diff --git a/.gitignore b/.gitignore
index 8820971..e36a4b4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,6 @@
 .env
 .env.public
 .env.private
+.callback_uri
+.client_id
+.client_secret
diff --git a/app/main.py b/app/main.py
index 2bd434f..4aac41b 100644
--- a/app/main.py
+++ b/app/main.py
@@ -1,5 +1,4 @@
 from collections import OrderedDict
-from dotenv import load_dotenv
 from fastapi import FastAPI, Query, Request, Response, status
 from fastapi.responses import RedirectResponse
 from uuid import uuid4
@@ -10,15 +9,14 @@ import os
 
 UUIDPattern = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
 UUIDQuery = Query(min_length=36, max_length=36, pattern=f"^{UUIDPattern}$")
-load_dotenv()
-client_id = os.environ['MONZO_CLIENT_ID']
-client_secret = os.environ['MONZO_CLIENT_SECRET']
-callback_uri = os.environ['MONZO_CALLBACK_URI']
+with open('/run/secrets/monzo-api_client-id') as file: client_id = file.read().rstrip()
+with open('/run/secrets/monzo-api_client-secret') as file: client_secret = file.read().rstrip()
+with open('/run/secrets/monzo-api_callback-uri') as file: callback_uri = file.read().rstrip()
 
 app = FastAPI(root_path='/monzo')
 
 @app.get('/')
-def read_root(): return {'version': 'v0.0.9'}
+def read_root(): return {'version': 'v0.0.10'}
 
 
 @app.get('/redirect', response_class=RedirectResponse)
@@ -29,15 +27,15 @@ def read_redirect(res: Response):
         client_id=client_id,
         redirect_uri=callback_uri,
         state=state,
-        response_type="code",
+        response_type='code',
     ))
-    res.set_cookie(key="monzo-api:state", value=state)
+    res.set_cookie(key='monzo-api:state', value=state)
     return f"https://auth.monzo.com/?{query}"
 
 
 @app.get('/callback')
 def read_callback(code: str, state: Annotated[str, UUIDQuery], req: Request, res: Response):
-    stored_state = req.cookies['monzo-api:state']
+    stored_state = req.cookies["monzo-api:state"]
     if (state != stored_state):
         res.status_code = status.HTTP_400_BAD_REQUEST
         return { 'error': True, 'data': f"Callback state '{state}' does not match stored state '{stored_state}'." }
@@ -51,5 +49,5 @@ def read_callback(code: str, state: Annotated[str, UUIDQuery], req: Request, res
         'redirect_uri': callback_uri,
         'code': code,
     }
-    token = requests.post("https://api.monzo.com/oauth2/token", data=data)
+    token = requests.post('https://api.monzo.com/oauth2/token', data=data)
     return { 'error': False, 'data': token.json() }
diff --git a/compose.yml b/compose.yml
index fa9c0e4..224f464 100644
--- a/compose.yml
+++ b/compose.yml
@@ -1,11 +1,8 @@
 services:
   monzo-api:
-    image: git.wnd.sh/n/monzo-api:v0.0.9
+    image: git.wnd.sh/n/monzo-api:v0.0.10
     networks: [traefik-public]
-    environment:
-      - MONZO_CALLBACK_URI=https://api.wnd.sh/monzo/callback
-      - MONZO_CLIENT_ID=oauth2client_0000AtdcjWWYX35lpL2REI
-      - MONZO_CLIENT_SECRET=mnzconf.K78nqT+k2QKOlR6oSoF6CHLLSMII9SqWxg5smZfc5wgWDGH94HO1h338SEOFCH8rSy6EDKDtgFvA8qnkiQhpFA==
+    secrets: [monzo-api_client-id, monzo-api_client-secret, monzo-api_callback-uri]
     deploy:
       labels:
         - traefik.enable=true
@@ -25,3 +22,11 @@ services:
 networks:
   traefik-public:
     external: true
+
+secrets:
+  monzo-api_client-id:
+    external: true
+  monzo-api_client-secret:
+    external: true
+  monzo-api_callback-uri:
+    external: true