diff --git a/broflake/broflake.go b/broflake/broflake.go
index f381f3da..c71d400f 100644
--- a/broflake/broflake.go
+++ b/broflake/broflake.go
@@ -8,6 +8,5 @@ import (
 )
 
 func Wrap(ll net.Listener, certPEM string, keyPEM string) (net.Listener, error) {
-	// TODO: update the Broflake library to accept cert and key as PEM encoded strings
 	return egress.NewListener(context.Background(), ll, certPEM, keyPEM)
 }
diff --git a/http-proxy/main.go b/http-proxy/main.go
index 770a097a..22e4dcef 100644
--- a/http-proxy/main.go
+++ b/http-proxy/main.go
@@ -384,6 +384,7 @@ func main() {
 		HTTPAddr:                           *addr,
 		HTTPMultiplexAddr:                  *multiplexAddr,
 		CertFile:                           *certfile,
+		KeyFile:                            *keyfile,
 		CfgSvrAuthToken:                    *cfgSvrAuthToken,
 		ConnectOKWaitsForUpstream:          *connectOKWaitsForUpstream,
 		EnableMultipath:                    *enableMultipath,
@@ -393,7 +394,6 @@ func main() {
 		ExternalIP:                         *externalIP,
 		HTTPS:                              *https,
 		IdleTimeout:                        time.Duration(*idleClose) * time.Second,
-		KeyFile:                            *keyfile,
 		SessionTicketKeys:                  *sessionTicketKeys,
 		SessionTicketKeyFile:               *sessionTicketKeyFile,
 		FirstSessionTicketKey:              *firstSessionTicketKey,
@@ -470,8 +470,6 @@ func main() {
 		PsmuxAggressivePadding:             *psmuxAggressivePadding,
 		PsmuxAggressivePaddingRatio:        *psmuxAggressivePaddingRatio,
 		BroflakeAddr:                       *broflakeAddr,
-		BroflakeCert:                       os.Getenv("BROFLAKE_CERT"),
-		BroflakeKey:                        os.Getenv("BROFLAKE_KEY"),
 		AlgenevaAddr:                       *algenevaAddr,
 		WaterAddr:                          *waterAddr,
 		WaterWASM:                          *waterWASM,
diff --git a/http_proxy.go b/http_proxy.go
index 71897e95..c6ce452f 100644
--- a/http_proxy.go
+++ b/http_proxy.go
@@ -928,7 +928,18 @@ func (p *Proxy) listenBroflake(baseListen func(string) (net.Listener, error)) li
 		if err != nil {
 			return nil, err
 		}
-		wrapped, wrapErr := broflake.Wrap(l, p.BroflakeCert, p.BroflakeKey)
+
+		certPEM, err := os.ReadFile(p.CertFile)
+		if err != nil {
+			log.Fatalf("Unable to read certificate file: %v", err)
+		}
+
+		keyPEM, err := os.ReadFile(p.KeyFile)
+		if err != nil {
+			log.Fatalf("Unable to read key file: %v", err)
+		}
+
+		wrapped, wrapErr := broflake.Wrap(l, string(certPEM), string(keyPEM))
 		if wrapErr != nil {
 			log.Fatalf("Unable to initialize broflake with tcp: %v", wrapErr)
 		}