diff --git a/.env.sample b/.env.sample
index faed926..b366234 100644
--- a/.env.sample
+++ b/.env.sample
@@ -14,4 +14,5 @@ HUGO_GIT_URL=git@codeberg.org:offline/future.git
 
 # Private repository deployment
 #COMPOSE_FILE="compose.yml:compose.private.yml"
+#PRIVATE_ENABLED=1
 #SECRET_DEPLOY_KEY_VERSION=v1
diff --git a/badger-entrypoint.sh.tmpl b/badger-entrypoint.sh.tmpl
index b43017c..73c7b78 100644
--- a/badger-entrypoint.sh.tmpl
+++ b/badger-entrypoint.sh.tmpl
@@ -2,6 +2,11 @@
 
 set -e
 
+{{ if eq (env "PRIVATE_ENABLED") "1" }}
+eval $(ssh-agent -s)
+ssh-add /root/.ssh/deploy
+{{ end }}
+
 bash /root/scripts/deploy.sh
 
 exec "$@"
diff --git a/compose.private.yml b/compose.private.yml
index 1b42107..5d6433b 100644
--- a/compose.private.yml
+++ b/compose.private.yml
@@ -4,10 +4,11 @@ version: "3.8"
 services:
   badger:
     configs:
-      - source: ssh_config
-        target: /home/webhookd/.ssh/config
+      - source: ssh_conf
+        target: /root/.ssh/config
       - source: ssh_deploy_key
-        target: /home/webhookd/.ssh/deploy
+        target: /root/.ssh/deploy
+        mode: 0400
     secrets:
       - deploy_key
 
diff --git a/compose.yml b/compose.yml
index 7db1172..79aa5b5 100644
--- a/compose.yml
+++ b/compose.yml
@@ -33,6 +33,7 @@ services:
       - HUGO_GIT_URL
       - HUGO_PUBLIC_DIR=/usr/share/nginx/website
       - HUGO_WORKING_DIR=/root/website
+      - PRIVATE_ENABLED
       - WHD_SCRIPTS=/root/scripts
     command: webhookd
     entrypoint: /entrypoint.sh