diff --git a/.gitea/workflows/deploy_staging.yaml b/.gitea/workflows/deploy_staging.yaml
index 604559a..02dac57 100644
--- a/.gitea/workflows/deploy_staging.yaml
+++ b/.gitea/workflows/deploy_staging.yaml
@@ -99,7 +99,32 @@ jobs:
           DOCKER_HOST: tcp://${{ secrets.SWARM_MANAGER_HOST }}:2376
           DOCKER_TLS_VERIFY: 1
           DOCKER_CERT_PATH: /tmp/swarm-certs
+
+          KEYCLOAK_BASE_URL: ${{ secrets.KEYCLOAK_BASE_URL }}
+          KEYCLOAK_REALM: ${{ secrets.KEYCLOAK_REALM }}
+          KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_CLIENT_ID }}
+          KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_CLIENT_SECRET }}
+
+          BROKER_HOST: ${{ secrets.BROKER_HOST }}
+          BROKER_PORT: ${{ secrets.BROKER_PORT }}
+          BROKER_USERNAME: ${{ secrets.BROKER_USERNAME }}
+          BROKER_PASSWORD: ${{ secrets.BROKER_PASSWORD }}
+
+          SHORTENER_SECRET_KEY: ${{ secrets.SHORTENER_SECRET_KEY }}
+
+          CACHE_ADDRS: ${{ secrets.CACHE_ADDRS }}
+          CACHE_PASSWORD: ${{ secrets.CACHE_PASSWORD }}
+
+          DB_HOSTS: ${{ secrets.DB_HOSTS }}
+          DB_PORT: ${{ secrets.DB_PORT }}
+          DB_USERNAME: ${{ secrets.DB_STG_USERNAME }}
+          DB_PASSWORD: ${{ secrets.DB_STG_PASSWORD }}
+          DB_DBNAME: ${{ secrets.DB_DBNAME }}
+
+          INTEGRATION_VKUSVILL_API_TOKEN: ${{ secrets.INTEGRATION_VKUSVILL_API_TOKEN }}
         run: |
+          envsubst < docker-compose.staging.yaml > docker-compose.runtime.yaml
+
           if [ "${{ inputs.version }}" == "latest" ]; then
             VERSION="latest"
           else
@@ -115,12 +140,9 @@ jobs:
           echo "${{ secrets.SWARM_KEY_PEM }}" > /tmp/swarm-certs/key.pem
           chmod 600 /tmp/swarm-certs/*.pem
 
-          ls -la /tmp/swarm-certs/
-          head -n 1 /tmp/swarm-certs/ca.pem
-
           docker stack deploy \
             --with-registry-auth \
-            -c docker-compose.staging.yaml \
+            -c docker-compose.runtime.yaml \
             ${{ env.STACK_NAME }}
 
       - name: Post-deploy
diff --git a/docker-compose.staging.yaml b/docker-compose.staging.yaml
index d238f19..d264b61 100644
--- a/docker-compose.staging.yaml
+++ b/docker-compose.staging.yaml
@@ -5,6 +5,29 @@ services:
     image: molvaapp/api_gateway:${VERSION:-latest}
     ports:
       - "8001:8000"
+    environment:
+      KEYCLOAK_BASE_URL: ${KEYCLOAK_BASE_URL}
+      KEYCLOAK_REALM: ${KEYCLOAK_REALM}
+      KEYCLOAK_CLIENT_ID: ${KEYCLOAK_CLIENT_ID}
+      KEYCLOAK_CLIENT_SECRET: ${KEYCLOAK_CLIENT_SECRET}
+
+      BROKER_HOST: ${BROKER_HOST}
+      BROKER_PORT: ${BROKER_PORT}
+      BROKER_USERNAME: ${BROKER_USERNAME}
+      BROKER_PASSWORD: ${BROKER_PASSWORD}
+
+      SHORTENER_SECRET_KEY: ${SHORTENER_SECRET_KEY}
+
+      CACHE_ADDRS: ${CACHE_ADDRS}
+      CACHE_PASSWORD: ${CACHE_PASSWORD}
+
+      DB_HOSTS: ${DB_HOSTS}
+      DB_PORT: ${DB_PORT}
+      DB_USERNAME: ${DB_USERNAME}
+      DB_PASSWORD: ${DB_PASSWORD}
+      DB_DBNAME: ${DB_DBNAME}
+
+      INTEGRATION_VKUSVILL_API_TOKEN: ${INTEGRATION_VKUSVILL_API_TOKEN}
     volumes:
       - /opt/molva:/opt/molva
       - /opt/molva/object_storage/credentials:/root/.aws/credentials:ro