diff --git a/.gitlab-ci-template.yml b/.gitlab-ci-template.yml
index 897448a..e77af38 100644
--- a/.gitlab-ci-template.yml
+++ b/.gitlab-ci-template.yml
@@ -137,11 +137,13 @@
     sed -i "s|registry.boomlab.party/rheinsw/rheinsw-mono-repo/internal_frontend|registry.boomlab.party/rheinsw/rheinsw-mono-repo/internal_frontend@$(cat digest-internal_frontend.txt)|g" docker-compose.generated.yml
 
     echo "Copying docker-compose.generated.yml to $HOST:$REMOTE_ENV_PATH/docker-compose.yml"
+    
     # Ensure remote path exists before scp
     ssh -p "$PORT" "$DEPLOY_USER@$HOST" "mkdir -p $REMOTE_ENV_PATH"
     
     # Copy
     scp -P "$PORT" docker-compose.generated.yml "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/docker-compose.yml"
+    scp -P "$PORT" internal_frontend/.env "$DEPLOY_USER@$HOST:$REMOTE_ENV_PATH/internal_frontend.env"
 
     echo "Deploying on $HOST"
     ssh -p "$PORT" "$DEPLOY_USER@$HOST" "
diff --git a/internal_frontend/.gitlab-ci.yml b/internal_frontend/.gitlab-ci.yml
index c01748d..9194562 100644
--- a/internal_frontend/.gitlab-ci.yml
+++ b/internal_frontend/.gitlab-ci.yml
@@ -11,11 +11,12 @@ build_internal_frontend:
     - |
       cd internal_frontend
       echo "KEYCLOAK_ISSUER=$KEYCLOAK_ISSUER" > .env
-      echo "NEXTAUTH_SECRET=$NEXTAUTH_SECRET" >> .env
       if [ "$CI_COMMIT_REF_NAME" = "production" ]; then
+        echo "NEXTAUTH_SECRET=$NEXTAUTH_SECRET_PROD" >> .env
         echo "KEYCLOAK_CLIENT_ID=$KEYCLOAK_CLIENT_ID_PROD" >> .env
         echo "KEYCLOAK_CLIENT_SECRET=$KEYCLOAK_CLIENT_SECRET_PROD" >> .env
       else
+        echo "NEXTAUTH_SECRET=$NEXTAUTH_SECRET_TEST" >> .env
         echo "KEYCLOAK_CLIENT_ID=$KEYCLOAK_CLIENT_ID_TEST" >> .env
         echo "KEYCLOAK_CLIENT_SECRET=$KEYCLOAK_CLIENT_SECRET_TEST" >> .env
       fi
@@ -25,6 +26,7 @@ build_internal_frontend:
       npx next build
   artifacts:
     paths:
+      - internal_frontend/.env
       - internal_frontend/.next
       - internal_frontend/public
       - internal_frontend/package.json