diff --git a/docker-compose/postgres/.gitignore b/docker-compose/postgres/.gitignore
new file mode 100644
index 0000000..6e39f8f
--- /dev/null
+++ b/docker-compose/postgres/.gitignore
@@ -0,0 +1 @@
+secret.*
diff --git a/docker-compose/postgres/docker-compose.yaml b/docker-compose/postgres/docker-compose.yaml
index 59f2614..2d6a9a6 100644
--- a/docker-compose/postgres/docker-compose.yaml
+++ b/docker-compose/postgres/docker-compose.yaml
@@ -6,7 +6,7 @@ services:
     image: docker.io/library/postgres:16.2
     environment:
       - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - POSTGRES_PASSWORD_FILE=/run/secrets/postgres_password
       # (Optional) when creating a new database
       # - POSTGRES_DB=${POSTGRES_DB}
     ports:
@@ -16,6 +16,8 @@ services:
     #
     # networks:
     #   - yournetwork
+    secrets:
+      - postgres_password
     volumes:
       - postgres_data:/var/lib/postgresql/data
     restart: unless-stopped
@@ -27,6 +29,10 @@ services:
 #   yournetwork:
 #     external: true
 
+secrets:
+  postgres_password:
+    file: secret.postgres_password.txt
+
 volumes:
   postgres_data:
     driver: local