diff --git a/.env b/.env
index e58ac39..8920aa2 100644
--- a/.env
+++ b/.env
@@ -2,4 +2,6 @@ DB_URL = "localhost:8000"
 DB_USER = "root"
 DB_PASS = "root"
 DB_NAMESPACE = "brain"
-DB_NAME = "migration"
\ No newline at end of file
+DB_NAME = "migration"
+
+# ADMIN_PUB_KEYS = "admin_key01, admin_key02, admin_key03"
\ No newline at end of file
diff --git a/src/constants.rs b/src/constants.rs
index c505d60..ed93ad5 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -1,14 +1,23 @@
+use std::sync::LazyLock;
+
 pub const BRAIN_GRPC_ADDR: &str = "0.0.0.0:31337";
 pub const CERT_PATH: &str = "./tmp/brain-crt.pem";
 pub const CERT_KEY_PATH: &str = "./tmp/brain-key.pem";
 
 pub const DB_SCHEMA_FILE: &str = "interim_tables.surql";
 
-pub const ADMIN_ACCOUNTS: &[&str] = &[
-    "x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK",
-    "FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL",
-    "H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc",
-];
+pub static ADMIN_ACCOUNTS: LazyLock<Vec<String>> = LazyLock::new(|| {
+    let default_admin_keys = vec![
+        "x52w7jARC5erhWWK65VZmjdGXzBK6ZDgfv1A283d8XK".to_string(),
+        "FHuecMbeC1PfjkW2JKyoicJAuiU7khgQT16QUB3Q1XdL".to_string(),
+        "H21Shi4iE7vgfjWEQNvzmpmBMJSaiZ17PYUcdNoAoKNc".to_string(),
+    ];
+
+    std::env::var("ADMIN_PUB_KEYS")
+        .ok()
+        .map(|keys| keys.split(',').map(|key| key.trim().to_string()).collect::<Vec<String>>())
+        .unwrap_or(default_admin_keys)
+});
 
 pub const OLD_BRAIN_DATA_PATH: &str = "./saved_data.yaml";
 
diff --git a/src/grpc/mod.rs b/src/grpc/mod.rs
index 7833c5b..07bb334 100644
--- a/src/grpc/mod.rs
+++ b/src/grpc/mod.rs
@@ -166,7 +166,8 @@ pub fn check_admin_key<T>(req: &Request<T>) -> Result<(), Status> {
     };
     let pubkey = pubkey
         .to_str()
-        .map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?;
+        .map_err(|_| Status::unauthenticated("could not parse pubkey metadata to str"))?
+        .to_owned();
 
     if !ADMIN_ACCOUNTS.contains(&pubkey) {
         return Err(Status::unauthenticated("This operation is reserved to admin accounts"));
diff --git a/src/grpc/vm.rs b/src/grpc/vm.rs
index 49f9eff..61db22f 100644
--- a/src/grpc/vm.rs
+++ b/src/grpc/vm.rs
@@ -207,7 +207,9 @@ impl BrainVmCli for VmCliServer {
     async fn new_vm(&self, req: Request<NewVmReq>) -> Result<Response<NewVmResp>, Status> {
         let req = check_sig_from_req(req)?;
         info!("New VM requested via CLI: {req:?}");
-        if db::general::Account::is_banned_by_node(&self.db, &req.admin_pubkey, &req.node_pubkey).await? {
+        if db::general::Account::is_banned_by_node(&self.db, &req.admin_pubkey, &req.node_pubkey)
+            .await?
+        {
             return Err(Status::permission_denied("This operator banned you. What did you do?"));
         }