str(),
+        boost::program_options::value<std::string>()->required(),
+        "Tunnelbroker unique identification");
+    description.add_options()(
+        this->OPTION_DEFAULT_KEYSERVER_ID.c_str(),
+        boost::program_options::value<std::string>()->required(),
+        "Default and only allowed keyserver deviceID");
+    description.add_options()(
+        this->OPTION_AMQP_URI.c_str(),
+        boost::program_options::value<std::string>()->required(),
+        "AMQP URI connection string");
+    description.add_options()(
+        this->OPTION_AMQP_FANOUT_EXCHANGE.c_str(),
+        boost::program_options::value<std::string>()->default_value(
+            AMQP_FANOUT_EXCHANGE_NAME),
+        "AMQP Fanout exchange name");
+    description.add_options()(
+        this->OPTION_DYNAMODB_SESSIONS_TABLE.c_str(),
+        boost::program_options::value<std::string>()->default_value(
+            DEVICE_SESSIONS_TABLE_NAME),
+        "DynamoDB table name for sessions");
+    description.add_options()(
+        this->OPTION_DYNAMODB_SESSIONS_VERIFICATION_TABLE.c_str(),
+        boost::program_options::value<std::string>()->default_value(
+            DEVICE_SESSIONS_VERIFICATION_MESSAGES_TABLE_NAME),
+        "DynamoDB table name for sessions verification messages");
+    description.add_options()(
+        this->OPTION_DYNAMODB_SESSIONS_PUBLIC_KEY_TABLE.c_str(),
+        boost::program_options::value<std::string>()->default_value(
+            DEVICE_PUBLIC_KEY_TABLE_NAME),
+        "DynamoDB table name for public keys");
+
+    boost::program_options::parsed_options parsedDescription =
+        boost::program_options::parse_config_file(
+            fileStream, description, true);
+    boost::program_options::store(parsedDescription, this->variablesMap);
+    boost::program_options::notify(this->variablesMap);
+    fileStream.close();
+  } catch (const std::exception &e) {
+    throw std::runtime_error(
+        "Got an exception at ConfigManager: " + std::string(e.what()));
+  }
+}
+
+std::string ConfigManager::getParameter(std::string param) {
+  if (!this->variablesMap.count(param) &&
+      !this->variablesMap[param].defaulted()) {
+    throw std::runtime_error(
+        "ConfigManager Error: config parameter " + param + " is not set.");
+  }
+  return this->variablesMap[param].as<std::string>();
+}
+
+} // namespace config
+} // namespace network
+} // namespace comm
diff --git a/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.h b/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.h
new file mode 100644
index 000000000..7b72afa77
--- /dev/null
+++ b/services/tunnelbroker/docker-server/contents/server/src/Tools/ConfigManager.h
@@ -0,0 +1,32 @@
+#pragma once
+
+#include <boost/program_options.hpp>
+
+#include <iostream>
+#include <string>
+
+namespace comm {
+namespace network {
+namespace config {
+
+class ConfigManager {
+private:
+  boost::program_options::variables_map variablesMap;
+
+public:
+  static const std::string OPTION_TUNNELBROKER_ID;
+  static const std::string OPTION_DEFAULT_KEYSERVER_ID;
+  static const std::string OPTION_AMQP_URI;
+  static const std::string OPTION_AMQP_FANOUT_EXCHANGE;
+  static const std::string OPTION_DYNAMODB_SESSIONS_TABLE;
+  static const std::string OPTION_DYNAMODB_SESSIONS_VERIFICATION_TABLE;
+  static const std::string OPTION_DYNAMODB_SESSIONS_PUBLIC_KEY_TABLE;
+
+  static ConfigManager &getInstance();
+  void load();
+  std::string getParameter(std::string param);
+};
+
+} // namespace config
+} // namespace network
+} // namespace comm
diff --git a/services/tunnelbroker/docker-server/contents/server/src/server.cpp b/services/tunnelbroker/docker-server/contents/server/src/server.cpp
index 60fca719a..f315595a1 100644
--- a/services/tunnelbroker/docker-server/contents/server/src/server.cpp
+++ b/services/tunnelbroker/docker-server/contents/server/src/server.cpp
@@ -1,41 +1,44 @@
 #include "AmqpManager.h"
+#include "ConfigManager.h"
 #include "Constants.h"
 #include "TunnelbrokerServiceImpl.h"
 
 #include <grpcpp/grpcpp.h>
 
 #include <iostream>
 #include <string>
 #include <thread>
 
 namespace comm {
 namespace network {
 
 void RunServer() {
   TunnelBrokerServiceImpl service;
   grpc::EnableDefaultHealthCheckService(true);
   grpc::ServerBuilder builder;
   // Listen on the given address without any authentication mechanism.
   builder.AddListeningPort(
       SERVER_LISTEN_ADDRESS, grpc::InsecureServerCredentials());
   // Register "service" as the instance through which we'll communicate with
   // clients. In this case it corresponds to an *synchronous* service.
   builder.RegisterService(&service);
   std::unique_ptr<grpc::Server> server(builder.BuildAndStart());
   std::cout << "gRPC Server listening at :" << SERVER_LISTEN_ADDRESS
             << std::endl;
   // Wait for the server to shutdown. Note that some other thread must be
   // responsible for shutting down the server for this call to ever return.
   server->Wait();
 }
 
 } // namespace network
 } // namespace comm
 
 int main(int argc, char **argv) {
+  comm::network::config::ConfigManager::getInstance().load();
+
   std::thread amqpThread(comm::network::AMQPConnect);
   std::thread grpcThread(comm::network::RunServer);
   amqpThread.join();
   grpcThread.join();
   return 0;
 }
diff --git a/services/tunnelbroker/tunnelbroker.ini b/services/tunnelbroker/tunnelbroker.ini
new file mode 100644
index 000000000..9e0d48705
--- /dev/null
+++ b/services/tunnelbroker/tunnelbroker.ini
@@ -0,0 +1,6 @@
+[tunnelbroker]
+instance-id = tunnelbroker1
+[keyserver]
+default_keyserver_id = ks:256
+[amqp]
+uri = amqp://guest:guest@0.0.0.0/vhost