diff --git a/backend/entrypoint.sh b/backend/entrypoint.sh
index 1031cb1..f878d6f 100644
--- a/backend/entrypoint.sh
+++ b/backend/entrypoint.sh
@@ -16,12 +16,14 @@ check_postgres() {
   local db_host
   local db_user
   local db_name
-  local db_pass
+  #local db_pass
 
   db_host=$(get_env PGHOST)
   db_user=$(get_env PGUSER POSTGRES_USER)
   db_name=$(get_env PGDATABASE POSTGRES_DB)
-  db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD)
+  #db_pass=$(get_env PGPASSWORD POSTGRES_PASSWORD)
+  db_pass=$(< /run/secrets/POSTGRES_PASSWORD)
+  # NOTE: password should be handled with more care
 
   PGPASSWORD="$db_pass" psql -h "$db_host" -U "$db_user" -d "$db_name" -c '\q' >/dev/null 2>&1
 }
@@ -42,7 +44,8 @@ done
 python manage.py migrate
 
 # Create superuser if environment variables are set and there are no users present at all.
-if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -n "$DJANGO_ADMIN_PASSWORD" ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then
+# NOTE: unsure if this checks if a password actually exists
+if [ -n "$DJANGO_ADMIN_USERNAME" ] && [ -f /run/secrets/DJANGO-ADMIN-PASSWORD ] && [ -n "$DJANGO_ADMIN_EMAIL" ]; then
   echo "Creating superuser..."
   python manage.py shell << EOF
 from django.contrib.auth import get_user_model
@@ -56,7 +59,7 @@ if not User.objects.filter(username='$DJANGO_ADMIN_USERNAME').exists():
     superuser = User.objects.create_superuser(
         username='$DJANGO_ADMIN_USERNAME',
         email='$DJANGO_ADMIN_EMAIL',
-        password='$DJANGO_ADMIN_PASSWORD'
+        password='$(cat /run/secrets/DJANGO-ADMIN-PASSWORD)'
     )
     print("Superuser created successfully.")
 
diff --git a/backend/server/main/settings.py b/backend/server/main/settings.py
index 073fd77..2edb0c5 100644
--- a/backend/server/main/settings.py
+++ b/backend/server/main/settings.py
@@ -24,7 +24,9 @@ BASE_DIR = os.path.dirname(os.path.dirname(__file__))
 # See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = getenv('SECRET_KEY')
+with open('/run/secret/DJANGO-ADMIN-PASSWORD') as fp:
+  v = fp.read()
+SECRET_KEY = v.decode('base64')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = getenv('DEBUG', 'true').lower() == 'true'
@@ -112,12 +114,16 @@ def env(*keys, default=None):
             return value
     return default
 
+with open('/run/secrets/POSTGRES_PASSWORD') as fp:
+  v = fp.read()
+POSTGRES_PASSWORD = v.decode('base64')
+
 DATABASES = {
     'default': {
         'ENGINE': 'django.contrib.gis.db.backends.postgis',
         'NAME': env('PGDATABASE', 'POSTGRES_DB'),
         'USER': env('PGUSER', 'POSTGRES_USER'),
-        'PASSWORD': env('PGPASSWORD', 'POSTGRES_PASSWORD'),
+        'PASSWORD': POSTGRES_PASSWORD,
         'HOST': env('PGHOST', default='localhost'),
         'PORT': int(env('PGPORT', default='5432')),
         'OPTIONS': {
@@ -126,6 +132,8 @@ DATABASES = {
     }
 }
 
+POSTGRES_PASSWORD = ""
+
 # Internationalization
 # https://docs.djangoproject.com/en/1.7/topics/i18n/
 
@@ -259,7 +267,7 @@ else:
     EMAIL_PORT = getenv('EMAIL_PORT', 587)
     EMAIL_USE_SSL = getenv('EMAIL_USE_SSL', 'false').lower() == 'true'
     EMAIL_HOST_USER = getenv('EMAIL_HOST_USER')
-    EMAIL_HOST_PASSWORD = getenv('EMAIL_HOST_PASSWORD')
+    EMAIL_HOST_PASSWORD = '$(< /run/secrets/EMAIL-HOST-PASSWORD)'
     DEFAULT_FROM_EMAIL = getenv('DEFAULT_FROM_EMAIL')
 
 # EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
@@ -327,4 +335,6 @@ LOGGING = {
 # https://github.com/dr5hn/countries-states-cities-database/tags
 COUNTRY_REGION_JSON_VERSION = 'v2.6'
 
-GOOGLE_MAPS_API_KEY = getenv('GOOGLE_MAPS_API_KEY', '')
\ No newline at end of file
+with open('/run/secrets/GMAPS_API_KEY') as fp:
+  v = fp.read()
+GOOGLE_MAPS_API_KEY = v.decode('base64')
diff --git a/docker-compose.yml b/docker-compose.yml
index e1450ac..2d6fdd9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,7 +8,6 @@ services:
       - PUBLIC_SERVER_URL=http://server:8000 # PLEASE DON'T CHANGE :) - Should be the service name of the backend with port 8000, even if you change the port in the backend service. Only change if you are using a custom more complex setup.
       - ORIGIN=${FRONTENT_URL:-http://localhost:8015}
       - BODY_SIZE_LIMIT=${BODY_SIZE_LIMIT:-Infinity}
-      #- FRONTEND_PORT=${FRONTEND_PORT=:-8015}
     ports:
       - "${FRONTEND_PORT:-8015}:3000"
     depends_on:
@@ -21,31 +20,50 @@ services:
     environment:
       - POSTGRES_DB=${POSTGRES_DB:-database}
       - POSTGRES_USER=${POSTGRES_USER:-adventure}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
+      #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/POSTGRES_PASSWORD
+    secrets:
+      - POSTGRES_PASSWORD
     volumes:
       - postgres_data:/var/lib/postgresql/data/
 
   server:
     #build: ./backend/
-    #image: ghcr.io/seanmorley15/adventurelog-backend:latest
-    image: 9f0471e8d7f872adf81dc41c9296f99fbadac01edb26e
+    image: ghcr.io/seanmorley15/adventurelog-backend:latest
     container_name: adventurelog-backend
     restart: unless-stopped
     environment:
       - PGHOST=db
       - POSTGRES_DB=${POSTGRES_DB:-database}
       - POSTGRES_USER=${POSTGRES_USER:-adventure}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
+      #- POSTGRES_PASSWORD=${POSTGRES_PASSWORD:-changeme123}
       - SECRET_KEY=${SECRET_KEY:-changeme123}
       - DJANGO_ADMIN_USERNAME=${DJANGO_ADMIN_USERNAME:-admin}
-      - DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin}
+      #- DJANGO_ADMIN_PASSWORD=${DJANGO_ADMIN_PASSWORD:-admin}
       - DJANGO_ADMIN_EMAIL=${DJANGO_ADMIN_EMAIL:-admin@example.com}
       - PUBLIC_URL=${BACKEND_URL:-http://localhost:8016}
       - CSRF_TRUSTED_ORIGINS=${FRONTEND_URL:-http://localhost:8015},${BACKEND_URL:-http://localhost:8016}
       - DEBUG=False
       - FRONTEND_URL=${FRONTEND_URL:-http://localhost:8015} # Used for email generation. This should be the url of the frontend
       - BACKEND_PORT=${BACKEND_PORT:-8016}
-
+      - DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-False}
+      - DISABLE_REGISTRATION_MESSAGE=${DISABLE_REGISTRATION_MESSAGE}
+      - EMAIL_BACKEND=${EMAIL_BACKEND:-console}
+      - EMAIL_HOST=${EMAIL_HOST}
+      - EMAIL_USE_TLS=${EMAIL_USE_TLS}
+      - EMAIL_PORT=${EMAIL_PORT}
+      - EMAIL_USE_SSL=${EMAIL_USE_SSL}
+      - EMAIL_HOST_USER=${EMAIL_HOST_USER}
+      #- EMAIL_HOST_PASSWORD=${EMAIL_HOST_PASSWORD}
+      - DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}
+      #- GOOGLE_MAPS_API_KEY=${GOOGLE_MAPS_API_KEY}
+      - PUBLIC_UMAMI_SRC=${PUBLIC_UMAMI_SRC}
+      - PUBLIC_UMAMI_WEBSITE_ID=${PUBLIC_UMAMI_WEBSITE_ID}
+    secrets:
+      - DJANGO-ADMIN-PASSWORD
+      - POSTGRES_PASSWORD
+      - EMAIL-HOST-PASSWORD
+      - GMAPS-API-KEY
     ports:
       - "${BACKEND_PORT:-8016}:80"
     depends_on:
@@ -53,6 +71,16 @@ services:
     volumes:
       - adventurelog_media:/code/media/
 
+secrets:
+  GMAPS-API-KEY:
+    file: gmaps-api-key.txt
+  EMAIL-HOST-PASSWORD:
+    file: email-host-password.txt
+  DJANGO-ADMIN-PASSWORD:
+    file: django-admin-password.txt
+  POSTGRES_PASSWORD:
+    file: postgres-password.txt
+
 volumes:
   postgres_data:
   adventurelog_media: