diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 55c0b92..bb3a46c 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -32,6 +32,14 @@ env:
   
   # Application configuration
   DATABASE_DSN: ${{ secrets.DATABASE_DSN }}
+  JWT_SECRET: ${{ secrets.JWT_SECRET }}
+  JWT_ISSUER: ${{ secrets.JWT_ISSUER }}
+  JWT_EXPIRES_IN: ${{ secrets.JWT_EXPIRES_IN }}
+  STEAM_CALLBACK_URL: ${{ secrets.STEAM_CALLBACK_URL }}
+  STEAM_FRONTEND_CALLBACK_URL: ${{ secrets.STEAM_FRONTEND_CALLBACK_URL }}
+  REDIS_HOST: ${{ secrets.REDIS_HOST }}
+  REDIS_TYPE: ${{ secrets.REDIS_TYPE }}
+  REDIS_PASS: ${{ secrets.REDIS_PASS }}
 
 jobs:
   deploy:
@@ -59,6 +67,7 @@ jobs:
           echo "**Namespace:** \`${KUBERNETES_NAMESPACE}\`" >> $GITHUB_STEP_SUMMARY
           echo "**Image:** \`${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}\`" >> $GITHUB_STEP_SUMMARY
           echo "**Database:** Connected" >> $GITHUB_STEP_SUMMARY
+          echo "**Redis:** Connected" >> $GITHUB_STEP_SUMMARY
           echo "**URL:** http://${KUBERNETES_INGRESS_HOST}" >> $GITHUB_STEP_SUMMARY
           echo "" >> $GITHUB_STEP_SUMMARY
           echo "---" >> $GITHUB_STEP_SUMMARY
diff --git a/app/authenticator.go b/app/authenticator.go
index f7f1721..7cfa521 100644
--- a/app/authenticator.go
+++ b/app/authenticator.go
@@ -18,7 +18,7 @@ func main() {
 	flag.Parse()
 
 	var c config.Config
-	conf.MustLoad(*configFile, &c)
+	conf.MustLoad(*configFile, &c, conf.UseEnv())
 
 	server := rest.MustNewServer(c.RestConf)
 	defer server.Stop()
diff --git a/app/etc/authenticator.yaml b/app/etc/authenticator.yaml
index 58e0363..0856df7 100644
--- a/app/etc/authenticator.yaml
+++ b/app/etc/authenticator.yaml
@@ -3,15 +3,15 @@ Host: 0.0.0.0
 Port: 8888
 
 Steam:
-  CallbackURL: https://www.cialloo.com/api/authenticator/steam/callback
-  FrontendCallbackURL: https://www.cialloo.com/auth/callback
+  CallbackURL: "${STEAM_CALLBACK_URL}"
+  FrontendCallbackURL: "${STEAM_FRONTEND_CALLBACK_URL}"
 
 JWT:
-  Secret: your-secret-key-change-in-production
-  Issuer: cialloo-authenticator
-  ExpiresIn: 604800  # 7 days in seconds
+  Secret: "${JWT_SECRET}"
+  Issuer: "${JWT_ISSUER}"
+  ExpiresIn: ${JWT_EXPIRES_IN}
 
 Redis:
-  Host: redis.production.svc.cluster.local:6379
-  Type: node
-  Pass: ""
+  Host: "${REDIS_HOST}"
+  Type: "${REDIS_TYPE}"
+  Pass: "${REDIS_PASS}"
diff --git a/script/cd.sh b/script/cd.sh
index e11c8bf..59b67eb 100644
--- a/script/cd.sh
+++ b/script/cd.sh
@@ -24,6 +24,14 @@ CONTAINER_IMAGE_TAG="${CONTAINER_IMAGE_TAG:-latest}"
 
 # Application Configuration
 DATABASE_DSN="${DATABASE_DSN:-postgres://postgres:password@localhost:5432/steam_union?sslmode=disable}"
+JWT_SECRET="${JWT_SECRET:-your-secret-key-change-in-production}"
+JWT_ISSUER="${JWT_ISSUER:-cialloo-authenticator}"
+JWT_EXPIRES_IN="${JWT_EXPIRES_IN:-604800}"
+STEAM_CALLBACK_URL="${STEAM_CALLBACK_URL:-https://www.cialloo.com/api/authenticator/steam/callback}"
+STEAM_FRONTEND_CALLBACK_URL="${STEAM_FRONTEND_CALLBACK_URL:-https://www.cialloo.com/auth/callback}"
+REDIS_HOST="${REDIS_HOST:-redis.production.svc.cluster.local:6379}"
+REDIS_TYPE="${REDIS_TYPE:-node}"
+REDIS_PASS="${REDIS_PASS:-}"
 FORCE_RESTART="${FORCE_RESTART:-true}"
 
 # =============================================================================
@@ -46,6 +54,14 @@ print_help() {
     echo "  CONTAINER_IMAGE_NAME         Image name (default: authenticator)"
     echo "  CONTAINER_IMAGE_TAG          Image tag (default: latest)"
     echo "  DATABASE_DSN                 Database connection string"
+    echo "  JWT_SECRET                   JWT secret key"
+    echo "  JWT_ISSUER                   JWT issuer"
+    echo "  JWT_EXPIRES_IN               JWT expiration time in seconds"
+    echo "  STEAM_CALLBACK_URL           Steam OAuth callback URL"
+    echo "  STEAM_FRONTEND_CALLBACK_URL  Frontend callback URL after auth"
+    echo "  REDIS_HOST                   Redis host and port"
+    echo "  REDIS_TYPE                   Redis type (node/cluster)"
+    echo "  REDIS_PASS                   Redis password"
     echo "  FORCE_RESTART                Force rollout restart (default: true)"
     echo ""
     echo "Commands:"
@@ -98,6 +114,20 @@ create_image_pull_secret() {
     echo "✓ Image pull secret created/updated"
 }
 
+# Create or update application secrets
+create_app_secrets() {
+    echo "Creating application secrets..."
+    
+    kubectl create secret generic authenticator-secrets \
+        --from-literal=database-dsn="${DATABASE_DSN}" \
+        --from-literal=jwt-secret="${JWT_SECRET}" \
+        --from-literal=redis-pass="${REDIS_PASS}" \
+        --namespace="${KUBERNETES_NAMESPACE}" \
+        --dry-run=client -o yaml | kubectl apply -f -
+    
+    echo "✓ Application secrets created/updated"
+}
+
 # Deploy to Kubernetes
 deploy_to_kubernetes() {
     FULL_IMAGE_NAME="${CONTAINER_REGISTRY_URL}/${CONTAINER_REGISTRY_NAMESPACE}/${CONTAINER_IMAGE_NAME}:${CONTAINER_IMAGE_TAG}"
@@ -120,14 +150,27 @@ deploy_to_kubernetes() {
     # Create image pull secret
     create_image_pull_secret || return 1
     
+    # Create application secrets
+    create_app_secrets || return 1
+    
     # Apply Kubernetes manifests with variable substitution
     echo "Applying Kubernetes manifests..."
     
     export FULL_IMAGE_NAME
     export KUBERNETES_NAMESPACE
     export KUBERNETES_INGRESS_HOST
+    export KUBERNETES_DEPLOYMENT_REPLICAS
     export CONTAINER_IMAGE_NAME
+    export CONTAINER_REGISTRY_URL
+    export CONTAINER_REGISTRY_NAMESPACE
+    export CONTAINER_IMAGE_TAG
     export DATABASE_DSN
+    export JWT_ISSUER
+    export JWT_EXPIRES_IN
+    export STEAM_CALLBACK_URL
+    export STEAM_FRONTEND_CALLBACK_URL
+    export REDIS_HOST
+    export REDIS_TYPE
     
     for file in script/k8s/*.yaml; do
         echo "Applying: $(basename $file)"
diff --git a/script/k8s/deployment.yaml b/script/k8s/deployment.yaml
index b58e12c..2ffb5b7 100644
--- a/script/k8s/deployment.yaml
+++ b/script/k8s/deployment.yaml
@@ -61,4 +61,29 @@ spec:
             - name: TZ
               value: "UTC"
             - name: DATABASE_DSN
-              value: "${DATABASE_DSN}"
\ No newline at end of file
+              valueFrom:
+                secretKeyRef:
+                  name: authenticator-secrets
+                  key: database-dsn
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: authenticator-secrets
+                  key: jwt-secret
+            - name: JWT_ISSUER
+              value: "${JWT_ISSUER}"
+            - name: JWT_EXPIRES_IN
+              value: "${JWT_EXPIRES_IN}"
+            - name: STEAM_CALLBACK_URL
+              value: "${STEAM_CALLBACK_URL}"
+            - name: STEAM_FRONTEND_CALLBACK_URL
+              value: "${STEAM_FRONTEND_CALLBACK_URL}"
+            - name: REDIS_HOST
+              value: "${REDIS_HOST}"
+            - name: REDIS_TYPE
+              value: "${REDIS_TYPE}"
+            - name: REDIS_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: authenticator-secrets
+                  key: redis-pass
\ No newline at end of file