diff --git a/zerotier/config.json b/zerotier/config.json
index 8564ad6..ec7d6b2 100755
--- a/zerotier/config.json
+++ b/zerotier/config.json
@@ -39,7 +39,7 @@
     "api_auth_token": ""
   },
   "schema": {
-    "networks":["match([0-9a-z]{16})"],
+    "networks":["match(^!secret [a-zA-Z0-9_\\-]+$|[0-9a-z]{16})"],
     "api_auth_token": "str",
     "log_level": "match(^(trace|debug|info|notice|warning|error|fatal)$)?"
   }
diff --git a/zerotier/rootfs/etc/cont-init.d/zerotier.sh b/zerotier/rootfs/etc/cont-init.d/zerotier.sh
index e16d04c..6ff27b3 100644
--- a/zerotier/rootfs/etc/cont-init.d/zerotier.sh
+++ b/zerotier/rootfs/etc/cont-init.d/zerotier.sh
@@ -51,7 +51,12 @@ mkdir -p "/var/lib/zerotier-one/networks.d" \
 
 # Install user configured/requested packages
 if bashio::config.has_value 'networks'; then
-    for network in $(bashio::config 'networks'); do
+    while read -r network; do
+        # Get network ID from secrets, if it is a secret
+        if bashio::is_secret "${network}"; then
+            network=$(bashio::secret "${network}")
+        fi
+
         bashio::log.info "Configuring network: ${network}"
 
         # Ensure the file exists. An empty file will cause automatic join.
@@ -60,5 +65,6 @@ if bashio::config.has_value 'networks'; then
             "/data/network.${network}.conf" \
             "/var/lib/zerotier-one/networks.d/${network}.conf" \
                 || bashio::exit.nok "Could not create network file"
-    done
+    done <<< "$(bashio::config 'networks')"
+
 fi