diff --git a/README.md b/README.md
index 8adfabf46ba903fd2a6243212d33af7550fd1cee..5bd3d6f9190cd1c370989ca06c4a658ae1325263 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,16 @@ A docker-compose script is included in the root folder of this repository ([dock
 ```bash 
 docker compose up --build
 ```
+*Before the first run:* Set the following environment variables, as specified in the documentation:
+- DB_USER: the database user;
+- DB_PASS: the password for the user;
+- DB_HOST: the database host, if you are running SAK locally, set it to localhost;
+- DB_NAME: the database name;
+- DB_PORT: the port to use to connect to the database.
+
+A convenience script is provided to create the credentials file for future connections [create_db_credentials_file.py](etl/create_db_credentials_file.py).
+This must be executed before running docker compose, or the credentials file can be compiled by hand.
+
 The following parameters can be set by adding the `command` override in the `etl` section of the docker-compose file:
 
 * --run_id: the run id of the grid to process; if not provided, generates a new run_id;
diff --git a/etl/create_db_credentials_file.py b/etl/create_db_credentials_file.py
new file mode 100644
index 0000000000000000000000000000000000000000..00f1b39727ed220b4c49be5b8f78abd56bdd6cf5
--- /dev/null
+++ b/etl/create_db_credentials_file.py
@@ -0,0 +1,34 @@
+import base64
+import os
+import argparse
+import yaml
+
+parser = argparse.ArgumentParser()
+parser.add_argument('--user', default='sak_user')
+parser.add_argument('--psw')
+parser.add_argument('--host', default='localhost')
+parser.add_argument('--db_name', default='sak_database')
+parser.add_argument('--port', default=31000)
+args = parser.parse_args()
+args_dict = vars(args)
+key_map = {'user': 'DB_USER',
+           'psw': 'DB_PASS',
+           'host': 'DB_HOST',
+           'db_name': 'DB_NAME',
+           'port': 'DB_PORT'}
+for key in args_dict.keys():
+    print(os.getenv(key_map[key]))
+    if os.getenv(key_map[key]) is not None:
+        args_dict[key] = os.getenv(key_map[key])
+
+assert args.psw is not None
+credentials_dict = {}
+for key in key_map.keys():
+    credentials_dict[key_map[key]] = getattr(args, key)
+
+for key in ['DB_USER', 'DB_PASS']:
+    print(credentials_dict[key])
+    credentials_dict[key] = base64.b64encode(credentials_dict[key].encode()).decode()
+
+with open(os.path.join('credentials', 'db_credentials.yml'), 'w') as outfile:
+    yaml.dump(credentials_dict, outfile)