diff --git a/.env.sample b/.env.sample
index 3b01b95..252b569 100644
--- a/.env.sample
+++ b/.env.sample
@@ -2,7 +2,15 @@ TYPE=garage
 
 DOMAIN=garage.example.com
 
-## Domain aliases
-#EXTRA_DOMAINS=', `www.garage.example.com`'
-
 LETS_ENCRYPT_ENV=production
+COMPOSE_FILE="compose.yml"
+
+SECRET_RPC_SECRET_VERSION=v1
+
+###############################
+##### Map local directory #####
+###############################
+# If either meta or local is left blank (an empty string does not count it has to have no value) then it will default to the original docker volume
+#COMPOSE_FILE="$COMPOSE_FILE:compose.localfs.yml"
+#LOCAL_FOLDER_META
+#LOCAL_FOLDER_DATA
\ No newline at end of file
diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..2448995
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export GARAGE_CONF_VERSION=v2
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index 216c063..d63d422 100644
--- a/compose.yml
+++ b/compose.yml
@@ -4,6 +4,11 @@ version: "3.8"
 services:
   app:
     image: dxflrs/garage:v1.0.0
+    configs:
+      - source: garage_conf
+        target: /etc/garage.toml
+    secrets:
+      - rpc_secret
     networks:
       - proxy
     deploy:
@@ -11,26 +16,30 @@ services:
         condition: on-failure
       labels:
         - "traefik.enable=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3900"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "coop-cloud.${STACK_NAME}.version="
     volumes:
-      - conf:/etc/garage.toml
       - meta:/var/lib/garage/meta
       - data:/var/lib/garage/data
-    # healthcheck:
-    #   test: ["CMD", "curl", "-f", "http://localhost"]
-    #   interval: 30s
-    #   timeout: 10s
-    #   retries: 10
-    #   start_period: 1m
 
 networks:
   proxy:
     external: true
 
+configs:
+  garage_conf:
+    name: ${STACK_NAME}_garage_conf_${GARAGE_CONF_VERSION}
+    file: garage.toml.tmpl
+    template_driver: golang
+
+secrets:
+  rpc_secret:
+    name: ${STACK_NAME}_rpc_secret_${SECRET_RPC_SECRET_VERSION}
+    external: true
+
 volumes:
   meta:
   data:
diff --git a/garage.toml.tmpl b/garage.toml.tmpl
index a8f79dd..2661396 100644
--- a/garage.toml.tmpl
+++ b/garage.toml.tmpl
@@ -8,15 +8,10 @@ replication_factor = 3
 compression_level = 2
 
 rpc_bind_addr = "[::]:3901"
-rpc_public_addr = "{{ env "DOMAIN" }}:3901"
-rpc_secret = "<RPC secret>"
+rpc_addr = "[::]:3901"
+rpc_secret = "{{ secret "rpc_secret" }}"
 
 [s3_api]
 s3_region = "garage"
 api_bind_addr = "[::]:3900"
-root_domain = ".s3.garage"
-
-[s3_web]
-bind_addr = "[::]:3902"
-root_domain = ".web.garage"
-index = "index.html"
\ No newline at end of file
+root_domain = ".s3.garage"
\ No newline at end of file