diff --git a/.env.sample b/.env.sample
index 923599a..8153850 100644
--- a/.env.sample
+++ b/.env.sample
@@ -42,6 +42,7 @@ USE_RACK_ATTACK=1
 
 SECRET_DEVISE_SECRET_VERSION=v1 #length=64
 SECRET_SECRET_COOKIE_TOKEN_VERSION=v1 #length=64
+SECRET_DB_PASSWORD_VERSION=v1
 
 # Send catch up email (missed yesterday) weekly
 # EMAIL_CATCH_UP_WEEKLY=1
diff --git a/README.md b/README.md
index d469da3..21e2c59 100644
--- a/README.md
+++ b/README.md
@@ -8,23 +8,18 @@
 * **Image**: [`loomio/*`](https://hub.docker.com/r/loomio)
 * **Healthcheck**: No
 * **Backups**: No
-* **Email**: ?
+* **Email**: Outgoing yes, incoming no
 * **Tests**: No
 * **SSO**: No
 <!-- endmetadata -->
 
 ## Basic usage
 
-1. Set up Docker Swarm and [`abra`]
-2. Deploy [`coop-cloud/traefik`]
-3. `abra app new loomio` (optionally with `--pass` if you'd like
-   to save secrets in `pass`)
-4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
-   your Docker swarm box
-5. `abra app deploy YOURAPPDOMAIN`
-6. This should be automated but you also need to run `abra app run loomio_some_domain app rake db:migrate`
-7. Open the configured domain in your browser to finish set-up
-8. Give yourself admin rights by running `User.last.update(is_admin: true)`
+* `abra app new loomio --secrets   ` (optionally with `--pass` if you'd like to save secrets in `pass`)
+* `abra app config <app-name>`
+* insert your smtp password with `abra app secret insert <app-name> smtp_password v1 "<your-password>"`
+* `abra app deploy <app-name>`
+* Open the configured domain in your browser to create your user account (only works in case mail is configured correctly)
+* Give yourself admin rights by running `abra app cmd <app-name> app make_last_user_admin`
 
-[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
-[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
+For more, see [docs.coopcloud.tech](https://docs.coopcloud.tech).
diff --git a/abra.sh b/abra.sh
index 145d09a..63638e7 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1 +1,6 @@
-export LOOMIO_ENTRYPOINT_VERSION=v3
+export LOOMIO_ENTRYPOINT_VERSION=v4
+
+function make_last_user_admin()
+{
+    SECRET_KEY_BASE=$(rake secret) rails runner "User.last.update(is_admin: true)"
+}
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index 1bbadcb..74ceeca 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,8 +1,13 @@
 ---
 version: "3.8"
 
+x-db-env: &db-env
+    POSTGRES_PASSWORD_FILE: /run/secrets/db_password
+    POSTGRES_DB: loomio_production
+    POSTGRES_USER: postgres
+
 x-environment: &default-env
-  DATABASE_URL: postgresql://postgres:password@db/loomio_production
+  <<: *db-env
   REDIS_URL: redis://redis:6379
   CANONICAL_HOST: ${DOMAIN}
   VIRTUAL_HOST: ${DOMAIN}
@@ -43,6 +48,7 @@ services:
     secrets:
       - devise_secret
       - secret_cookie_token
+      - db_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -76,6 +82,7 @@ services:
     secrets:
       - devise_secret
       - secret_cookie_token
+      - db_password
     networks:
       - backend
     environment:
@@ -94,11 +101,11 @@ services:
       - backend
     volumes:
       - pgdata:/pgdata
-      - pgdumps:/pgdumps
+    secrets:
+      - db_password
     environment:
-      - POSTGRES_PASSWORD=password
-      - POSTGRES_DB=loomio_production
-      - PGDATA=/pgdata
+      <<: *db-env
+      PGDATA: /pgdata
   redis:
     image: redis:5.0
     networks:
@@ -130,6 +137,7 @@ services:
     secrets:
       - devise_secret
       - secret_cookie_token
+      - db_password
     volumes:
       - loomio_uploads:/loomio/public/system
       - loomio_storage:/loomio/storage
@@ -160,7 +168,6 @@ volumes:
   loomio_plugins:
   loomio_import:
   pgdata:
-  pgdumps:
 
 configs:
   entrypoint:
@@ -174,3 +181,6 @@ secrets:
   secret_cookie_token:
     external: true
     name: ${STACK_NAME}_secret_cookie_token_${SECRET_SECRET_COOKIE_TOKEN_VERSION}
+  db_password:
+    external: true
+    name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
diff --git a/entrypoint.sh b/entrypoint.sh
index a404ca4..1e3120d 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -23,16 +23,23 @@ file_env() {
 
 file_env "DEVISE_SECRET"
 file_env "SECRET_COOKIE_TOKEN"
+file_env "POSTGRES_PASSWORD"
+export DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@db/${POSTGRES_DB}"
 
-if test ! -f /loomio/storage/migrations_ran; then
-    echo "first deploy, running migrations..."
-    rake db:setup
-    touch /loomio/storage/migrations_ran
-fi
 if [ -n "$1" ]; then
 	echo "Running '$1'"
 	$1
 else
+	if [ ! -f /loomio/storage/migrations_ran ] && [ "${TASK:-}" = "worker" ]; then
+		echo "first deploy, running DB setup..."
+		rake db:setup
+		touch /loomio/storage/migrations_ran
+	fi
+
+	echo "running DB migrations..."
+	rake db:migrate
+	echo "DB migrations finished"
+
 	echo "starting loomio!"
 	/loomio/docker_start.sh
 fi