diff --git a/.env.sample b/.env.sample
index 76d17ec..a49ecd6 100644
--- a/.env.sample
+++ b/.env.sample
@@ -44,8 +44,6 @@ LETS_ENCRYPT_ENV=production
 #KEYCLOAK_ENABLED=1
 #COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
 #OAUTH_CLIENT_ID=writefreely
-#OAUTH_HOST=
-#OAUTH_CLIENT_SECRET=
-#OAUTH_LOGIN_BUTTON=
-#OAUTH_WRITEFREELY_VERSION=v1
+#OAUTH_HOST=https://<your domain>/auth/realms/<your realm>/protocol/openid-connect
+#OAUTH_DISPLAY_NAME=Keycloak
 #OAUTH_CLIENT_SECRET_VERSION=v1
diff --git a/README.md b/README.md
index e293c1a..03f78e7 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,9 @@ abra app run <domain> app -- writefreely -c /usr/share/writefreely/config.ini us
 
 ## Keycloak setup
 
-For the **OAUTH_HOST** config, it uses this format: `https://keycloak.domain.here/auth/realms/<your realm>/protocol/openid-connect`.
+For the **OAUTH_HOST** config, it uses this format: `https://keycloak.example.com/auth/realms/<your realm>/protocol/openid-connect`.
+
+To set the client secret: `abra app secret insert <domain> oauth_client_secret v1`
 
 ## MariaDB
 
diff --git a/config.ini.tmpl b/config.ini.tmpl
index ad47905..7f7398e 100644
--- a/config.ini.tmpl
+++ b/config.ini.tmpl
@@ -57,7 +57,7 @@ disable_password_auth = {{ env "DISABLE_PASSWORD_AUTH" }}
 client_id          = {{ env "OAUTH_CLIENT_ID" }}
 client_secret      = {{ secret "oauth_client_secret" }}
 host               = {{ env "OAUTH_HOST" }}
-display_name       = {{ env "OAUTH_LOGIN_BUTTON" }}
+display_name       = {{ env "OAUTH_DISPLAY_NAME" }}
 callback_proxy     =
 callback_proxy_api =
 token_endpoint     = /token