diff --git a/Dockerfile b/Dockerfile
index be23ffcf..3efde062 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,10 @@ RUN go build -o k8s-kms-plugin ./cmd/k8s-kms-plugin
 
 ### Plugin Server
 FROM ubuntu:20.04 as base-server
-RUN apt-get update && apt-get install -y softhsm curl openssl libssl-dev && rm -rf /var/lib/apt/lists/
+RUN apt-get update && \
+		apt-get install -y softhsm curl openssl libcap2 && \
+		apt-get clean && \
+		rm -rf /var/lib/apt/lists/*
 
 ## Runtime Server
 FROM base-server as kms-server
diff --git a/cmd/k8s-kms-plugin/cmd/serve.go b/cmd/k8s-kms-plugin/cmd/serve.go
index fc9bd5d0..0318edb7 100644
--- a/cmd/k8s-kms-plugin/cmd/serve.go
+++ b/cmd/k8s-kms-plugin/cmd/serve.go
@@ -31,6 +31,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 
 	"github.com/ThalesIgnite/crypto11"
 	"github.com/sirupsen/logrus"
@@ -87,7 +88,8 @@ var serveCmd = &cobra.Command{
 				logrus.Error(err)
 				return
 			}
-			p11pin = string(p11pinBytes)
+			p11pin = strings.TrimSpace(string(p11pinBytes))
+
 			logrus.Infof("Loaded P11 PIN from file: %v", a)
 		} else if a := os.Getenv("P11_PIN"); a != "" {
 			p11pin = a
@@ -141,9 +143,6 @@ func init() {
 	serveCmd.Flags().StringVar(&serverTLSCert, "tls-certificate", "certs/tls.crt", "TLS server cert")
 	// Here you will define your flags and configuration settings.
 
-
-
-
 	serveCmd.Flags().BoolVar(&allowAny, "allow-any", false, "Allow any device (accepts all ids/secrets)")
 
 }