diff --git a/README.md b/README.md
index a4c3719c..64a3f896 100644
--- a/README.md
+++ b/README.md
@@ -240,7 +240,7 @@ Creation of the bearer token is mandatory, and creation of the session token is
 optional. If you want to add the session token you need to add a parameter
 `create-session-token`.
 
-Rules for bearer token can be set via param `bearer-rules`, if it is not set,
+Rules for bearer token can be set via param `bearer-rules` (json-string and file path allowed), if it is not set,
 it will be auto-generated with values:
 
 ```
@@ -268,7 +268,7 @@ it will be auto-generated with values:
 }
 ```
 
-Rules for session token can be set via param `session-rules`, default value is:
+Rules for session token can be set via param `session-rules` (json-string and file path allowed), default value is:
 ```
 {
     "verb": "PUT",
diff --git a/cmd/authmate/main.go b/cmd/authmate/main.go
index d557fc24..7e46c4c4 100644
--- a/cmd/authmate/main.go
+++ b/cmd/authmate/main.go
@@ -246,8 +246,8 @@ func issueSecret() *cli.Command {
 				ContainerFriendlyName: containerFriendlyName,
 				NeoFSKey:              key,
 				GatesPublicKeys:       gatesPublicKeys,
-				EACLRules:             []byte(eaclRulesFlag),
-				ContextRules:          []byte(contextRulesFlag),
+				EACLRules:             getJSONRules(eaclRulesFlag),
+				ContextRules:          getJSONRules(contextRulesFlag),
 				SessionTkn:            sessionTokenFlag,
 				Lifetime:              lifetimeFlag,
 			}
@@ -261,6 +261,14 @@ func issueSecret() *cli.Command {
 	}
 }
 
+func getJSONRules(val string) []byte {
+	if data, err := os.ReadFile(val); err == nil {
+		return data
+	}
+
+	return []byte(val)
+}
+
 func obtainSecret() *cli.Command {
 	command := &cli.Command{
 		Name:  "obtain-secret",