diff --git a/docker-compose.yml b/docker-compose.yml
index 51fafb2..a6cc535 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,4 @@
-version: '2'
+version: "3.9"
 services:
   onlyoffice-documentserver:
     build:
@@ -31,6 +31,11 @@ services:
        - /var/lib/onlyoffice/documentserver/App_Data/cache/files
        - /var/www/onlyoffice/documentserver-example/public/files
        - /usr/share/fonts
+    secrets:
+      - db_username
+      - db_password
+      - jwt_secret
+      - jwt_header
        
   onlyoffice-rabbitmq:
     container_name: onlyoffice-rabbitmq
@@ -46,11 +51,26 @@ services:
       - POSTGRES_DB=onlyoffice
       - POSTGRES_USER=onlyoffice
       - POSTGRES_HOST_AUTH_METHOD=trust
+      #- POSTGRES_USER_FILE=/run/secrets/db_username
+      #- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
     restart: always
     expose:
       - '5432'
     volumes:
       - postgresql_data:/var/lib/postgresql
+    secrets:
+      - db_username
+      - db_password
+
+secrets:
+   db_username:
+     file: db_username.txt
+   db_password:
+     file: db_password.txt
+   jwt_secret:
+     file: jwt_secret.txt
+   jwt_header:
+     file: jwt_header.txt
 
 volumes:
   postgresql_data:
diff --git a/run-document-server.sh b/run-document-server.sh
index cfba7a0..2e6a1fd 100755
--- a/run-document-server.sh
+++ b/run-document-server.sh
@@ -19,6 +19,7 @@ LIB_DIR="/var/lib/${COMPANY_NAME}"
 DS_LIB_DIR="${LIB_DIR}/documentserver"
 CONF_DIR="/etc/${COMPANY_NAME}/documentserver"
 IS_UPGRADE="false"
+SECRETS_PATH="/run/secrets/"
 
 ONLYOFFICE_DATA_CONTAINER=${ONLYOFFICE_DATA_CONTAINER:-false}
 ONLYOFFICE_DATA_CONTAINER_HOST=${ONLYOFFICE_DATA_CONTAINER_HOST:-localhost}
@@ -86,6 +87,14 @@ JWT_SECRET=${JWT_SECRET:-secret}
 JWT_HEADER=${JWT_HEADER:-Authorization}
 JWT_IN_BODY=${JWT_IN_BODY:-false}
 
+if [ -s ${SECRETS_PATH}/jwt_secret.txt ]; then
+  JWT_SECRET=$( cat ${SECRETS_PATH}/jwt_secret.txt )
+fi
+
+if [ -s ${SECRETS_PATH}/jwt_header.txt ]; then
+  JWT_HEADER=$( cat ${SECRETS_PATH}/jwt_header.txt ) 
+fi
+
 WOPI_ENABLED=${WOPI_ENABLED:-false}
 
 GENERATE_FONTS=${GENERATE_FONTS:-true}
@@ -252,6 +261,18 @@ update_db_settings(){
   ${JSON} -I -e "this.services.CoAuthoring.sql.dbName = '${DB_NAME}'"
   ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${DB_USER}'"
   ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${DB_PWD}'"
+
+  # update db credentials if secrets present
+  
+  if [ -s ${SECRETS_PATH}/db_username.txt ]; then
+    SECRET_DB_USER=$( cat ${SECRETS_PATH}/db_username.txt )
+    ${JSON} -I -e "this.services.CoAuthoring.sql.dbUser = '${SECRET_DB_USER}'"
+  fi
+
+  if [ -s ${SECRETS_PATH}/db_password.txt ]; then
+    SECRET_DB_PWD=$( cat {SECRETS_PATH}/db_password.txt )
+    ${JSON} -I -e "this.services.CoAuthoring.sql.dbPass = '${SECRET_DB_PWD}'"
+  fi
 }
 
 update_rabbitmq_setting(){