diff --git a/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh
index 2cef8f527e..767033276d 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/consul_wait_install.sh
@@ -35,18 +35,17 @@ vault_ready()
   fi
 }
 
-# env settings
-. /edgex-init/.env-consul
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Consul"
 
 echo "$(date) Consul waits on Vault to be initialized"
-# check the http status code from Vault using EDGEX_VAULT_HOST and EDGEX_VAULT_PORT as input to the function call
-vault_inited=$(vault_ready "${EDGEX_VAULT_HOST}" "${EDGEX_VAULT_PORT}")
+# check the http status code from Vault using SECRETSTORE_HOST and SECRETSTORE_PORT as input to the function call
+vault_inited=$(vault_ready "${SECRETSTORE_HOST}" "${SECRETSTORE_PORT}")
 until [ "$vault_inited" -eq 1 ]; do
-    echo "$(date) waiting for Vault to be initialized";
+    echo "$(date) waiting for Vault ${SECRETSTORE_HOST}:${SECRETSTORE_PORT} to be initialized";
     sleep 1;
-    vault_inited=$(vault_ready "${EDGEX_VAULT_HOST}" "${EDGEX_VAULT_PORT}")
+    vault_inited=$(vault_ready "${SECRETSTORE_HOST}" "${SECRETSTORE_PORT}")
 done
 
 # only in json format according to Consul's documentation
@@ -68,12 +67,14 @@ echo "$(date) Starting edgex-consul..."
 exec docker-entrypoint.sh agent -ui -bootstrap -server -client 0.0.0.0 &
 
 # wait for the consul port
-echo "$(date) Executing dockerize on Consul with waiting on its own port tcp://${CONSUL_HOST}:${CONSUL_PORT}"
-/edgex-init/dockerize -wait tcp://"${CONSUL_HOST}":"$CONSUL_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Consul with waiting on its own port \
+  tcp://${REGISTRY_HOST}:${STAGEGATE_CONSUL_PORT}"
+/edgex-init/dockerize -wait tcp://"${REGISTRY_HOST}":"${STAGEGATE_CONSUL_PORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # Signal that Consul is ready for services blocked waiting on Consul
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="${CONSUL_READY_PORT}" --host="${CONSUL_HOST}"
+  --port="${STAGEGATE_CONSUL_READYPORT}" --host="${REGISTRY_HOST}"
 if [ $? -ne 0 ]; then
     echo "$(date) failed to gating the consul ready port, exits"
 fi
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh
index 602305bc9a..98d9629c44 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/kong_wait_install.sh
@@ -22,24 +22,25 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-kong
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Kong"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize with waiting on tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Kong waits on Postgres to be initialized"
-/edgex-init/dockerize -wait tcp://"${POSTGRES_HOST}":"$POSTGRES_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
-
-echo "$(date) Executing dockerize with waiting on file:${POSTGRES_PASSWORD_FILE}"
-/edgex-init/dockerize -wait file://"${POSTGRES_PASSWORD_FILE}" -timeout "${WAIT_TIMEOUT_DURATION}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_PG_HOST}":"${STAGEGATE_PG_READYPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
+echo "$(date) Executing dockerize with waiting on file:${KONG_PG_PASSWORD_FILE}"
+/edgex-init/dockerize -wait file://"${KONG_PG_PASSWORD_FILE}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # double check and make sure the postgres is setup with that password and ready
-passwd=$(cat "${POSTGRES_PASSWORD_FILE}")
+passwd=$(cat "${KONG_PG_PASSWORD_FILE}")
 pg_inited=0
 until [ $pg_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res pingPgDb \
@@ -51,7 +52,7 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${POSTGRES_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
     sleep 1
   fi
 done
@@ -59,7 +60,6 @@ done
 echo "$(date) Check point: postgres db is ready for kong"
 
 # in kong's docker, we use KONG_PG_PASSWORD_FILE instead of KONG_PG_PASSWORD for better security
-KONG_PG_PASSWORD_FILE=${POSTGRES_PASSWORD_FILE}
 export KONG_PG_PASSWORD_FILE
 
 # remove env KONG_PG_PASSWORD: only use KONG_PG_PASSWORD_FILE
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh
index 38c78d0daa..cff6a99cb4 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/postgres_wait_install.sh
@@ -22,34 +22,35 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-postgres
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Postgres"
 
 # Postgres is waiting for BOOTSTRAP_PORT
-echo "$(date) Executing dockerize on Postgres with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_BOOSTRAPPER_STARTED_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_BOOSTRAPPER_STARTED_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Postgres with waiting on \
+  tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_BOOTSTRAPPER_STARTPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_BOOTSTRAPPER_STARTPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Postgres waits on Vault to be initialized"
 
 vault_inited=0
 until [ $vault_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res getHttpStatus \
-    --url=http://"${EDGEX_VAULT_HOST}":"$EDGEX_VAULT_PORT"/v1/sys/health | tail -n 1)
+    --url=http://"${SECRETSTORE_HOST}":"${SECRETSTORE_PORT}"/v1/sys/health | tail -n 1)
   if [ ${#status} -gt 0 ] && [[ "${status}" != *ERROR* ]]; then
-    echo "$(date) ${EDGEX_VAULT_HOST} status code = ${status}"
+    echo "$(date) ${SECRETSTORE_HOST}:${SECRETSTORE_PORT} status code = ${status}"
     if [ "$status" -eq 200 ]; then
       vault_inited=1
     fi
   fi
   if [ $vault_inited -ne 1 ]; then
-    echo "$(date) waiting for ${EDGEX_VAULT_HOST} to be initialized"
+    echo "$(date) waiting for ${SECRETSTORE_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${EDGEX_VAULT_HOST} is ready"
+echo "$(date) ${SECRETSTORE_HOST} is ready"
 
 # if password already in then re-use
 if [ -n "${POSTGRES_PASSWORD_FILE}" ] && [ -f "${POSTGRES_PASSWORD_FILE}" ]; then
@@ -82,16 +83,16 @@ until [ $pg_inited -eq 1 ]; do
     fi
   fi
   if [ $pg_inited -ne 1 ]; then
-    echo "$(date) waiting for ${POSTGRES_HOST} to be initialized"
+    echo "$(date) waiting for ${STAGEGATE_PG_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${POSTGRES_HOST} is initialized"
+echo "$(date) ${STAGEGATE_PG_HOST} is initialized"
 
 # Signal that Postgres is ready for services blocked waiting on Postgres
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="$POSTGRES_READY_PORT" --host="${POSTGRES_HOST}"
+  --port="${STAGEGATE_PG_READYPORT}" --host="${STAGEGATE_PG_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the postgres ready port, exits"
 fi
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/proxy_setup_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/proxy_setup_wait_install.sh
index 24f672ab66..aa97567c7f 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/proxy_setup_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/proxy_setup_wait_install.sh
@@ -22,33 +22,35 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-proxy-setup
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on proxy-setup"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize on ${PROXY_SETUP_HOST} with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize for ${PROXY_SETUP_HOST} with waiting on \
+  tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) ${PROXY_SETUP_HOST} waits on Kong to be initialized"
 
 kong_inited=0
 until [ $kong_inited -eq 1 ]; do
   status=$(/edgex-init/security-bootstrapper --confdir=/edgex-init/res getHttpStatus \
-    --url=http://"${KONG_HOST}":"$KONG_STATUS_PORT"/status | tail -n 1)
+    --url=http://"${API_GATEWAY_HOST}":"${API_GATEWAY_STATUS_PORT}"/status | tail -n 1)
   if [ ${#status} -gt 0 ] && [[ "${status}" != *ERROR* ]]; then
-    echo "$(date) ${KONG_HOST}:$KONG_STATUS_PORT status code = ${status}"
+    echo "$(date) ${API_GATEWAY_HOST}:${API_GATEWAY_STATUS_PORT} status code = ${status}"
     if [ "$status" -eq 200 ]; then
       kong_inited=1
     fi
   fi
   if [ $kong_inited -ne 1 ]; then
-    echo "$(date) waiting for ${KONG_HOST} to be initialized"
+    echo "$(date) waiting for ${API_GATEWAY_HOST} to be initialized"
     sleep 1
   fi
 done
 
-echo "$(date) ${KONG_HOST} is ready"
+echo "$(date) ${API_GATEWAY_HOST} is ready"
 
+echo "$(date) Starting ${PROXY_SETUP_HOST} ..."
 exec /edgex/security-proxy-setup --init=true
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/ready_to_run_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/ready_to_run_wait_install.sh
index 76026c35a7..9dc6c49907 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/ready_to_run_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/ready_to_run_wait_install.sh
@@ -27,14 +27,14 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-others
+# env settings are populated from env files of docker-compose
 
 echo "Script for waiting on security bootstrapping ready-to-run"
 
 # gating on the ready-to-run port
-echo "$(date) Executing dockerize with $@ waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize with $@ waiting on tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_READY_TORUNPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_READY_TORUNPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 echo "$(date) Starting $@ ..."
 exec "$@"
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh
index 3172753bd9..586a98e090 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/redis_wait_install.sh
@@ -22,18 +22,19 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-redis
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Redis"
 
 # gating on the TokensReadyPort
-echo "$(date) Executing dockerize on Redis with waiting on TokensReadyPort tcp://${VAULTWORKER_HOST}:$WAIT_TCP_PORT"
-/edgex-init/dockerize -wait tcp://"${VAULTWORKER_HOST}":"$WAIT_TCP_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+echo "$(date) Executing dockerize on Redis with waiting on TokensReadyPort \
+  tcp://${STAGEGATE_VAULTWORKER_HOST}:${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}"
+/edgex-init/dockerize -wait tcp://"${STAGEGATE_VAULTWORKER_HOST}":"${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}" \
+  -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
 # the bootstrap-redis needs the connection from Redis db to set it up.
 # Hence, here bootstrap-redis runs in background and then starts the Redis db.
-echo "$(date) ${VAULTWORKER_HOST} tokens ready, bootstrapping redis..."
+echo "$(date) ${STAGEGATE_VAULTWORKER_HOST} tokens ready, bootstrapping redis..."
 /edgex-init/bootstrap-redis/security-bootstrap-redis --confdir=/edgex-init/bootstrap-redis/res &
 redis_bootstrapper_pid=$!
 
@@ -54,7 +55,7 @@ fi
 
 # Signal that Redis is ready for services blocked waiting on Redis
 /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-  --port="$REDIS_READY_PORT" --host="${REDIS_HOST}"
+  --port="${STAGEGATE_REDIS_READYPORT}" --host="${DATABASES_PRIMARY_HOST}"
 if [ $? -ne 0 ]; then
   echo "$(date) failed to gating the redis ready port, exits"
 fi
diff --git a/cmd/security-bootstrapper/entrypoint-scripts/vault_wait_install.sh b/cmd/security-bootstrapper/entrypoint-scripts/vault_wait_install.sh
index ba4fa37368..d5dda4d317 100755
--- a/cmd/security-bootstrapper/entrypoint-scripts/vault_wait_install.sh
+++ b/cmd/security-bootstrapper/entrypoint-scripts/vault_wait_install.sh
@@ -22,10 +22,9 @@
 
 set -e
 
-# env settings
-. /edgex-init/.env-vault
+# env settings are populated from env files of docker-compose
 
-echo "Script for waiting security bootstrapping installation"
+echo "Script for waiting security bootstrapping on Vault"
 
 DEFAULT_VAULT_LOCAL_CONFIG='
 listener "tcp" { 
@@ -47,8 +46,11 @@ export VAULT_LOCAL_CONFIG
 echo "$(date) VAULT_LOCAL_CONFIG: ${VAULT_LOCAL_CONFIG}"
 
 if [ "$1" = 'server' ]; then
-  echo "$(date) Executing dockerize on vault $* with waiting on tcp://${BOOTSTRAPPER_HOST}:$WAIT_BOOSTRAPPER_STARTED_PORT"
-  /edgex-init/dockerize -wait tcp://"${BOOTSTRAPPER_HOST}":"$WAIT_BOOSTRAPPER_STARTED_PORT" -timeout "${WAIT_TIMEOUT_DURATION}"
+  echo "$(date) Executing dockerize on vault $* with waiting on \
+    tcp://${STAGEGATE_BOOTSTRAPPER_HOST}:${STAGEGATE_BOOTSTRAPPER_STARTPORT}"
+  /edgex-init/dockerize \
+    -wait tcp://"${STAGEGATE_BOOTSTRAPPER_HOST}":"${STAGEGATE_BOOTSTRAPPER_STARTPORT}" \
+    -timeout "${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
 
   echo "$(date) Starting edgex-vault..."
   exec /usr/local/bin/docker-entrypoint.sh server -log-level=info
diff --git a/cmd/security-bootstrapper/entrypoint.sh b/cmd/security-bootstrapper/entrypoint.sh
index 27e0e6bf44..d35e757cf0 100755
--- a/cmd/security-bootstrapper/entrypoint.sh
+++ b/cmd/security-bootstrapper/entrypoint.sh
@@ -23,13 +23,6 @@
 
 set -e
 
-# function to trim off leading and trailing spaces from passed in string, ie. the first argument
-trim_spaces()
-{
-  trimmed=$(echo -e "$1" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')
-  echo "${trimmed}"
-}
-
 # Passing the arguments to the executable as $@ contains only the CMD arguments without the executable name
 # treat anything not /bin/sh as to run this security-bootstrapper executable with the arguments
 # this is useful for debugging the container like running with `docker run -it --rm security-bootstrapper /bin/sh`
@@ -37,193 +30,15 @@ if [ ! "$1" = '/bin/sh' ]; then
     set -- security-bootstrapper "$@"
 fi
 
-# get the configuration settings from the configuration toml file
-TOML_FILE="${SECURITY_INIT_DIR}/res/configuration.toml"
-[[ -e ${TOML_FILE} ]] || { echo "${TOML_FILE} does not exist." >&2;exit 1;}
-
-# the key-value pairs in TOML file is separated by "="
-IFS="="
-BOOTSTRAPPER_HOST_KEY="BootstrapperHost"
-BOOTSTRAP_PORT_KEY="BootstrapPort"
-VAULT_WORKER_HOST_KEY="VaultWorkerHost"
-TOKENS_READY_PORT_KEY="TokensReadyPort"
-READY_TO_RUN_PORT_KEY="ReadyToRunPort"
-CONSUL_HOST_KEY="ConsulHost"
-CONSUL_PORT_KEY="ConsulPort"
-CONSUL_READY_PORT_KEY="ConsulReadyPort"
-POSTGRES_HOST_KEY="PostgresHost"
-POSTGRES_PORT_KEY="PostgresPort"
-POSTGRES_READY_PORT_KEY="PostgresReadyPort"
-REDIS_HOST_KEY="RedisHost"
-REDIS_PORT_KEY="RedisPort"
-REDIS_READY_PORT_KEY="RedisReadyPort"
-PROXY_SETUP_HOST_KEY="ProxySetupHost"
-bootstrapper_host=""
-bootstrap_port_number=0
-vaultworker_host=""
-tokens_ready_port_number=0
-ready_to_run_port_number=0
-consul_host=""
-consul_port_number=0
-consul_ready_port_number=0
-postgres_host=""
-postgres_port_number=0
-postgres_ready_port_number=0
-redis_host=""
-redis_port_number=0
-redis_ready_port_number=0
-proxy_setup_host=""
-
-# iterating all the configuration entries from TOML file
-while read -r key value
-do
-  trimmed_key=$(trim_spaces "${key}")
-  trimmed_value=$(trim_spaces "${value}")
-
-  if [ "${trimmed_key}" = "${BOOTSTRAPPER_HOST_KEY}" ]; then
-    bootstrapper_host=${trimmed_value}
-  elif [ "${trimmed_key}" = "${BOOTSTRAP_PORT_KEY}" ]; then
-    bootstrap_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${VAULT_WORKER_HOST_KEY}" ]; then
-    vaultworker_host=${trimmed_value}
-  elif [ "${trimmed_key}" = "${TOKENS_READY_PORT_KEY}" ]; then
-    tokens_ready_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${READY_TO_RUN_PORT_KEY}" ]; then
-    ready_to_run_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${CONSUL_HOST_KEY}" ]; then
-    consul_host=${trimmed_value}
-  elif [ "${trimmed_key}" = "${CONSUL_PORT_KEY}" ]; then
-    consul_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${CONSUL_READY_PORT_KEY}" ]; then
-    consul_ready_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${POSTGRES_HOST_KEY}" ]; then
-    postgres_host=${trimmed_value}
-  elif [ "${trimmed_key}" = "${POSTGRES_PORT_KEY}" ]; then
-    postgres_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${POSTGRES_READY_PORT_KEY}" ]; then
-    postgres_ready_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${REDIS_HOST_KEY}" ]; then
-    redis_host=${trimmed_value}
-  elif [ "${trimmed_key}" = "${REDIS_PORT_KEY}" ]; then
-    redis_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${REDIS_READY_PORT_KEY}" ]; then
-    redis_ready_port_number=${trimmed_value}
-  elif [ "${trimmed_key}" = "${PROXY_SETUP_HOST_KEY}" ]; then
-    proxy_setup_host=${trimmed_value}
-  fi
-done < ${TOML_FILE}
-
-echo bootstrapper_host: "${bootstrapper_host}" vaultworker_host: "${vaultworker_host}" postgres_host: "${postgres_host}"
-echo consul_host: "${consul_host}" redis_host: "${redis_host}" proxy_setup_host: "${proxy_setup_host}"
-echo bootstrap_port_number: "$bootstrap_port_number" tokens_ready_port_number: "$tokens_ready_port_number"
-echo ready_to_run_port_number: "$ready_to_run_port_number" postgres_port_number: "$postgres_port_number"
-echo consul_ready_port_number: "$consul_ready_port_number" redis_ready_port_number: "$redis_ready_port_number"
-
-DEFAULT_EDGEX_VAULT_HOST="edgex-vault"
-DEFAULT_EDGEX_VAULT_PORT=8200
-DEFAULT_API_GATEWAY_HOST="kong"
-DEFAULT_API_GATEWAY_STATUS_PORT=8001
-DEFAULT_SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION="60s"
-EDGEX_VAULT_HOST="${SECRETSTORE_HOST:-$DEFAULT_EDGEX_VAULT_HOST}"
-EDGEX_VAULT_PORT=${SECRETSTORE_PORT:-$DEFAULT_EDGEX_VAULT_PORT}
-KONG_HOST="${API_GATEWAY_HOST:-$DEFAULT_API_GATEWAY_HOST}"
-KONG_STATUS_PORT=${API_GATEWAY_STATUS_PORT:-$DEFAULT_API_GATEWAY_STATUS_PORT}
-GATING_WAIT_TIMEOUT="${SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION:-$DEFAULT_SECTY_BOOTSTRAP_GATING_TIMEOUT_DURATION}"
-EDGEX_USER_ID=${EDGEX_USER:-2002}
-VAULT_ENV_FILE=.env-vault
-VAULT_WORKER_ENV_FILE=.env-vault-worker
-CONSUL_ENV_FILE=.env-consul
-POSTGRES_ENV_FILE=.env-postgres
-REDIS_ENV_FILE=.env-redis
-KONG_ENV_FILE=.env-kong
-PROXY_SETUP_ENV_FILE=.env-proxy-setup
-OTHERS_ENV_FILE=.env-others
-POSTGRES_PASSWORD_FILE="/tmp/postgres-config/.pgpassword"
+DEFAULT_EDGEX_USER_ID=2002
+EDGEX_USER_ID=${EDGEX_USER:-$DEFAULT_EDGEX_USER_ID}
 
 # only doing the bootstrapping with the env. injecting into all other related containers
 # if the executable is not 'security-bootstrapper'; then we consider it not running the bootstrapping process
 # for the user may just want to debug into the container shell itself
 if [ "$1" = 'security-bootstrapper' ]; then
-    echo "Preparing ${EDGEX_VAULT_HOST} environment settings..."
-    cat >${SECURITY_INIT_DIR}/${VAULT_ENV_FILE} <<EOL
-BOOTSTRAPPER_HOST=${bootstrapper_host}
-WAIT_BOOSTRAPPER_STARTED_PORT=${bootstrap_port_number}
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing ${vaultworker_host} environment settings..."
-    cat >${SECURITY_INIT_DIR}/${VAULT_WORKER_ENV_FILE} <<EOL
-VAULT_WORKER_HOST=${vaultworker_host}
-TOKENS_READY_PORT=${tokens_ready_port_number}
-EOL
-
-    echo "Preparing ${consul_host} environment settings..."
-    cat >${SECURITY_INIT_DIR}/${CONSUL_ENV_FILE} <<EOL
-CONSUL_HOST=${consul_host}
-CONSUL_PORT=${consul_port_number}
-CONSUL_READY_PORT=${consul_ready_port_number}
-EDGEX_VAULT_HOST="${EDGEX_VAULT_HOST}"
-EDGEX_VAULT_PORT=${EDGEX_VAULT_PORT}
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing ${postgres_host} environment settings..."
-    cat >${SECURITY_INIT_DIR}/${POSTGRES_ENV_FILE} <<EOL
-BOOTSTRAPPER_HOST=${bootstrapper_host}
-WAIT_BOOSTRAPPER_STARTED_PORT=${bootstrap_port_number}
-EDGEX_VAULT_HOST="${EDGEX_VAULT_HOST}"
-EDGEX_VAULT_PORT=${EDGEX_VAULT_PORT}
-POSTGRES_HOST=${postgres_host}
-POSTGRES_PORT=${postgres_port_number}
-POSTGRES_READY_PORT=${postgres_ready_port_number}
-POSTGRES_PASSWORD_FILE="${POSTGRES_PASSWORD_FILE}"
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing database ${redis_host} environment settings..."
-    cat >${SECURITY_INIT_DIR}/${REDIS_ENV_FILE} <<EOL
-VAULTWORKER_HOST=${vaultworker_host}
-WAIT_TCP_PORT=${tokens_ready_port_number}
-REDIS_HOST=${redis_host}
-REDIS_PORT=${redis_port_number}
-REDIS_READY_PORT=${redis_ready_port_number}
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing kong environment settings..."
-    cat >${SECURITY_INIT_DIR}/${KONG_ENV_FILE} <<EOL
-BOOTSTRAPPER_HOST=${bootstrapper_host}
-WAIT_TCP_PORT=${ready_to_run_port_number}
-POSTGRES_HOST=${postgres_host}
-POSTGRES_PORT=${postgres_port_number}
-POSTGRES_READY_PORT=${postgres_ready_port_number}
-POSTGRES_PASSWORD_FILE="${POSTGRES_PASSWORD_FILE}"
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing proxy-setup environment settings..."
-    cat >${SECURITY_INIT_DIR}/${PROXY_SETUP_ENV_FILE} <<EOL
-BOOTSTRAPPER_HOST=${bootstrapper_host}
-WAIT_TCP_PORT=${ready_to_run_port_number}
-PROXY_SETUP_HOST=${proxy_setup_host}
-KONG_HOST="${KONG_HOST}"
-KONG_STATUS_PORT=${KONG_STATUS_PORT}
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
-    echo "Preparing other services' environment settings..."
-    cat >${SECURITY_INIT_DIR}/${OTHERS_ENV_FILE} <<EOL
-BOOTSTRAPPER_HOST=${bootstrapper_host}
-WAIT_TCP_PORT=${ready_to_run_port_number}
-CONSUL_HOST=${consul_host}
-CONSUL_PORT=${consul_port_number}
-REDIS_HOST=${redis_host}
-REDIS_PORT=${redis_port_number}
-WAIT_TIMEOUT_DURATION="${GATING_WAIT_TIMEOUT}"
-EOL
-
   # run the executable as ${EDGEX_USER}
-  echo "Executing ./$@"
+  echo "$(date) Executing ./$@"
   exec su-exec ${EDGEX_USER_ID} "./$@"
 
 else
diff --git a/cmd/security-bootstrapper/res/configuration.toml b/cmd/security-bootstrapper/res/configuration.toml
index 0106cef7fd..2b044ba3b8 100644
--- a/cmd/security-bootstrapper/res/configuration.toml
+++ b/cmd/security-bootstrapper/res/configuration.toml
@@ -2,18 +2,24 @@
 LogLevel = 'INFO'
 
 [StageGate]
-BootstrapperHost = "edgex-security-bootstrapper"
-BootstrapPort = 54321
-VaultWorkerHost = "edgex-vault-worker"
-TokensReadyPort = 54322
-ReadyToRunPort = 54329
-RedisHost = "edgex-redis"
-RedisPort = 6379
-RedisReadyPort = 54323
-ConsulHost = "edgex-core-consul"
-ConsulPort = 8500
-ConsulReadyPort=54324
-PostgresHost = "kong-db"
-PostgresPort = 5432
-PostgresReadyPort = 54325
-ProxySetupHost = "edgex-proxy"
+  [StageGate.BootStrapper]
+    Host = "edgex-security-bootstrapper"
+    StartPort = 54321
+  [StageGate.Ready]
+    ToRunPort = 54329
+  [StageGate.VaultWorker]
+    Host = "edgex-vault-worker"
+    [StageGate.VaultWorker.Tokens]
+      ReadyPort = 54322
+  [StageGate.Redis]
+    Host = "edgex-redis"
+    Port = 6379
+    ReadyPort = 54323
+  [StageGate.Consul]
+    Host = "edgex-core-consul"
+    Port = 8500
+    ReadyPort = 54324
+  [StageGate.PG]
+    Host = "kong-db"
+    Port = 5432
+    ReadyPort = 54325
diff --git a/cmd/security-secretstore-setup/entrypoint.sh b/cmd/security-secretstore-setup/entrypoint.sh
index e0a2f90b18..665497cbd0 100644
--- a/cmd/security-secretstore-setup/entrypoint.sh
+++ b/cmd/security-secretstore-setup/entrypoint.sh
@@ -19,7 +19,7 @@
 
 set -e
 
-. /edgex-init/.env-vault-worker
+# env settings are populated from env files of docker-compose
 
 echo "Initializing secret store..."
 /security-secretstore-setup --vaultInterval=10
@@ -35,15 +35,12 @@ fi
 echo "$(date) Changing ownership of secrets to ${EDGEX_USER}:${EDGEX_GROUP}"
 chown -Rh ${EDGEX_USER}:${EDGEX_GROUP} /tmp/edgex/secrets
 
-# signal tokens ready port
-# in a forever loop so that it keeps listening all the times
-while true; do
-  /edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
-    --port="$TOKENS_READY_PORT" --host="${VAULT_WORKER_HOST}"
-  if [ $? -ne 0 ]; then
-    echo "$(date) failed to gating the tokens ready port"
-  fi
-done
+# Signal tokens ready port for other services waiting on
+/edgex-init/security-bootstrapper --confdir=/edgex-init/res listenTcp \
+  --port="${STAGEGATE_VAULTWORKER_TOKENS_READYPORT}" --host="${STAGEGATE_VAULTWORKER_HOST}"
+if [ $? -ne 0 ]; then
+  echo "$(date) failed to gating the tokens ready port"
+fi
 
 echo "Waiting for termination signal"
 exec tail -f /dev/null
diff --git a/internal/security/bootstrapper/command/gate/command.go b/internal/security/bootstrapper/command/gate/command.go
index 8065335fce..7349018630 100644
--- a/internal/security/bootstrapper/command/gate/command.go
+++ b/internal/security/bootstrapper/command/gate/command.go
@@ -75,43 +75,52 @@ func (c *cmd) Execute() (statusCode int, err error) {
 	c.loggingClient.Infof("Security bootstrapper running %s", CommandName)
 
 	bootstrapServer := tcp.NewTcpServer()
-	c.loggingClient.Debugf("init phase: attempts to start up the listener on bootstrap port: %d",
-		c.config.StageGate.BootstrapPort)
+	c.loggingClient.Debugf("init phase: attempts to start up the listener on bootstrap host: %s, port: %d",
+		c.config.StageGate.BootStrapper.Host, c.config.StageGate.BootStrapper.StartPort)
 
 	// in a separate go-routine so it won't block the main thread execution
-	go openGatingSemaphorePort(bootstrapServer, c.config.StageGate.BootstrapPort, c.loggingClient,
+	go openGatingSemaphorePort(bootstrapServer, c.config.StageGate.BootStrapper.StartPort, c.loggingClient,
 		"Raising bootstrap semaphore for secure bootstrapping")
 
 	// wait on for others to be done: each of tcp dialers is a blocking call
 	c.loggingClient.Debug("Waiting on dependent semaphores required to raise the ready-to-run semaphore ...")
-	if err := tcp.DialTcp(c.config.StageGate.ConsulHost, c.config.StageGate.ConsulReadyPort, c.loggingClient); err != nil {
+	if err := tcp.DialTcp(
+		c.config.StageGate.Consul.Host,
+		c.config.StageGate.Consul.ReadyPort,
+		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Consul at %s:%d, err: %v",
-			c.config.StageGate.ConsulHost, c.config.StageGate.ConsulReadyPort, err)
+			c.config.StageGate.Consul.Host, c.config.StageGate.Consul.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Consul is ready")
 
-	if err := tcp.DialTcp(c.config.StageGate.PostgresHost, c.config.StageGate.PostgresReadyPort, c.loggingClient); err != nil {
+	if err := tcp.DialTcp(
+		c.config.StageGate.PG.Host,
+		c.config.StageGate.PG.ReadyPort,
+		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Postgres at %s:%d, err: %v",
-			c.config.StageGate.PostgresHost, c.config.StageGate.PostgresReadyPort, err)
+			c.config.StageGate.PG.Host, c.config.StageGate.PG.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Postgres is ready")
 
-	if err := tcp.DialTcp(c.config.StageGate.RedisHost, c.config.StageGate.RedisReadyPort, c.loggingClient); err != nil {
+	if err := tcp.DialTcp(
+		c.config.StageGate.Redis.Host,
+		c.config.StageGate.Redis.ReadyPort,
+		c.loggingClient); err != nil {
 		retErr := fmt.Errorf("found error while waiting for readiness of Redis at %s:%d, err: %v",
-			c.config.StageGate.RedisHost, c.config.StageGate.RedisReadyPort, err)
+			c.config.StageGate.Redis.Host, c.config.StageGate.Redis.ReadyPort, err)
 		return interfaces.StatusCodeExitWithError, retErr
 	}
 	c.loggingClient.Info("Redis is ready")
 
 	// Reached ready-to-run phase
 	c.loggingClient.Debugf("ready-to-run phase: attempts to start up the listener on ready-to-run port: %d",
-		c.config.StageGate.ReadyToRunPort)
+		c.config.StageGate.Ready.ToRunPort)
 
 	readyToRunServer := tcp.NewTcpServer()
 
-	go openGatingSemaphorePort(readyToRunServer, c.config.StageGate.ReadyToRunPort, c.loggingClient,
+	go openGatingSemaphorePort(readyToRunServer, c.config.StageGate.Ready.ToRunPort, c.loggingClient,
 		"Raising ready-to-run semaphore for secure bootstrapping")
 
 	// keep running until ctx done
diff --git a/internal/security/bootstrapper/command/ping/command.go b/internal/security/bootstrapper/command/ping/command.go
index 15b6f1a51d..3f43ee58cc 100644
--- a/internal/security/bootstrapper/command/ping/command.go
+++ b/internal/security/bootstrapper/command/ping/command.go
@@ -71,11 +71,11 @@ func NewCommand(
 	flagSet := flag.NewFlagSet(CommandName, flag.ContinueOnError)
 	flagSet.StringVar(&dummy, "confdir", "", "") // handled by bootstrap; duplicated here to prevent arg parsing errors
 
-	flagSet.StringVar(&cmd.host, "host", cmd.configuration.StageGate.PostgresHost, "the hostname of postgres database; "+
-		cmd.configuration.StageGate.PostgresHost+" will be use if omitted")
+	flagSet.StringVar(&cmd.host, "host", cmd.configuration.StageGate.PG.Host, "the hostname of postgres database; "+
+		cmd.configuration.StageGate.PG.Host+" will be use if omitted")
 
-	flagSet.IntVar(&cmd.port, "port", cmd.configuration.StageGate.PostgresPort, "the port number of postgres database; "+
-		strconv.Itoa(configuration.StageGate.PostgresPort)+" will be use if omitted")
+	flagSet.IntVar(&cmd.port, "port", cmd.configuration.StageGate.PG.Port, "the port number of postgres database; "+
+		strconv.Itoa(configuration.StageGate.PG.Port)+" will be use if omitted")
 
 	flagSet.StringVar(&cmd.username, "username", "postgres", "the username of postgres database; "+
 		"postgres will be use if omitted")
diff --git a/internal/security/bootstrapper/config/config.go b/internal/security/bootstrapper/config/config.go
index c76ca2c056..63d9113457 100644
--- a/internal/security/bootstrapper/config/config.go
+++ b/internal/security/bootstrapper/config/config.go
@@ -29,24 +29,6 @@ type WritableInfo struct {
 	InsecureSecrets bootstrapConfig.InsecureSecrets
 }
 
-type StageGateInfo struct {
-	BootstrapperHost  string
-	BootstrapPort     int
-	VaultWorkerHost   string
-	TokensReadyPort   int
-	ReadyToRunPort    int
-	RedisHost         string
-	RedisPort         int
-	RedisReadyPort    int
-	ConsulHost        string
-	ConsulPort        int
-	ConsulReadyPort   int
-	PostgresHost      string
-	PostgresPort      int
-	PostgresReadyPort int
-	ProxySetupHost    string
-}
-
 // UpdateFromRaw converts configuration received from the registry to a service-specific configuration struct which is
 // then used to overwrite the service's existing configuration struct.
 func (c *ConfigurationStruct) UpdateFromRaw(rawConfig interface{}) bool {
diff --git a/internal/security/bootstrapper/config/types.go b/internal/security/bootstrapper/config/types.go
new file mode 100644
index 0000000000..78bcad9a89
--- /dev/null
+++ b/internal/security/bootstrapper/config/types.go
@@ -0,0 +1,80 @@
+/*******************************************************************************
+ * Copyright 2021 Intel Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ *
+ *******************************************************************************/
+
+package config
+
+// BootStrapperInfo defines the first stage gate info
+// It is the first stage gate of security bootstrapping
+type BootStrapperInfo struct {
+	Host      string
+	StartPort int
+}
+
+// ReadyInfo defines the ready stage gate info
+// It is the last stage gate of security bootstrapping for
+// Kong, and all other Edgex core services
+type ReadyInfo struct {
+	ToRunPort int
+}
+
+// TokensInfo defines the tokens ready stage gate info
+// for the secretstore (aka. vault-worker)
+type TokensInfo struct {
+	ReadyPort int
+}
+
+// VaultWorkerInfo defines the fields related to
+// stage gating the secretstore, vault-worker
+type VaultWorkerInfo struct {
+	Host   string
+	Tokens TokensInfo
+}
+
+// RedisInfo defines the fields related to
+// stage gating the redis db
+type RedisInfo struct {
+	Host      string
+	Port      int
+	ReadyPort int
+}
+
+// ConsulInfo defines the fields related to
+// stage gating the Consul registry
+type ConsulInfo struct {
+	Host      string
+	Port      int
+	ReadyPort int
+}
+
+// PostgresInfo defines the fields related to
+// stage gating the Postgres db
+type PostgresInfo struct {
+	Host      string
+	Port      int
+	ReadyPort int
+}
+
+// StageGateInfo defines the gate info for the security bootstrapper
+// in different stages for services. From the TOML structure perspective,
+// it is segmented in the way that environment variables are easier
+// to read when they become all upper cases in the environment override.
+type StageGateInfo struct {
+	BootStrapper BootStrapperInfo
+	Ready        ReadyInfo
+	VaultWorker  VaultWorkerInfo
+	Redis        RedisInfo
+	Consul       ConsulInfo
+	PG           PostgresInfo
+}
diff --git a/internal/security/bootstrapper/handlers/init.go b/internal/security/bootstrapper/handlers/init.go
index 1b9841866f..e3a18ca2d8 100644
--- a/internal/security/bootstrapper/handlers/init.go
+++ b/internal/security/bootstrapper/handlers/init.go
@@ -47,6 +47,8 @@ func (b *Bootstrap) BootstrapHandler(ctx context.Context, wg *sync.WaitGroup, _
 	conf := container.ConfigurationFrom(dic.Get)
 	lc := bootstrapContainer.LoggingClientFrom(dic.Get)
 
+	lc.Debugf("configuration from the local TOML: %v", *conf)
+
 	var command interfaces.Command
 	var err error