diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
index 38789d4..446518a 100644
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -15,6 +15,8 @@ jobs:
           host: 172.17.0.1
           username: root
           key: ${{ secrets.SSH_PRIVATE_KEY }}
+          # Wir übergeben die Secrets als Environment-Variablen an den SSH-Befehl
+          envs: DB_USER,DB_PASSWORD
           script: |
             mkdir -p /root/docker-files/trading-daemon
             cd /root/docker-files/trading-daemon
@@ -26,7 +28,14 @@ jobs:
               git pull origin main
             fi
             
+            # .env Datei erstellen für Docker-Compose
+            echo "DB_USER=${DB_USER}" > .env
+            echo "DB_PASSWORD=${DB_PASSWORD}" >> .env
+            
             # Docker Container neu bauen und starten
             docker-compose up -d --build
             
-            echo "Deployment abgeschlossen. Container laufen."
+            echo "Deployment abgeschlossen. Container laufen mit Passwortschutz."
+        env:
+          DB_USER: ${{ secrets.DB_USER }}
+          DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
diff --git a/docker-compose.yml b/docker-compose.yml
index e612ed4..82a65b0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,13 @@ services:
     volumes:
       - questdb_data:/root/.questdb
     restart: always
+    environment:
+      - QDB_HTTP_AUTH_ENABLED=true
+      - QDB_HTTP_USER=${DB_USER:-admin}
+      - QDB_HTTP_PASSWORD=${DB_PASSWORD:-quest}
+      # ILP Auth (optional, but good for consistency)
+      - QDB_PG_USER=${DB_USER:-admin}
+      - QDB_PG_PASSWORD=${DB_PASSWORD:-quest}
 
   fetcher:
     build: .
@@ -20,6 +27,8 @@ services:
     restart: always
     environment:
       - PYTHONUNBUFFERED=1
+      - DB_USER=${DB_USER:-admin}
+      - DB_PASSWORD=${DB_PASSWORD:-quest}
 
 volumes:
   questdb_data: