diff --git a/Makefile.include b/Makefile.include
index 0c6cc679f..5ca9cd5da 100644
--- a/Makefile.include
+++ b/Makefile.include
@@ -360,6 +360,9 @@ viewconf:
 	@echo "##### \"MAKE_MAC\": ______________________________ $(MAKE_MAC)"
 	@echo "##### \"MAKE_NET\": ______________________________ $(MAKE_NET)"
 	@echo "##### \"MAKE_ROUTING\": __________________________ $(MAKE_ROUTING)"
+ifdef MAKE_COAP_DTLS_KEYSTORE
+	@echo "##### \"MAKE_COAP_DTLS_KEYSTORE\": _______________ $(MAKE_COAP_DTLS_KEYSTORE)"
+endif
 	@echo "----------------- C variables: -----------------"
 	$(Q)$(CC) $(CFLAGS) -E $(CONTIKI)/tools/viewconf.c | grep \#\#\#\#\#
 	@echo "------------------------------------------------"
diff --git a/examples/lwm2m/standalone/coap-hex/coap-hex.h b/examples/lwm2m/standalone/coap-hex/coap-hex.h
index b03b0f3a1..5da72f5b7 100644
--- a/examples/lwm2m/standalone/coap-hex/coap-hex.h
+++ b/examples/lwm2m/standalone/coap-hex/coap-hex.h
@@ -40,8 +40,6 @@
 
 #define COAP_ENDPOINT_CUSTOM 1
 
-#define LWM2M_SECURITY_CONF_REGISTER_KEY_STORE 0
-
 typedef struct {
   int addr; /* if we want to switch on something... */
   unsigned int size;
diff --git a/os/net/app-layer/coap/Makefile.coap b/os/net/app-layer/coap/Makefile.coap
index 4f1d2cd9f..ddf195221 100644
--- a/os/net/app-layer/coap/Makefile.coap
+++ b/os/net/app-layer/coap/Makefile.coap
@@ -13,4 +13,20 @@ ifeq ($(MAKE_WITH_DTLS),1)
  MODULES += os/net/app-layer/coap/tinydtls-support
  MODULES += $(TINYDTLS_PATH) ${addprefix $(TINYDTLS_PATH)/,aes sha2 ecc}
 
+ MAKE_COAP_DTLS_KEYSTORE_NONE   := 0
+ MAKE_COAP_DTLS_KEYSTORE_SIMPLE := 1
+ MAKE_COAP_DTLS_KEYSTORE_LWM2M  := 2
+
+ MAKE_COAP_DTLS_KEYSTORE ?= MAKE_COAP_DTLS_KEYSTORE_LWM2M
+
+ ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_SIMPLE)
+  CFLAGS += -DCOAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE=1
+ else ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_LWM2M)
+  CFLAGS += -DCOAP_DTLS_KEYSTORE_CONF_WITH_LWM2M=1
+ else ifeq ($(MAKE_COAP_DTLS_KEYSTORE),MAKE_COAP_DTLS_KEYSTORE_NONE)
+  # No C flag needed for no keystore
+ else
+  ${error Unsupported CoAP DTLS keystore: $(MAKE_COAP_DTLS_KEYSTORE)}
+ endif
+
 endif
diff --git a/os/net/app-layer/coap/coap-keystore-simple.c b/os/net/app-layer/coap/coap-keystore-simple.c
index 1d3ded722..e195f1b33 100644
--- a/os/net/app-layer/coap/coap-keystore-simple.c
+++ b/os/net/app-layer/coap/coap-keystore-simple.c
@@ -40,16 +40,10 @@
 #include "coap-keystore.h"
 #include <string.h>
 
-/* #ifndef PSK_DEFAULT_IDENTITY */
-/* #define PSK_DEFAULT_IDENTITY "Client_identity" */
-/* #endif /\* PSK_DEFAULT_IDENTITY *\/ */
-
-/* #ifndef PSK_DEFAULT_KEY */
-/* #define PSK_DEFAULT_KEY      "secretPSK" */
-/* #endif /\* PSK_DEFAULT_KEY *\/ */
-/*---------------------------------------------------------------------------*/
 #ifdef WITH_DTLS
-#if defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY)
+#ifdef COAP_DTLS_PSK_DEFAULT_IDENTITY
+#ifdef COAP_DTLS_PSK_DEFAULT_KEY
+/*---------------------------------------------------------------------------*/
 static int
 get_default_psk_info(const coap_endpoint_t *address_info,
                      coap_keystore_psk_entry_t *info)
@@ -57,17 +51,18 @@ get_default_psk_info(const coap_endpoint_t *address_info,
   if(info != NULL) {
     if(info->identity == NULL || info->identity_len == 0) {
       /* Identity requested */
-      info->identity = (uint8_t *)PSK_DEFAULT_IDENTITY;
-      info->identity_len = strlen(PSK_DEFAULT_IDENTITY);
+      info->identity = (uint8_t *)COAP_DTLS_PSK_DEFAULT_IDENTITY;
+      info->identity_len = strlen(COAP_DTLS_PSK_DEFAULT_IDENTITY);
       return 1;
     }
-    if(info->identity_len != strlen(PSK_DEFAULT_IDENTITY) ||
-       memcmp(info->identity, PSK_DEFAULT_IDENTITY, info->identity_len) != 0) {
+    if(info->identity_len != strlen(COAP_DTLS_PSK_DEFAULT_IDENTITY) ||
+       memcmp(info->identity, COAP_DTLS_PSK_DEFAULT_IDENTITY,
+              info->identity_len) != 0) {
       /* Identity not matching */
       return 0;
     }
-    info->key = (uint8_t *)PSK_DEFAULT_KEY;
-    info->key_len = strlen(PSK_DEFAULT_KEY);
+    info->key = (uint8_t *)COAP_DTLS_PSK_DEFAULT_KEY;
+    info->key_len = strlen(COAP_DTLS_PSK_DEFAULT_KEY);
     return 1;
   }
   return 0;
@@ -75,16 +70,22 @@ get_default_psk_info(const coap_endpoint_t *address_info,
 static const coap_keystore_t simple_key_store = {
   .coap_get_psk_info = get_default_psk_info
 };
-#endif /* defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY) */
+/*---------------------------------------------------------------------------*/
+#endif /* COAP_DTLS_PSK_DEFAULT_KEY */
+#endif /* COAP_DTLS_PSK_DEFAULT_IDENTITY */
 #endif /* WITH_DTLS */
 /*---------------------------------------------------------------------------*/
 void
-coap_store_simple_init(void)
+coap_keystore_simple_init(void)
 {
 #ifdef WITH_DTLS
-#if defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY)
+#ifdef COAP_DTLS_PSK_DEFAULT_IDENTITY
+#ifdef COAP_DTLS_PSK_DEFAULT_KEY
+
   coap_set_keystore(&simple_key_store);
-#endif /* defined(PSK_DEFAULT_IDENTITY) && defined(PSK_DEFAULT_KEY) */
+
+#endif /* COAP_DTLS_PSK_DEFAULT_KEY */
+#endif /* COAP_DTLS_PSK_DEFAULT_IDENTITY */
 #endif /* WITH_DTLS */
 }
 /*---------------------------------------------------------------------------*/
diff --git a/os/net/app-layer/coap/coap-keystore-simple.h b/os/net/app-layer/coap/coap-keystore-simple.h
index 7f13853fb..6e76927e5 100644
--- a/os/net/app-layer/coap/coap-keystore-simple.h
+++ b/os/net/app-layer/coap/coap-keystore-simple.h
@@ -39,6 +39,14 @@
 #ifndef COAP_KEYSTORE_SIMPLE_H_
 #define COAP_KEYSTORE_SIMPLE_H_
 
-void coap_keystore_simple(void);
+/*
+ * Registers a simple CoAP DTLS keystore with fixed PSK credentials.
+ *
+ * The credentials can be configured in project-conf.h
+ *
+ * #define COAP_DTLS_PSK_DEFAULT_IDENTITY "user"
+ * #define COAP_DTLS_PSK_DEFAULT_KEY      "password"
+ */
+void coap_keystore_simple_init(void);
 
 #endif /* COAP_KEYSTORE_SIMPLE_H_ */
diff --git a/os/net/app-layer/coap/coap-uip.c b/os/net/app-layer/coap/coap-uip.c
index b6ab6064f..61fdf49f0 100644
--- a/os/net/app-layer/coap/coap-uip.c
+++ b/os/net/app-layer/coap/coap-uip.c
@@ -46,6 +46,7 @@
 #include "coap-transactions.h"
 #include "coap-constants.h"
 #include "coap-keystore.h"
+#include "coap-keystore-simple.h"
 
 
 #if UIP_CONF_IPV6_RPL
@@ -117,9 +118,6 @@ coap_endpoint_copy(coap_endpoint_t *destination,
   uip_ipaddr_copy(&destination->ipaddr, &from->ipaddr);
   destination->port = from->port;
   destination->secure = from->secure;
-
-  PRINTF("EP copy: from sec:%d to sec:%d\n", from->secure,
-         destination->secure);
 }
 /*---------------------------------------------------------------------------*/
 int
@@ -296,8 +294,12 @@ coap_transport_init(void)
 #ifdef WITH_DTLS
   dtls_init();
   dtls_set_log_level(8);
-#endif /* WITH_DTLS */
 
+#if COAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE
+  coap_keystore_simple_init();
+#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_SIMPLE */
+
+#endif /* WITH_DTLS */
 }
 /*---------------------------------------------------------------------------*/
 #ifdef WITH_DTLS
diff --git a/os/services/lwm2m/lwm2m-security.c b/os/services/lwm2m/lwm2m-security.c
index e7c8a4bde..b680acdc7 100644
--- a/os/services/lwm2m/lwm2m-security.c
+++ b/os/services/lwm2m/lwm2m-security.c
@@ -67,12 +67,6 @@
 #define PRINTEP(ep)
 #endif
 
-#ifdef LWM2M_SECURITY_CONF_REGISTER_KEY_STORE
-#define LWM2M_SECURITY_REGISTER_KEY_STORE LWM2M_SECURITY_CONF_REGISTER_KEY_STORE
-#else /* LWM2M_SECURITY_CONF_REGISTER_KEY_STORE */
-#define LWM2M_SECURITY_REGISTER_KEY_STORE 1
-#endif /* LWM2M_SECURITY_CONF_REGISTER_KEY_STORE */
-
 #define MAX_COUNT LWM2M_SERVER_MAX_COUNT
 
 static lwm2m_status_t lwm2m_callback(lwm2m_object_instance_t *object,
@@ -357,7 +351,7 @@ static lwm2m_object_t reg_object = {
 };
 /*---------------------------------------------------------------------------*/
 #ifdef WITH_DTLS
-#if LWM2M_SECURITY_REGISTER_KEY_STORE
+#if COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M
 static int
 get_psk_info(const coap_endpoint_t *address_info,
              coap_keystore_psk_entry_t *info)
@@ -431,15 +425,10 @@ get_psk_info(const coap_endpoint_t *address_info,
   info->key_len = e->secret_key_len;
   return 1;
 }
-#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
-#endif /* WITH_DTLS */
-/*---------------------------------------------------------------------------*/
-#ifdef WITH_DTLS
-#if LWM2M_SECURITY_REGISTER_KEY_STORE
 static const coap_keystore_t key_store = {
   .coap_get_psk_info = get_psk_info
 };
-#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
+#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M */
 #endif /* WITH_DTLS */
 /*---------------------------------------------------------------------------*/
 void
@@ -447,7 +436,7 @@ lwm2m_security_init(void)
 {
   int i;
 
-  PRINTF("*** Init lwm2m-security\n");
+  PRINTF("lwm2m-sec: init\n");
 
   list_init(instances_list);
 
@@ -457,11 +446,15 @@ lwm2m_security_init(void)
   if(lwm2m_engine_add_generic_object(&reg_object)) {
 
 #ifdef WITH_DTLS
-#if LWM2M_SECURITY_REGISTER_KEY_STORE
+#if COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M
     /* Security object handler added - register keystore */
     coap_set_keystore(&key_store);
-#endif /* LWM2M_SECURITY_REGISTER_KEY_STORE */
+    PRINTF("lwm2m-sec: registered keystore\n");
+#endif /* COAP_DTLS_KEYSTORE_CONF_WITH_LWM2M */
 #endif /* WITH_DTLS */
+
+  } else {
+    PRINTF("lwm2m-sec: failed to register\n");
   }
 }
 /*---------------------------------------------------------------------------*/