diff --git a/modules/server/containers/defs/authentik.nix b/modules/server/containers/defs/authentik.nix
index ae5d7c9..7790a35 100644
--- a/modules/server/containers/defs/authentik.nix
+++ b/modules/server/containers/defs/authentik.nix
@@ -14,16 +14,16 @@ in {
         "${serverCfg.dataPath}/authentik/media:/media"
         "${serverCfg.dataPath}/authentik/templates:/templates"
       ];
+      environmentFiles = [
+        config.sops.secrets."AUTHENTIK".path
+      ];
       environment = {
         "AUTHENTIK_POSTGRESQL__HOST" = "host.internal";
         "AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
         "AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
-        "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
-        "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
         "AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
         "AUTHENTIK_EMAIL__PORT" = "587";
         "AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
-        "AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD";
         "AUTHENTIK_EMAIL__USE_TLS" = "true";
         "AUTHENTIK_EMAIL__USE_SSL" = "false";
         "AUTHENTIK_EMAIL__TIMEOUT" = "10";
@@ -55,14 +55,16 @@ in {
         "/var/run/docker.sock:/var/run/docker.sock"
       ];
       environmentFiles = [
-        config.sops.secrets."authentik_pass".path
+        config.sops.secrets."AUTHENTIK".path
       ];
       environment = {
         "AUTHENTIK_POSTGRESQL__HOST" = "host.internal";
         "AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
         "AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
-        "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
       };
+      extraOptions = [
+        "--add-host=host.internal:host-gateway"
+      ];
       cmd = [ "worker" ];
     };
   };
diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix
index 3d03418..6a61c66 100644
--- a/modules/server/database/default.nix
+++ b/modules/server/database/default.nix
@@ -60,8 +60,8 @@ in {
           done
           $PSQL -tAc "ALTER DATABASE ${name}_db OWNER TO ${name}_user;"
           
-          if [ -f "${config.sops.secrets."${name}_pass".path}" ]; then
-            PASS=''$(cut -d'=' -f2- "${config.sops.secrets."${name}_pass".path}")
+          if [ -f "${config.sops.secrets."${lib.toUpper name}".path}" ]; then
+            PASS=''$(grep "^DB_PASSWORD=" "${config.sops.secrets."${lib.toUpper name}".path}" | cut -d'=' -f2-)
             $PSQL -tAc "ALTER USER ${name}_user WITH PASSWORD '$PASS';"
           fi
         '') allApps}
diff --git a/modules/server/sops/default.nix b/modules/server/sops/default.nix
index 640f6dc..3e03a41 100644
--- a/modules/server/sops/default.nix
+++ b/modules/server/sops/default.nix
@@ -8,7 +8,7 @@ in{
   config = lib.mkIf (config.syscfg.server.sops) {
     sops.secrets = {
       INFOMANIAK_API_KEY = { sopsFile = ./server.yaml; };
-    } // (lib.genAttrs (map (name: "${name}_pass") allApps) (name: {
+    } // (lib.genAttrs (map (name: "${lib.toUpper name}") allApps) (name: {
       owner = "postgres";
       sopsFile = ./server.yaml;
     }));
diff --git a/modules/server/sops/server.yaml b/modules/server/sops/server.yaml
index 0063dcb..31d7ab1 100644
--- a/modules/server/sops/server.yaml
+++ b/modules/server/sops/server.yaml
@@ -1,5 +1,5 @@
 INFOMANIAK_API_KEY: ENC[AES256_GCM,data:QhjQoCMxogXAPtvUbf/EWkqsFAndn73LBuTqj5essjruekynH287D/CYN/cwfcnDqZoh6Z4A9p08uUmXzqmTiralAhsCoc+Ljb/monmsruc=,iv:8rMGNc9398jnFXZm34fOht6fMNDAcDZ68B1jwoQPn2Q=,tag:ZlQnPaxkCktpwiC6HzmFVg==,type:str]
-authentik_pass: ENC[AES256_GCM,data:5obiSGKSJcXxrxB45KA9ITNMKLjwP6612JSJrWHCeAMhag==,iv:dN6i1f6z/cT7M/YFz6vgg3ZOiShIBOed9Djn9QdzhgA=,tag:dNmQJEb8QqmWxvqJgmgVnA==,type:str]
+AUTHENTIK: ENC[AES256_GCM,data:BNe8AdY5zf2+7yTmmlwIsTxdgeYJhGoqZQ6rPgLtG8P/tMMjLjr/pPvp0K3HRyKi41+V6DKY8rVTqKnhi8iwK2ZtFzttSEa6bpc++nFRXb9xVwpYaL0LoTps5u2P55Bttx3cEoXL8zRXN1D0UFHmiyC166A8Y7gz0SVIfrmrEg==,iv:cBX2Mr1h7dh1MD1NlEOK3/n+DVWKlGUa9+QEXg+dH2g=,tag:9qJcROMIRUw9f8ZA0jvB4Q==,type:str]
 sops:
     age:
         - recipient: age1sxzuhh2fcd4pmaz4mdqq95t683d32ft22w9t2r7pk258u0s8wymsqdj7lg
@@ -20,8 +20,8 @@ sops:
             S1NaTVFTL0FCdm1EQmRsUnlhclZNZlEKEgIe60qkvY8+UocjQU+WM2dTL/1y3Kqk
             d4RrlLP9NSozwVsPYI4ntygvMSApbT4v0YvoO7gV90lkGWEvW1YDfA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-05-06T00:22:30Z"
-    mac: ENC[AES256_GCM,data:Irpt5adS904hbzw1eeQ5aedLd0CRSd3fAsvDhpyCNOgUNv08sZlreak0Ko4vpA/Toz8UsH+5HBPlIJxEm0EfeBADUH7UaNSYb4uJtFttksMPxtJ6cF9eDNSAGomEmXPV5bo//81o8ZQdXLECHX8ZsqdBBLYJV2EXxwicz6Br/00=,iv:hyH7zFV0vbxd3h4dEhuEQsDtJ54wK+fnVmBEuyQApfI=,tag:ZjnXoUMghjL3iwE4VPSEkA==,type:str]
+    lastmodified: "2026-05-06T00:35:40Z"
+    mac: ENC[AES256_GCM,data:EbdxTv1UCMU11B/9mEHnm2hXFVtARbcsdZLU4AuPTlTrzeHE/Cuqt6tIZn3C6nGXU0a63Z8fHokcpWdcQs1dIteGtZuhdvqH+x+K5UHcRcOwMaPWfPzn2XnNg9YVzJ7yyoGTfzuhqiBVKxTzid3Tnd9nWGimas4brjrnKZ0KoBA=,iv:U2OGBqg0HfVIQWts2U+8sVXN9SPkXVbGXBMeZTd+IGM=,tag:vLVaq1kChNg+/Bkb9+3X4Q==,type:str]
     pgp:
         - created_at: "2026-05-05T23:46:27Z"
           enc: |-