diff --git a/config.json b/config.json
index b0bf702..869c0f2 100644
--- a/config.json
+++ b/config.json
@@ -9,11 +9,9 @@
       "keycloak": {
         "url": "https://auth.tombutcher.work",
         "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
       },
-      "requiredRoles": [],
-      "sessionSecret": "n00Dl3s23!"
+      "requiredRoles": []
     },
     "app": {
       "urlClient": "http://localhost:3000",
@@ -60,11 +58,9 @@
       "keycloak": {
         "url": "https://auth.tombutcher.work",
         "realm": "master",
-        "clientId": "farmcontrol-client",
-        "clientSecret": "GPyh59xctRX83yfKWb83ShK6VEwHIvLF"
+        "clientId": "farmcontrol-client"
       },
-      "requiredRoles": [],
-      "sessionSecret": "n00Dl3s23!"
+      "requiredRoles": []
     },
     "app": {
       "urlClient": "http://localhost:3000",
diff --git a/src/keycloak.js b/src/keycloak.js
index 9af3ee9..f2ef99f 100644
--- a/src/keycloak.js
+++ b/src/keycloak.js
@@ -2,7 +2,7 @@ import Keycloak from 'keycloak-connect';
 import session from 'express-session';
 import config, { getEnvironment } from './config.js';
 import axios from 'axios';
-import jwt from 'jsonwebtoken';
+import dotenv from 'dotenv';
 import log4js from 'log4js';
 import NodeCache from 'node-cache';
 import { userModel } from './database/schemas/management/user.schema.js';
@@ -12,6 +12,8 @@ import { hostModel } from './database/schemas/management/host.schema.js';
 const logger = log4js.getLogger('Keycloak');
 logger.level = config.server.logLevel || 'info';
 
+dotenv.config();
+
 // Initialize NodeCache with 5-minute TTL
 const userCache = new NodeCache({ stdTTL: 300 }); // 300 seconds = 5 minutes
 
@@ -65,14 +67,14 @@ const keycloakConfig = {
   'use-resource-role-mappings': true,
   'verify-token-audience': true,
   credentials: {
-    secret: config.auth.keycloak.clientSecret,
+    secret: process.env.KEYCLOAK_CLIENT_SECRET,
   },
 };
 
 const memoryStore = new session.MemoryStore();
 
 var expressSession = session({
-  secret: config.auth.sessionSecret,
+  secret: process.env.SESSION_SECRET || 'n00Dl3s23!',
   resave: false,
   saveUninitialized: true, // Set this to true to ensure session is initialized
   store: memoryStore,
@@ -98,7 +100,7 @@ const isAuthenticated = async (req, res, next) => {
         new URLSearchParams({
           token: token,
           client_id: config.auth.keycloak.clientId,
-          client_secret: config.auth.keycloak.clientSecret,
+          client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
         }),
         {
           headers: {
diff --git a/src/services/misc/auth.js b/src/services/misc/auth.js
index 61af332..4107e31 100644
--- a/src/services/misc/auth.js
+++ b/src/services/misc/auth.js
@@ -104,7 +104,7 @@ const fetchAndStoreUser = async (req, token) => {
       userInfoUrl,
       new URLSearchParams({
         client_id: config.auth.keycloak.clientId,
-        client_secret: config.auth.keycloak.clientSecret,
+        client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
       }),
       {
         headers: {
@@ -161,7 +161,7 @@ export const loginTokenRouteHandler = async (req, res, redirectType = 'web') =>
         new URLSearchParams({
           grant_type: 'authorization_code',
           client_id: config.auth.keycloak.clientId,
-          client_secret: config.auth.keycloak.clientSecret,
+          client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
           code: code,
           redirect_uri: callbackUrl,
         }).toString(),
@@ -401,7 +401,7 @@ export const refreshTokenRouteHandler = (req, res) => {
       new URLSearchParams({
         grant_type: 'refresh_token',
         client_id: config.auth.keycloak.clientId,
-        client_secret: config.auth.keycloak.clientSecret,
+        client_secret: process.env.KEYCLOAK_CLIENT_SECRET,
         refresh_token: refreshToken,
       }).toString(),
       {