diff --git a/.env.sample b/.env.sample
index 600c819..9db8257 100644
--- a/.env.sample
+++ b/.env.sample
@@ -27,6 +27,8 @@ SECRET_COLLAB_SS_VERSION=v1
 SECRET_POSTGRES_P_VERSION=v1
 # Y_PROVIDER_API_KEY
 SECRET_Y_API_KEY_VERSION=v1
+# DJANGO_HOST_EMAIL_PASSWORD
+SECRET_EMAIL_PASS_VERSION=v1
 
 ##############################################################################
 # EMAIL
@@ -35,6 +37,9 @@ DJANGO_EMAIL_BRAND_NAME="La Suite Numérique"
 DJANGO_EMAIL_HOST="mail.example.com"
 DJANGO_EMAIL_LOGO_IMG="http://$DOMAIN/assets/logo-suite-numerique.png"
 DJANGO_EMAIL_PORT=1025
+DJANGO_EMAIL_USE_SSL=True
+DJANGO_EMAIL_USE_TLS=False
+DJANGO_EMAIL_FROM=mail@example.com
 
 ##############################################################################
 # SINGLE SIGN ON
diff --git a/abra-entrypoint.sh b/abra-entrypoint.sh
index 6366227..470e0dd 100644
--- a/abra-entrypoint.sh
+++ b/abra-entrypoint.sh
@@ -9,6 +9,7 @@ set -e
 [ -f /run/secrets/oidc_rpcs ] && export OIDC_RP_CLIENT_SECRET="$(cat /run/secrets/oidc_rpcs)"
 [ -f /run/secrets/collab_ss ] && export COLLABORATION_SERVER_SECRET="$(cat /run/secrets/collab_ss)"
 [ -f /run/secrets/y_api_key ] && export Y_PROVIDER_API_KEY="$(cat /run/secrets/y_api_key)"
+[ -f /run/secrets/email_pass ] && export DJANGO_EMAIL_HOST_PASSWORD="$(cat /run/secrets/email_pass)"
 
 # if not in "env" mode, then execute the original entrypoint and command
 if [ ! "$1" = "-e" ]; then
diff --git a/compose.yml b/compose.yml
index c65eb69..335d227 100644
--- a/compose.yml
+++ b/compose.yml
@@ -21,7 +21,10 @@ x-common-env: &common-env
   DJANGO_EMAIL_LOGO_IMG:
   DJANGO_EMAIL_PORT:
   DJANGO_EMAIL_HOST_USER:
-  DJANGO_EMAIL_HOST_PASSWORD:
+  # DJANGO_EMAIL_HOST_PASSWORD supplied via secret
+  DJANGO_EMAIL_USE_SSL:
+  DJANGO_EMAIL_USE_TLS:
+  DJANGO_EMAIL_FROM:
   # Backend url
   IMPRESS_BASE_URL: "https://${DOMAIN}"
   # Media
@@ -122,6 +125,7 @@ services:
       - minio_ru
       - postgres_p
       - y_api_key
+      - email_pass
 
   celery:
     image: lasuite/impress-backend:v3.4.2
@@ -143,6 +147,7 @@ services:
       - minio_rp
       - postgres_p
       - y_api_key
+      - email_pass
 
 
   y-provider:
@@ -306,4 +311,7 @@ secrets:
     name: ${STACK_NAME}_minio_ru_${SECRET_MINIO_RP_VERSION}
   y_api_key:
     external: true
-    name: ${STACK_NAME}_y_api_key_${SECRET_Y_API_KEY_VERSION}
\ No newline at end of file
+    name: ${STACK_NAME}_y_api_key_${SECRET_Y_API_KEY_VERSION}
+  email_pass:
+    external: true
+    name: ${STACK_NAME}_email_pass_${SECRET_EMAIL_PASS_VERSION}
\ No newline at end of file