diff --git a/entrypoint.sh b/abra-entrypoint.sh
similarity index 100%
rename from entrypoint.sh
rename to abra-entrypoint.sh
diff --git a/compose.yml b/compose.yml
index f7962e4..af88f00 100644
--- a/compose.yml
+++ b/compose.yml
@@ -74,14 +74,16 @@ x-yprovider-env: &yprovider-env
   COLLABORATION_API_URL: http://y-provider:4444/api/
   COLLABORATION_SERVER_ORIGIN: https://${DOMAIN}
   # FIXME: Move to docker secret
-  COLLABORATION_SERVER_SECRET: my-secret
+  XX_COLLABORATION_SERVER_SECRET: my-secret
   COLLABORATION_BACKEND_BASE_URL: https://${DOMAIN}
   COLLABORATION_WS_URL: wss://${DOMAIN}/collaboration/ws/
 
 x-minio-env: &minio-env
   MINIO_ROOT_USER: user
   # FIXME: Move to docker secret
-  MINIO_ROOT_PASSWORD: password
+  XX_MINIO_ROOT_PASSWORD: password
+  MINIO_ROOT_PASSWORD_FILE: /run/secrets/minio_root_password
+
 
 services:
   app:
@@ -162,6 +164,13 @@ services:
         target: /abra-entrypoint.sh
         mode: 0555
     # NOTE: healthcheck - `wget` is available in the container, but `wget http://localhost:4444` gives a 403
+    secrets:
+      - django_secret_key
+      - oidc_rp_client_secret
+      - django_superuser_password
+      - collaboration_server_secret
+      - minio_root_password
+      - postgres_password
 
   db:
     image: postgres:16
@@ -204,19 +213,24 @@ services:
     environment: *minio-env
     networks:
       - backend 
-    entrypoint: >
-      sh -c "
-      /usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} && \
-      /usr/bin/mc mb --ignore-existing docs/docs-media-storage && \
-      /usr/bin/mc version enable docs/docs-media-storage && \
-      exit 0;"
+    entrypoint: ["/abra-entrypoint.sh"]
+    command: >
+      sh -c "/usr/bin/mc alias set docs http://minio:9000 $${MINIO_ROOT_USER} $${MINIO_ROOT_PASSWORD} &&
+      /usr/bin/mc mb --ignore-existing docs/docs-media-storage &&
+      /usr/bin/mc version enable docs/docs-media-storage &&
+      exit 0"
     deploy:
       mode: replicated
       replicas: 0
       restart_policy:
         condition: none
     secrets:
+      - django_secret_key
+      - oidc_rp_client_secret
+      - django_superuser_password
+      - collaboration_server_secret
       - minio_root_password
+      - postgres_password
 
   minio:
     image: minio/minio:RELEASE.2025-05-24T17-08-30Z
@@ -284,7 +298,7 @@ configs:
     file: pg_backup.sh
   abra_entrypoint:
     name: ${STACK_NAME}_entrypoint_${ABRA_ENTRYPOINT_VERSION}
-    file: entrypoint.sh
+    file: abra-entrypoint.sh
 
 secrets:
   django_secret_key: