diff --git a/.gitignore b/.gitignore
index a4d61dfeb..541965950 100644
--- a/.gitignore
+++ b/.gitignore
@@ -28,3 +28,4 @@ spec/examples.txt
 
 # Ignore local .env files
 *.local
+.env
diff --git a/docker-compose.yml b/docker-compose.yml
index 4ee5dcc51..ff1fc6757 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,37 +1,43 @@
-version: '2'
+version: '3'
 
 services:
-  postgres:
+  stringer-setup:
+    build: .
+    restart: no
+    env_file: .env
+    volumes:
+      - ./.env:/app/.env
+    entrypoint: ["ruby"]
+    command: ["/app/docker/init_or_update_env.rb"]
+
+  stringer-postgres:
     image: postgres:9.5-alpine
     restart: always
+    depends_on:
+      stringer-setup:
+        condition: service_completed_successfully
     networks:
       - stringer-network
     volumes:
       - ~/stringer:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_PASSWORD=super_secret_password
-      - POSTGRES_USER=db_user
-      - POSTGRES_DB=stringer
+    env_file: .env
 
-  web:
+  stringer:
     image: stringerrss/stringer:latest
     build: .
     depends_on:
-      - postgres
+      stringer-postgres:
+        condition: service_started
+      stringer-setup:
+        condition: service_completed_successfully
     restart: always
     ports:
       - 80:8080
     networks:
       - stringer-network
-    environment:
-      - SECRET_KEY_BASE=<your configuration>
-      - ENCRYPTION_PRIMARY_KEY=<your configuration>
-      - ENCRYPTION_DETERMINISTIC_KEY=<your configuration>
-      - ENCRYPTION_KEY_DERIVATION_SALT=<your configuration>
-      - PORT=8080
-      - DATABASE_URL=postgres://db_user:super_secret_password@postgres:5432/stringer
+    env_file: .env
 
 networks:
   stringer-network:
     external: false
-    name: stringer-network
\ No newline at end of file
+    name: stringer-network
diff --git a/docker/init_or_update_env.rb b/docker/init_or_update_env.rb
new file mode 100644
index 000000000..907c6371e
--- /dev/null
+++ b/docker/init_or_update_env.rb
@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+
+def generate_secret(length)
+  `openssl rand -hex #{length}`.strip
+end
+
+pg_user = ENV.fetch("POSTGRES_USER", "stringer")
+pg_password = ENV.fetch("POSTGRES_PASSWORD", generate_secret(32))
+pg_host = ENV.fetch("POSTGRES_HOSTNAME", "stringer-postgres")
+pg_db = ENV.fetch("POSTGRES_DB", "stringer")
+
+required_env = {
+  "SECRET_KEY_BASE" => generate_secret(64),
+  "ENCRYPTION_PRIMARY_KEY" => generate_secret(64),
+  "ENCRYPTION_DETERMINISTIC_KEY" => generate_secret(64),
+  "ENCRYPTION_KEY_DERIVATION_SALT" => generate_secret(64),
+  "POSTGRES_USER" => pg_user,
+  "POSTGRES_PASSWORD" => pg_password,
+  "POSTGRES_HOSTNAME" => pg_host,
+  "POSTGRES_DB" => pg_db,
+  "FETCH_FEEDS_CRON" => "*/5 * * * *",
+  "CLEANUP_CRON" => "0 0 * * *",
+  "DATABASE_URL" => "postgres://#{pg_user}:#{pg_password}@#{pg_host}/#{pg_db}"
+}
+
+
+required_env.each do |key, value|
+  next if ENV.key?(key)
+
+  File.open("/app/.env", "a") { |file| file << "#{key}=#{value}\n" }
+end
diff --git a/docs/Docker.md b/docs/Docker.md
index 6c9ce14ab..2d2de7477 100644
--- a/docs/Docker.md
+++ b/docs/Docker.md
@@ -2,7 +2,13 @@
 
 ## Production ready setup using docker-compose
 
-Download [docker-compose.yml](../docker-compose.yml) and in the corresponding folder, run `docker-compose up -d`, give it a second and visit `localhost`
+Download [docker-compose.yml](../docker-compose.yml) to the same folder and run:
+
+```sh
+$ touch .env && docker compose up -d
+```
+
+Give it a second and visit `localhost`.
 
 ## Production ready manual setup