diff --git a/.gitignore b/.gitignore
index 0b4d5a0..e37b086 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,3 +23,4 @@ rebar3.crashdump
 /.tool-versions
 /rebar.lock
 /build/
+docker/.env
\ No newline at end of file
diff --git a/Makefile b/Makefile
index efed701..e6013b1 100644
--- a/Makefile
+++ b/Makefile
@@ -253,7 +253,7 @@ docker-shell: ## Зайти в Docker контейнер
 
 docker-compose-up: ## Запустить кластер (3 ноды)
 	@echo "Запуск кластера EventHub (3 ноды)..."
-	@docker-compose -f docker/docker-compose.yml up -d
+	@docker-compose -f docker/docker-compose.yml --env-file docker/.env up -d
 	@echo "✅ Кластер запущен"
 	@echo "Node 1: http://localhost:8080"
 	@echo "Node 2: http://localhost:8082"
@@ -261,11 +261,11 @@ docker-compose-up: ## Запустить кластер (3 ноды)
 
 docker-compose-down: ## Остановить кластер
 	@echo "Остановка кластера..."
-	@docker-compose -f docker/docker-compose.yml down
+	@docker-compose -f docker/docker-compose.yml --env-file docker/.env down
 	@echo "✅ Кластер остановлен"
 
 docker-compose-logs: ## Показать логи кластера
-	@docker-compose -f docker/docker-compose.yml logs -f
+	@docker-compose -f docker/docker-compose.yml --env-file docker/.env logs -f
 
 docker-clean: docker-stop ## Очистить Docker образы и volumes
 	@docker rmi eventhub:latest 2>/dev/null || true
diff --git a/docker/.env.example b/docker/.env.example
new file mode 100644
index 0000000..e97d064
--- /dev/null
+++ b/docker/.env.example
@@ -0,0 +1,4 @@
+# .env.example — закоммитьте этот файл, а реальный .env держите в .gitignore
+RELEASE_COOKIE=ваш-очень-длинный-секретный-куки
+GRAFANA_ADMIN_PASSWORD=сложный-уникальный-пароль
+JWT_SECRET=суперсекрет
\ No newline at end of file
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 6959196..a7d2570 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -16,7 +16,8 @@ services:
       - ADMIN_HTTP_PORT=8445
       - ADMIN_WS_PORT=8446
       - MNESIA_DIR=/app/data
-      - RELEASE_COOKIE=eventhub_cookie
+      - RELEASE_COOKIE=${RELEASE_COOKIE}
+      - JWT_SECRET=${JWT_SECRET}
     volumes:
       - eventhub-node1-data:/app/data
     networks:
@@ -40,7 +41,8 @@ services:
       - ADMIN_HTTP_PORT=8445
       - ADMIN_WS_PORT=8446
       - MNESIA_DIR=/app/data
-      - RELEASE_COOKIE=eventhub_cookie
+      - RELEASE_COOKIE=${RELEASE_COOKIE}
+      - JWT_SECRET=${JWT_SECRET}
       - JOIN_NODES=eventhub-node1@eventhub-node1
     volumes:
       - eventhub-node2-data:/app/data
@@ -67,7 +69,8 @@ services:
       - ADMIN_HTTP_PORT=8445
       - ADMIN_WS_PORT=8446
       - MNESIA_DIR=/app/data
-      - RELEASE_COOKIE=eventhub_cookie
+      - RELEASE_COOKIE=${RELEASE_COOKIE}
+      - JWT_SECRET=${JWT_SECRET}
       - JOIN_NODES=eventhub-node1@eventhub-node1
     volumes:
       - eventhub-node3-data:/app/data
@@ -85,7 +88,7 @@ services:
     ports:
       - "4000:4000"
     environment:
-      - RELEASE_COOKIE=eventhub_cookie
+      - RELEASE_COOKIE=${RELEASE_COOKIE}
     networks:
       - eventhub-net
     restart: unless-stopped
@@ -114,7 +117,7 @@ services:
       - "3000:3000"
     environment:
       - GF_SECURITY_ADMIN_USER=admin
-      - GF_SECURITY_ADMIN_PASSWORD=zxs45gvHB
+      - GF_SECURITY_ADMIN_PASSWORD=${GRAFANA_ADMIN_PASSWORD}
     volumes:
       - grafana-data:/var/lib/grafana
       - ./grafana/provisioning:/etc/grafana/provisioning