diff --git a/.gitea/workflows/deploy-socialize.yml b/.gitea/workflows/deploy-socialize.yml
index 6bc1121..53a105d 100644
--- a/.gitea/workflows/deploy-socialize.yml
+++ b/.gitea/workflows/deploy-socialize.yml
@@ -47,21 +47,9 @@ jobs:
           DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
           DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
           DEPLOY_SSH_PRIVATE_KEY_B64: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY_B64 }}
-          POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
-          POSTGRES_PORT: ${{ secrets.POSTGRES_PORT }}
-          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
-          RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
-          RESEND_FROM_EMAIL: ${{ secrets.RESEND_FROM_EMAIL }}
-          JWT_SIGNING_KEY: ${{ secrets.JWT_SIGNING_KEY }}
           SOCIALIZE_IMAGE_TAG: ${{ gitea.sha }}
         run: |
-          : "${POSTGRES_PASSWORD:?POSTGRES_PASSWORD secret is required}"
-          : "${RESEND_API_KEY:?RESEND_API_KEY secret is required}"
-          : "${RESEND_FROM_EMAIL:?RESEND_FROM_EMAIL secret is required}"
-          : "${JWT_SIGNING_KEY:?JWT_SIGNING_KEY secret is required}"
           : "${SOCIALIZE_IMAGE_TAG:?SOCIALIZE_IMAGE_TAG is required}"
-          POSTGRES_HOST="${POSTGRES_HOST:-db}"
-          POSTGRES_PORT="${POSTGRES_PORT:-5432}"
 
           mkdir -p ~/.ssh
           printf '%s' "$DEPLOY_SSH_PRIVATE_KEY_B64" | base64 -d > ~/.ssh/deploy_key
@@ -76,36 +64,12 @@ jobs:
 
           deploy_env="$(mktemp)"
           {
-            write_env_value POSTGRES_USER sa
-            write_env_value POSTGRES_HOST "$POSTGRES_HOST"
-            write_env_value POSTGRES_PORT "$POSTGRES_PORT"
-            write_env_value POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
-            write_env_value POSTGRES_DB socialize
-            write_env_value ConnectionStrings__PostgresConnection "Host=$POSTGRES_HOST;Port=$POSTGRES_PORT;Database=socialize;Username=sa;Password=$POSTGRES_PASSWORD"
-            write_env_value ASPNETCORE_ENVIRONMENT Production
-            write_env_value ASPNETCORE_URLS http://0.0.0.0:8080
-            write_env_value WEBSITE_FRONTEND_BASE_URL https://socialize.mapachotes.com
-            write_env_value Website__FrontendBaseUrl https://socialize.mapachotes.com
-            write_env_value RESEND_API_KEY "$RESEND_API_KEY"
-            write_env_value Emailer__ApiKey "$RESEND_API_KEY"
-            write_env_value RESEND_FROM_EMAIL "$RESEND_FROM_EMAIL"
-            write_env_value Emailer__FromEmail "$RESEND_FROM_EMAIL"
-            write_env_value JWT_ISSUER https://socialize.mapachotes.com
-            write_env_value Authentication__Jwt__Issuer https://socialize.mapachotes.com
-            write_env_value JWT_AUDIENCE socialize-preprod
-            write_env_value Authentication__Jwt__Audience socialize-preprod
-            write_env_value JWT_SIGNING_KEY "$JWT_SIGNING_KEY"
-            write_env_value Authentication__Jwt__Key "$JWT_SIGNING_KEY"
-            write_env_value JWT_LIFETIME 00:05:00
-            write_env_value Authentication__Jwt__Lifetime 00:05:00
-            write_env_value JWT_REFRESH_TOKEN_LIFETIME 0.00:30:00
-            write_env_value Authentication__Jwt__RefreshTokenLifetime 0.00:30:00
             write_env_value SOCIALIZE_IMAGE_TAG "$SOCIALIZE_IMAGE_TAG"
           } > "$deploy_env"
 
-          scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.env"
+          scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.deploy.env"
           rm -f "$deploy_env"
           scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new deploy/compose.yml "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/compose.yml"
 
           ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$DEPLOY_USER@$DEPLOY_HOST" \
-            'cd /srv/prod/socialize && set -a && . ./.env && set +a && ./deploy.sh'
+            'test -r /etc/socialize/socialize.env && cd /srv/prod/socialize && ./deploy.sh'
diff --git a/deploy/compose.yml b/deploy/compose.yml
index cdc5484..2161c5b 100644
--- a/deploy/compose.yml
+++ b/deploy/compose.yml
@@ -3,7 +3,8 @@ services:
     image: postgres:16
     restart: unless-stopped
     env_file:
-      - .env
+      - /etc/socialize/socialize.env
+      - .deploy.env
     environment:
       POSTGRES_DB: ${POSTGRES_DB}
       POSTGRES_USER: ${POSTGRES_USER}
@@ -22,7 +23,20 @@ services:
     image: git.mapachotes.com/jbourdon/socialize-api:${SOCIALIZE_IMAGE_TAG}
     restart: unless-stopped
     env_file:
-      - .env
+      - /etc/socialize/socialize.env
+      - .deploy.env
+    environment:
+      ASPNETCORE_ENVIRONMENT: ${ASPNETCORE_ENVIRONMENT}
+      ASPNETCORE_URLS: ${ASPNETCORE_URLS}
+      ConnectionStrings__PostgresConnection: Host=${POSTGRES_HOST};Port=${POSTGRES_PORT};Database=${POSTGRES_DB};Username=${POSTGRES_USER};Password=${POSTGRES_PASSWORD}
+      Website__FrontendBaseUrl: ${WEBSITE_FRONTEND_BASE_URL}
+      Emailer__ApiKey: ${RESEND_API_KEY}
+      Emailer__FromEmail: ${RESEND_FROM_EMAIL}
+      Authentication__Jwt__Issuer: ${JWT_ISSUER}
+      Authentication__Jwt__Audience: ${JWT_AUDIENCE}
+      Authentication__Jwt__Key: ${JWT_SIGNING_KEY}
+      Authentication__Jwt__Lifetime: ${JWT_LIFETIME}
+      Authentication__Jwt__RefreshTokenLifetime: ${JWT_REFRESH_TOKEN_LIFETIME}
     depends_on:
       db:
         condition: service_healthy