diff --git a/.env b/.env
deleted file mode 100644
index 2299b8ad..00000000
--- a/.env
+++ /dev/null
@@ -1,154 +0,0 @@
-# ==========================================
-#  Meldestelle – Docker Compose Environment
-#  Single Source of Truth (SSoT)
-# ==========================================
-# WARNING: This file contains secrets (passwords).
-# Do NOT commit this file to version control if it contains production secrets.
-
-# --- PROJECT ---
-PROJECT_NAME=meldestelle
-
-# --- BACKUP ---
-BACKUP_DIR=/home/stefan/backups/meldestelle
-BACKUP_RETENTION_DAYS=7
-
-# Docker build versions (optional overrides)
-DOCKER_VERSION=1.0.0-SNAPSHOT
-DOCKER_REGISTRY=git.mo-code.at/mocode-software/meldestelle
-DOCKER_BUILD_DATE=2026-02-02T15:00:00Z
-DOCKER_GRADLE_VERSION=9.3.1
-# Check if 25 is intended (Early Access) or if LTS 21 was meant
-DOCKER_JAVA_VERSION=25
-DOCKER_NODE_VERSION=24.12.0
-DOCKER_NGINX_VERSION=1.28.0-alpine
-
-# JVM Power Flags (Lokal leer lassen, da Intel/AMD Architektur)
-JVM_OPTS_ARM64=
-
-# Postgres
-POSTGRES_IMAGE=postgres:16-alpine
-POSTGRES_SHARED_BUFFERS=256MB
-POSTGRES_EFFECTIVE_CACHE_SIZE=768MB
-POSTGRES_USER=pg-user
-POSTGRES_PASSWORD=pg-password
-POSTGRES_DB=pg-meldestelle-db
-POSTGRES_PORT=5432:5432
-POSTGRES_DB_URL=jdbc:postgresql://postgres:5432/pg-meldestelle-db
-
-# --- VALKEY (formerly Redis) ---
-VALKEY_IMAGE=valkey/valkey:9-alpine
-VALKEY_PASSWORD=valkey-password
-VALKEY_PORT=6379:6379
-VALKEY_SERVER_HOSTNAME=valkey
-VALKEY_SERVER_PORT=6379
-VALKEY_SERVER_CONNECT_TIMEOUT=5s
-VALKEY_POLICY=allkeys-lru
-VALKEY_MAX_MEMORY=256MB
-SPRING_DATA_VALKEY_HOST=localhost
-SPRING_DATA_VALKEY_PORT=6379
-SPRING_DATA_VALKEY_PASSWORD=valkey-password
-
-# --- KEYCLOAK ---
-KEYCLOAK_IMAGE_TAG=latest
-KC_HEAP_MIN=512M
-KC_HEAP_MAX=1024M
-# Lokale Entwicklung: start-dev (kein Pre-Build nötig, kein --optimized)
-# Server/Produktion: start --optimized --import-realm (nutzt das pre-built Registry-Image)
-KC_COMMAND=start --optimized --import-realm
-KC_ADMIN_USERNAME=kc-admin
-KC_ADMIN_PASSWORD=kc-password
-KC_DB=postgres
-KC_DB_SCHEMA=keycloak
-KC_DB_PASSWORD=meldestelle
-# Lokal: localhost | Server: echte IP oder Domain (z.B. 10.0.0.50 oder auth.meldestelle.at)
-# WICHTIG: Nur den Hostnamen angeben, OHNE Port (Keycloak 26.x hostname v2)
-KC_HOSTNAME=localhost
-# false = kein Hostname-Strict-Check (empfohlen für Entwicklung und HTTP-only Server)
-KC_HOSTNAME_STRICT=false
-# KC_HOSTNAME_STRICT_HTTPS wurde entfernt — deprecated in Keycloak 26.x (hostname v2), wird ignoriert
-KC_PORT=8180:8080
-KC_MANAGEMENT_PORT=9000:9000
-
-# --- KEYCLOAK TOKEN VALIDATION ---
-# Public Issuer URI (must match the token issuer from browser/postman)
-# Lokal: http://localhost:8180 | Produktion: http://10.0.0.50:8180
-SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI=http://localhost:8180/realms/meldestelle
-# Internal JWK Set URI (for service-to-service communication within Docker)
-SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI=http://keycloak:8080/realms/meldestelle/protocol/openid-connect/certs
-
-# --- CONSUL ---
-CONSUL_IMAGE=hashicorp/consul:1.22.1
-CONSUL_PORT=8500:8500
-CONSUL_UDP_PORT=8600:8600/udp
-CONSUL_HOST=consul
-SPRING_CLOUD_CONSUL_HOST=consul
-SPRING_CLOUD_CONSUL_PORT=8500
-SPRING_CLOUD_CONSUL_DISCOVERY_SERVICE_NAME=api-gateway
-SPRING_CLOUD_CONSUL_DISCOVERY_PREFER_IP_ADDRESS=true
-
-# --- Zipkin ---
-ZIPKIN_IMAGE=openzipkin/zipkin:3
-ZIPKIN_MIN_HEAP=256M
-ZIPKIN_MAX_HEAP=512M
-ZIPKIN_PORT=9411:9411
-ZIPKIN_ENDPOINT=http://zipkin:9411/api/v2/spans
-ZIPKIN_SAMPLING_PROBABILITY=1.0
-
-# --- Mailpit ---
-MAILPIT_IMAGE=axllent/mailpit:v1.29
-MAILPIT_WEB_PORT=8025:8025
-MAILPIT_SMTP_PORT=1025:1025
-
-# --- PGADMIN ---
-PGADMIN_IMAGE=dpage/pgadmin4:8
-PGADMIN_EMAIL=meldestelle@mo-code.at
-PGADMIN_PASSWORD=pgadmin
-PGADMIN_PORT=8888:80
-
-# --- POSTGRES-EXPORTER ---
-POSTGRES_EXPORTER_IMAGE=prometheuscommunity/postgres-exporter:v0.18.0
-
-# --- ALERTMANAGER ---
-ALERTMANAGER_IMAGE=prom/alertmanager:v0.29.0
-ALERTMANAGER_PORT=9093:9093
-
-# --- PROMETHEUS ---
-PROMETHEUS_IMAGE=prom/prometheus:v3.7.3
-PROMETHEUS_PORT=9090:9090
-
-# --- GRAFANA ---
-GF_IMAGE=grafana/grafana:12.3
-GF_ADMIN_USER=gf-admin
-GF_ADMIN_PASSWORD=gf-password
-GF_PORT=3000:3000
-
-# --- API-GATEWAY ---
-GATEWAY_PORT=8081:8081
-GATEWAY_DEBUG_PORT=5005:5005
-GATEWAY_SERVER_PORT=8081
-GATEWAY_SPRING_PROFILES_ACTIVE=docker
-GATEWAY_DEBUG=true
-GATEWAY_SERVICE_NAME=api-gateway
-GATEWAY_CONSUL_HOSTNAME=api-gateway
-GATEWAY_CONSUL_PREFER_IP=true
-
-# --- PING-SERVICE ---
-PING_SPRING_PROFILES_ACTIVE=docker
-PING_PORT=8082:8082
-PING_DEBUG_PORT=5006:5006
-PING_SERVER_PORT=8082
-PING_DEBUG=true
-PING_SERVICE_NAME=ping-service
-PING_CONSUL_HOSTNAME=ping-service
-PING_CONSUL_PREFER_IP=true
-
-# --- WEB-APP ---
-CADDY_VERSION=2.11-alpine
-WEB_APP_PORT=4000:4000
-WEB_BUILD_PROFILE=dev
-# Lokal: http://localhost:8081 | Produktion: http://10.0.0.50:8081
-WEB_APP_API_URL=http://localhost:8081
-
-# --- DESKTOP-APP ---
-DESKTOP_APP_VNC_PORT=5901:5901
-DESKTOP_APP_NOVNC_PORT=6080:6080
diff --git a/.gitignore b/.gitignore
index e84238ac..dfad3ae1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,3 +71,4 @@ build/diagrams/
 .dataSources/
 dataSources.local.xml
 /_backup/
+.env