diff --git a/backupbot.py b/backupbot.py
index 0b0e0a6..c37de72 100755
--- a/backupbot.py
+++ b/backupbot.py
@@ -42,7 +42,7 @@ sys.excepthook = handle_exception
 @click.option('-l', '--log', 'loglevel')
 @click.option('-m', '--machine-logs', 'machine_logs', is_flag=True)
 @click.option('service', '--host', '-h', envvar='SERVICE')
-@click.option('repository', '--repo', '-r', envvar='RESTIC_REPOSITORY', required=True)
+@click.option('repository', '--repo', '-r', envvar='RESTIC_REPOSITORY')
 def cli(loglevel, service, repository, machine_logs):
     global SERVICE
     if service:
@@ -87,7 +87,11 @@ def export_secrets():
             with open(os.environ[env]) as file:
                 secret = file.read()
                 os.environ[env.removesuffix('_FILE')] = secret
-                # logger.debug(f"Read secret value: {secret}")
+
+            if env == 'RESTIC_REPOSITORY_FILE':
+                # RESTIC_REPOSITORY_FILE and RESTIC_REPOSITORY are mutually exclusive
+                logger.info("RESTIC_REPOSITORY set to RESTIC_REPOSITORY_FILE. Unsetting RESTIC_REPOSITORY_FILE.")
+                del os.environ['RESTIC_REPOSITORY_FILE']
 
 
 @cli.command()
diff --git a/compose.yaml b/compose.yaml
index 1c3c3d2..e1d5dca 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -8,8 +8,10 @@ services:
     environment:
       - CRON_SCHEDULE
       - RESTIC_REPOSITORY_FILE=/run/secrets/restic_repo
+      - RESTIC_PASSWORD_FILE=/run/secrets/restic_password
     secrets:
       - restic_repo
+      - restic_password
     configs:
       - source: entrypoint
         target: /entrypoint.sh
@@ -29,6 +31,9 @@ secrets:
   restic_repo:
     external: true
     name: ${STACK_NAME}_restic_repo
+  restic_password:
+    external: true
+    name: ${STACK_NAME}_restic_password
 
 configs:
   entrypoint: