diff --git a/services/miniflux.yml b/services/miniflux.yml
index 5416cc9..dffaf7f 100644
--- a/services/miniflux.yml
+++ b/services/miniflux.yml
@@ -1,4 +1,10 @@
 ---
+secrets:
+  miniflux_oauth2_client_id:
+    file: ../secrets/miniflux_oauth2_client_id
+  miniflux_oauth2_client_secret:
+    file: ../secrets/miniflux_oauth2_client_secret
+
 services:
   miniflux:
     image: miniflux/miniflux:2.2.14
@@ -12,6 +18,10 @@ services:
     labels:
       caddy: miniflux.${DOMAIN}
       caddy.reverse_proxy: "{{ upstreams 8080 }}"
+    secrets:
+      - miniflux_postgres_connection
+      - miniflux_oauth2_client_id
+      - miniflux_oauth2_client_secret
     environment:
       - BASE_URL=https://miniflux.${DOMAIN}
       - DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/miniflux?sslmode=disable
@@ -20,10 +30,10 @@ services:
       - CLEANUP_ARCHIVE_UNREAD_DAYS=-1 # never remove unread entries
       - DISABLE_LOCAL_AUTH=TRUE
       - OAUTH2_PROVIDER=oidc
-      - OAUTH2_CLIENT_ID=d5xw7cfDe2kyHEfKSRZgz52nF8dNPDBkTrtuTRgU
-      - OAUTH2_CLIENT_SECRET=27AhETfbXSMKRDstKGutbDe1Ohz4G2damu9OIuSozNhAf2uFBMlWPmtytpoqIl6kGFeNPLp6dVZ62YHC2MaSxNuR5JfQFbMRxvn1QFNg9ke3b5JiKogRWlzAktFp0fGb
-      - OAUTH2_REDIRECT_URL=https://miniflux.kucharczyk.xyz/oauth2/oidc/callback
-      - OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://authentik.kucharczyk.xyz/application/o/miniflux/
+      - OAUTH2_CLIENT_ID_FILE=/run/secrets/miniflux_oauth2_client_id
+      - OAUTH2_CLIENT_SECRET_FILE=/run/secrets/miniflux_oauth2_client_secret
+      - OAUTH2_REDIRECT_URL=https://miniflux.${DOMAIN}/oauth2/oidc/callback
+      - OAUTH2_OIDC_DISCOVERY_ENDPOINT=https://authentik.${DOMAIN}/application/o/miniflux/
       - OAUTH2_USER_CREATION=1
       - OAUTH2_OIDC_PROVIDER_NAME=authentik
     restart: unless-stopped