diff --git a/data_bags/credentials/drone.json b/data_bags/credentials/drone.json
index 1b587ba..b6ce84d 100644
--- a/data_bags/credentials/drone.json
+++ b/data_bags/credentials/drone.json
@@ -1,30 +1,37 @@
 {
   "id": "drone",
   "client_id": {
-    "encrypted_data": "z2cWhmP46/LuBPslGiuEzRIZGbta+nAkfi2XaX0q4PA0SeWoTz3rX9P6XCaz\nDdjP/3RyN98sww==\n",
-    "iv": "2SOtcpBRCZC9YI+D\n",
-    "auth_tag": "C9PnsL3QsRBOKw1/k/p/mg==\n",
+    "encrypted_data": "bfwxBJt+xNihifwXmjWK3dMDCcjZ1XgiWvqvK0Dj3zd8ZuDRZUwt++xdr/bT\n1wwz1i3udaxZqQ==\n",
+    "iv": "0Bioz/6QbDo5w8Ay\n",
+    "auth_tag": "lF8gragaEIrfR1g+Ka1Wnw==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "client_secret": {
-    "encrypted_data": "9s33F5MmjEaUA+7ASxYMK5f23y1HffsV9b5rO4ezlisI3K/B/MgdBZeiIDs7\nanknoytcnRJiLNUlud6ohJ4s\n",
-    "iv": "Vou+sM/jeOZc/VwJ\n",
-    "auth_tag": "f2EPlHD2JDmSlSf3eu9WFg==\n",
+    "encrypted_data": "1TKFuk54DqP/5kAPIfjI2PNriOIJ0NdwV2ETZdF1O7Gt55WXvHSTupQLu0NG\nQkrSXXqdgDKvW2/P+d1W0NTQ\n",
+    "iv": "nBqEog1s/Z2cHnqU\n",
+    "auth_tag": "yBjz6GQ6K6bowih970e37w==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "rpc_secret": {
-    "encrypted_data": "VkvdD+8FTjPSfJANVPWkWGMjBU7xyqDOS2uH84fAijqkg0sS+lBej4VohHsL\nntuPAcOo\n",
-    "iv": "Uod5WEkE2FXYnhVq\n",
-    "auth_tag": "N8+wPuN/EXO5L57+uG0gsw==\n",
+    "encrypted_data": "KBJHpfjw6aEuMoOJevkNRFA6NVF8w4cAxRsPRchN+qlLXPT1Kxql2uug8c0P\n1DdKeaZq\n",
+    "iv": "qj9C1PqC1OlDX6YR\n",
+    "auth_tag": "vgI5nxBEYnhwgJATykISJA==\n",
+    "version": 3,
+    "cipher": "aes-256-gcm"
+  },
+  "database_secret": {
+    "encrypted_data": "W+tSV89+1Ue/sNm6+dOW06jFGrmPTt4RVR8A0GUJXZhGbqBBie3jWNW3ZeKg\nfEQTYP1j\n",
+    "iv": "Of9fVasrPT7451HD\n",
+    "auth_tag": "fuY65GQr4s3vR6E3OuZdzQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   },
   "postgresql_password": {
-    "encrypted_data": "DMH34mpij84Pkalr3rcuPcp2ofiIZ6ONvDRchGbxyuJ2\n",
-    "iv": "o9IDDyjp4aDB2/FB\n",
-    "auth_tag": "rgLP7dQ4n6C1hHuG5t5sxw==\n",
+    "encrypted_data": "KqoUOOkqBy9Sfrg5THVWyOdgd21aDjXlEqxVhX1OIcsv\n",
+    "iv": "iPDmnzOO1TWA1bO1\n",
+    "auth_tag": "8o+0nRewMEGeoH5/ZfGUuQ==\n",
     "version": 3,
     "cipher": "aes-256-gcm"
   }
diff --git a/site-cookbooks/kosmos_drone/recipes/default.rb b/site-cookbooks/kosmos_drone/recipes/default.rb
index 8e34e9a..787e010 100644
--- a/site-cookbooks/kosmos_drone/recipes/default.rb
+++ b/site-cookbooks/kosmos_drone/recipes/default.rb
@@ -30,6 +30,7 @@ template "#{deploy_path}/docker-compose.yml" do
             client_id: credentials['client_id'],
             client_secret: credentials['client_secret'],
             rpc_secret: credentials['rpc_secret'],
+            database_secret: credentials['database_secret'],
             postgres: postgres_config,
             max_procs: 4
   notifies :restart, "systemd_unit[drone.service]", :delayed
diff --git a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb
index 3089196..0457342 100644
--- a/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb
+++ b/site-cookbooks/kosmos_drone/templates/docker-compose.yml.erb
@@ -19,6 +19,7 @@ services:
       - DRONE_RPC_SECRET=<%= @rpc_secret %>
       - DRONE_DATABASE_DRIVER=postgres
       - DRONE_DATABASE_DATASOURCE=postgres://<%= @postgres[:username] %>:<%= @postgres[:password] %>@<%= @postgres[:host] %>:<%= @postgres[:port] %>/<%= @postgres[:database] %>?sslmode=disable
+      - DRONE_DATABASE_SECRET=<%= @database_secret %>
 
   drone-runner:
     image: drone/drone-runner-docker:1.8