diff --git a/cmd/dockle/main.go b/cmd/dockle/main.go
index 1a1b71c..cbd95bc 100644
--- a/cmd/dockle/main.go
+++ b/cmd/dockle/main.go
@@ -46,6 +46,11 @@ OPTIONS:
 			Name:  "ignore, i",
 			Usage: "checkpoints to ignore. You can use .dockleignore too.",
 		},
+		cli.StringSliceFlag{
+			Name:  "accept-key, a",
+			EnvVar: "ACCEPT_KEY",
+			Usage: "For CIS-DI-0010. You can add acceptable keywords. e.g) -a GPG_KEY -a KEYCLOAK",
+		},
 		cli.StringFlag{
 			Name:  "format, f",
 			Value: "",
diff --git a/pkg/assessor/manifest/manifest.go b/pkg/assessor/manifest/manifest.go
index 56183ec..3f283e7 100644
--- a/pkg/assessor/manifest/manifest.go
+++ b/pkg/assessor/manifest/manifest.go
@@ -41,6 +41,12 @@ func (a ManifestAssessor) Assess(fileMap deckodertypes.FileMap) (assesses []*typ
 	return checkAssessments(d)
 }
 
+func AddAcceptanceKeys(keys []string) {
+	for _, key := range keys {
+		acceptanceEnvKey[key] = struct{}{}
+	}
+}
+
 func checkAssessments(img types.Image) (assesses []*types.Assessment, err error) {
 	if img.Config.User == "" || img.Config.User == "root" {
 		assesses = append(assesses, &types.Assessment{
@@ -61,7 +67,7 @@ func checkAssessments(img types.Image) (assesses []*types.Assessment, err error)
 				assesses = append(assesses, &types.Assessment{
 					Code:     types.AvoidCredential,
 					Filename: ConfigFileName,
-					Desc:     fmt.Sprintf("Suspicious ENV key found : %s", envKey),
+					Desc:     fmt.Sprintf("Suspicious ENV key found : %s (You can suppress it with --accept-key)", envKey),
 				})
 			}
 		}
diff --git a/pkg/run.go b/pkg/run.go
index d2469e2..c4c6dcc 100644
--- a/pkg/run.go
+++ b/pkg/run.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/goodwithtech/dockle/pkg/assessor/manifest"
 	l "log"
 	"os"
 	"strings"
@@ -72,8 +73,9 @@ func Run(c *cli.Context) (err error) {
 			return fmt.Errorf("invalid image: %w", err)
 		}
 	}
-	log.Logger.Debug("Start assessments...")
+	manifest.AddAcceptanceKeys(c.StringSlice("accept-key"))
 
+	log.Logger.Debug("Start assessments...")
 	assessments, err := scanner.ScanImage(ctx, imageName, filePath, dockerOption)
 	if err != nil {
 		if errors.Is(err, context.DeadlineExceeded) {