diff --git a/kafka/include/etc/confluent/docker/configure b/kafka/include/etc/confluent/docker/configure
index f0d870153e..bef82b9c40 100755
--- a/kafka/include/etc/confluent/docker/configure
+++ b/kafka/include/etc/confluent/docker/configure
@@ -76,11 +76,14 @@ then
   export KAFKA_SSL_KEY_PASSWORD
   KAFKA_SSL_KEY_PASSWORD=$(cat "$KAFKA_SSL_KEY_CREDENTIALS_LOCATION")
 
-  dub ensure KAFKA_SSL_KEYSTORE_CREDENTIALS
-  KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_KEYSTORE_CREDENTIALS"
-  dub path "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION" exists
-  export KAFKA_SSL_KEYSTORE_PASSWORD
-  KAFKA_SSL_KEYSTORE_PASSWORD=$(cat "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION")
+  if [[ -n "${KAFKA_SSL_KEYSTORE_TYPE-}" ]] && [[ $KAFKA_SSL_KEYSTORE_TYPE != *"PEM"* ]]
+  then
+      dub ensure KAFKA_SSL_KEYSTORE_CREDENTIALS
+      KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_KEYSTORE_CREDENTIALS"
+      dub path "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION" exists
+      export KAFKA_SSL_KEYSTORE_PASSWORD
+      KAFKA_SSL_KEYSTORE_PASSWORD=$(cat "$KAFKA_SSL_KEYSTORE_CREDENTIALS_LOCATION")
+  fi
 
   if [[ -n "${KAFKA_SSL_CLIENT_AUTH-}" ]] && ( [[ $KAFKA_SSL_CLIENT_AUTH == *"required"* ]] || [[ $KAFKA_SSL_CLIENT_AUTH == *"requested"* ]] )
   then
@@ -88,13 +91,16 @@ then
       export KAFKA_SSL_TRUSTSTORE_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_FILENAME"
       dub path "$KAFKA_SSL_TRUSTSTORE_LOCATION" exists
 
-      dub ensure KAFKA_SSL_TRUSTSTORE_CREDENTIALS
-      KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_CREDENTIALS"
-      dub path "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION" exists
-      export KAFKA_SSL_TRUSTSTORE_PASSWORD
-      KAFKA_SSL_TRUSTSTORE_PASSWORD=$(cat "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION")
+      if [[ -n "${KAFKA_SSL_TRUSTSTORE_TYPE-}" ]] && [[ $KAFKA_SSL_TRUSTSTORE_TYPE != *"PEM"* ]]
+      then
+          dub ensure KAFKA_SSL_TRUSTSTORE_CREDENTIALS
+          KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION="/etc/kafka/secrets/$KAFKA_SSL_TRUSTSTORE_CREDENTIALS"
+          dub path "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION" exists
+          export KAFKA_SSL_TRUSTSTORE_PASSWORD
+          KAFKA_SSL_TRUSTSTORE_PASSWORD=$(cat "$KAFKA_SSL_TRUSTSTORE_CREDENTIALS_LOCATION")
+      fi
   fi
-  
+
 fi
 
 # Set if KAFKA_ADVERTISED_LISTENERS has SASL_PLAINTEXT:// or SASL_SSL:// endpoints.