diff --git a/hsman/app/__init__.py b/hsman/app/__init__.py
index 2bc08a9..a20a66f 100644
--- a/hsman/app/__init__.py
+++ b/hsman/app/__init__.py
@@ -54,14 +54,9 @@ def create_app(environment='development'):
     app.logger.info("jinja2 custom filters loaded")
     filters.init_app(app)
 
-    app.config.update(
-        OIDC_REDIRECT_URI='http://localhost:5000/auth',
-    )
-
     auth.init_app(app)
 
     # Error handlers.
-
     @app.errorhandler(HTTPException)
     def handle_http_error(exc):
         return render_template('error.html', error=exc), exc.code
diff --git a/hsman/config.py b/hsman/config.py
index d3d145c..9170c1a 100644
--- a/hsman/config.py
+++ b/hsman/config.py
@@ -13,6 +13,19 @@ class BaseConfig(object):
     DEBUG_TB_ENABLED = False
     WTF_CSRF_ENABLED = False
 
+    # All the followinf vars can be overriden
+    # in the environment, using `HSMAN_` prefix
+    SECRET_KEY = "secreto"
+    ADMIN_GROUPS = ["adminGroup"]
+    OIDC_CLIENT_ID = 'client-id'
+    OIDC_CLIENT_SECRET = 'client-secreto'
+    OIDC_URL = "https://myidp.example.com/auth"
+    OIDC_REDIRECT_URI = 'http://localhost:5000/auth'
+
+    # These are required by hsapi, should not be defined here
+    # HSAPI_SERVER = "https://headscale.example.com"
+    # HSAPI_API_TOKEN = 'hs-apikey'
+
     @staticmethod
     def configure(app):
         # Implement this method to do further configuration on your app.