diff --git a/.env.example b/.env.example
index f341fe9..3bff029 100644
--- a/.env.example
+++ b/.env.example
@@ -88,5 +88,6 @@ NODE_BLS_KEY_FILE_HOST=${EIGENLAYER_HOME}/operator_keys/opr.bls.key.json
 NODE_PUBLIC_IP_PROVIDER=seeip
 
 # TODO: Operators need to add password to decrypt the above keys
-NODE_ECDSA_KEY_PASSWORD=
-NODE_BLS_KEY_PASSWORD=
\ No newline at end of file
+# If you have some special characters in password, make sure to use single quotes
+NODE_ECDSA_KEY_PASSWORD=''
+NODE_BLS_KEY_PASSWORD=''
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index eede017..cfc88b0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,15 +5,15 @@ services:
     ports:
       - "${NODE_RETRIEVAL_PORT}:${NODE_RETRIEVAL_PORT}"
     volumes:
-      - ${NODE_NGINX_CONF_HOST}:/etc/nginx/templates/default.conf.template:ro
+      - "${NODE_NGINX_CONF_HOST}:/etc/nginx/templates/default.conf.template:ro"
     depends_on:
       - da-node
     networks:
       - eigenda
     environment:
-      - REQUEST_LIMIT=10r/s
-      - NODE_HOST=${MAIN_SERVICE_NAME}
-      - BURST_LIMIT=50
+      - "REQUEST_LIMIT=10r/s"
+      - "NODE_HOST=${MAIN_SERVICE_NAME}"
+      - "BURST_LIMIT=50"
     env_file:
       - .env
     restart: unless-stopped
@@ -28,13 +28,13 @@ services:
     networks:
       - eigenda
     volumes:
-      - ${NODE_ECDSA_KEY_FILE_HOST}:/app/operator_keys/ecdsa_key.json:readonly
-      - ${NODE_BLS_KEY_FILE_HOST}:/app/operator_keys/bls_key.json:readonly
-      - ${NODE_G1_PATH_HOST}:/app/g1.point:readonly
-      - ${NODE_G2_PATH_HOST}:/app/g2.point:readonly
-      - ${NODE_CACHE_PATH_HOST}:/app/cache:rw
-      - ${NODE_LOG_PATH_HOST}:/app/logs:rw
-      - ${NODE_DB_PATH_HOST}:/data/operator/db:rw
+      - "${NODE_ECDSA_KEY_FILE_HOST}:/app/operator_keys/ecdsa_key.json:readonly"
+      - "${NODE_BLS_KEY_FILE_HOST}:/app/operator_keys/bls_key.json:readonly"
+      - "${NODE_G1_PATH_HOST}:/app/g1.point:readonly"
+      - "${NODE_G2_PATH_HOST}:/app/g2.point:readonly"
+      - "${NODE_CACHE_PATH_HOST}:/app/cache:rw"
+      - "${NODE_LOG_PATH_HOST}:/app/logs:rw"
+      - "${NODE_DB_PATH_HOST}:/data/operator/db:rw"
     restart: unless-stopped
 networks:
   eigenda:
diff --git a/monitoring/docker-compose.yml b/monitoring/docker-compose.yml
index 797644e..f62114a 100644
--- a/monitoring/docker-compose.yml
+++ b/monitoring/docker-compose.yml
@@ -34,7 +34,7 @@ services:
     container_name: prometheus
     restart: unless-stopped
     volumes:
-      - ${PROMETHEUS_CONFIG_FILE_HOST}:/etc/prometheus/prometheus.yml
+      - "${PROMETHEUS_CONFIG_FILE_HOST}:/etc/prometheus/prometheus.yml"
     command:
       - '--config.file=/etc/prometheus/prometheus.yml'
       - '--storage.tsdb.path=/prometheus'
@@ -56,8 +56,8 @@ services:
       - GF_SECURITY_ADMIN_USER=admin
       - GF_SECURITY_ADMIN_PASSWORD=admin
     volumes:
-      - grafana_data:/var/lib/grafana
-      - ./grafana:/etc/grafana/provisioning/datasources
-      - ./dashboards:/etc/grafana/provisioning/dashboards
+      - "grafana_data:/var/lib/grafana"
+      - "./grafana:/etc/grafana/provisioning/datasources"
+      - "./dashboards:/etc/grafana/provisioning/dashboards"
     networks:
       - monitoring
\ No newline at end of file
diff --git a/run.sh b/run.sh
index 99fc78f..6d2743e 100755
--- a/run.sh
+++ b/run.sh
@@ -3,6 +3,11 @@
 
 . ./.env
 
+# In both opt-in and opt-out, We have to explicitly set the password again here because
+# when docker run loads the `.env` file, it keeps the quotes around the password
+# which causes the password to be incorrect.
+# To test that try running `docker run --rm --env-file .env busybox /bin/sh -c 'echo $NODE_ECDSA_KEY_PASSWORD'`
+# This will output password with single quote. Not sure why this happens.
 optIn() {
   socket="$NODE_HOSTNAME":"${NODE_DISPERSAL_PORT}"\;"${NODE_RETRIEVAL_PORT}"
   echo "using socket: $socket"
@@ -12,6 +17,8 @@ optIn() {
   --volume "${NODE_BLS_KEY_FILE_HOST}":/app/operator_keys/bls_key.json \
   --volume "${NODE_LOG_PATH_HOST}":/app/logs:rw \
   ghcr.io/layr-labs/eigenda/opr-nodeplugin:release-0.2.1 \
+  --ecdsa-key-password "$NODE_ECDSA_KEY_PASSWORD" \
+  --bls-key-password "$NODE_BLS_KEY_PASSWORD" \
   --operation opt-in \
   --socket "$socket"
 }
@@ -24,6 +31,8 @@ optOut() {
     --volume "${NODE_BLS_KEY_FILE_HOST}":/app/operator_keys/bls_key.json \
     --volume "${NODE_LOG_PATH_HOST}":/app/logs:rw \
     ghcr.io/layr-labs/eigenda/opr-nodeplugin:release-0.2.1 \
+    --ecdsa-key-password "$NODE_ECDSA_KEY_PASSWORD" \
+    --bls-key-password "$NODE_BLS_KEY_PASSWORD" \
     --operation opt-out \
     --socket "$socket"
 }