diff --git a/README.md b/README.md
index 8620213..85f0529 100644
--- a/README.md
+++ b/README.md
@@ -12,7 +12,18 @@ Running in the cluster, it will look for "/var/run/secrets/kubernetes.io/service
 The script will assume that the OBP user is already created. If you want to create a new OBP user, set BOOTSTRAP_OBP_USER_EXISTS to false
 If you have not turned e-mail validation off (setting OBP_AUTHUSER_SKIPEMAILVALIDATION to true) on api side script will fail.
 ### Creating Consumer Keys
-Done via Selenium webdriver. Running host/image needs chrome installed and the chromedriver executable available in the PATH.
+Done via the OBP Portal Page through Selenium webdriver by default, or via keycloak bearer token. 
+
+#### Creating Consumer Keys using the Portal Page
+Running host/image needs chrome installed and the chromedriver executable available in the PATH.
+
+#### Creating Consumer Keys via OBP API with Keycloak bearer token
+
+OBP API needs to allow role assignment via bearer token: Set OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST at OBP configuration/
+Set REGISTER_WITH_KEYCLOAK = "true" if you want to register consumer keys via obp api with keycloak bearer token.
+KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST
+
+
 The script will read the existing consumer key pair from the k8s secret objects of the running api explorer and api manager deployments.
 
 It will only create consumer keys if 'VITE_OBP_CONSUMER_KEY' (api explorer) or 'OAUTH_CONSUMER_KEY' api manager) are:
diff --git a/env_example b/env_example
index 127a479..e9b3001 100644
--- a/env_example
+++ b/env_example
@@ -14,6 +14,16 @@ K8S_OBP_API_NAMESPACE = "obp"
 K8S_OBP_API_DEPLOYMENT = "obp-api"
 # ================================================
 
+# Set to true if you want to create consumer keys via obp api and keycloak bearer token instead of via portal page
+REGISTER_WITH_KEYCLOAK = "false"
+KEYCLOAK_SERVER = "https://mykeycloak.server
+# KEYCLOAK_DEPLOY_CLIENT_ID needs to be the same as configured in OBP_OAUTH2_KEYCLOAK_RESOURCE_ACCESS_KEY_NAME_TO_TRUST
+KEYCLOAK_DEPLOY_CLIENT_ID = "open-bank-project"
+KEYCLOAK_USERNAME = "keycloakadmin"
+KEYCLOAK_PASSWORD = "keycloakpasswd"
+KEYCLOAK_REALM = myrealm
+
+
 APP_NAME = "api explorer"
 # Name of the applications secret object in k8s
 APP_K8S_SECRET_NAME = "api explorer"