diff --git a/.github/workflows/deployment.yml b/.github/workflows/deployment.yml
index ced4e178..f29e69e8 100644
--- a/.github/workflows/deployment.yml
+++ b/.github/workflows/deployment.yml
@@ -15,7 +15,7 @@ jobs:
         uses: actions/checkout@v4
       -
         name: Copy environment variables to correct file
-        run: cp /home/dev/.backend.env backend/.env
+        run: cp /home/dev/.backend.env backend/.env && cp /home/dev/.idp.env config/idp/.env
       -
         name: Start docker
         run: docker compose -f compose.yml -f compose.production.yml up --build -d
diff --git a/compose.production.yml b/compose.production.yml
index bcd72e58..65dc199b 100644
--- a/compose.production.yml
+++ b/compose.production.yml
@@ -42,12 +42,25 @@ services:
         networks:
             - dwengo-1
 
+    keycloak-db:
+        image: postgres:latest
+        ports:
+            - '5442:5432' # Port number 10 higher than normal postgres ports
+        restart: unless-stopped
+        volumes:
+            - dwengo_postgres_keycloak:/var/lib/postgresql/keycloak
+        environment:
+            POSTGRES_USER: keycloak
+            POSTGRES_PASSWORD: ChangeMe
+            POSTGRES_DB: keycloak
+        networks:
+            - dwengo-1
+
     idp:
         extends:
             file: ./compose.yml
             service: idp
-        # TODO Replace with proper production command
-        command: ['start-dev', '--http-port', '7080', '--https-port', '7443', '--import-realm']
+        command: ['start', '--http-port', '7080', '--https-port', '7443', '--import-realm']
         networks:
             - dwengo-1
         labels:
@@ -56,6 +69,10 @@ services:
             - 'traefik.http.services.idp.loadbalancer.server.port=7080'
             - 'traefik.http.routers.block-admin.rule=PathPrefix(`/idp/admin`)'
             - 'traefik.http.routers.block-admin.service=web'
+        depends_on:
+            - keycloak-db
+        volumes:
+            - /etc/keycloak:/keycloak
         env_file:
             - ./config/idp/.env
         environment:
@@ -64,6 +81,13 @@ services:
             KC_PROXY_HEADERS: 'xforwarded'
             KC_HTTP_ENABLED: 'true'
             KC_HTTP_RELATIVE_PATH: '/idp'
+            KC_HTTPS_CERTIFICATE_FILE: '/keycloak/cert.pem'
+            KC_HTTPS_CERTIFICATE_KEY_FILE: '/keycloak/key.pem'
+            KC_HTTP_MAX_QUEUED_REQUESTS: 30 # Prevent overload situations by limiting number of requests
+            KC_DB: 'postgres'
+            KC_DB_USERNAME: 'keycloak'
+            KC_DB_PASSWORD: 'ChangeMe'
+            KC_DB_URL: 'jdbc:postgresql://keycloak-db:5432/keycloak'
 
     reverse-proxy:
         image: traefik:v3.3
@@ -123,6 +147,7 @@ volumes:
     dwengo_grafana_data:
     dwengo_letsencrypt:
     dwengo_loki_data:
+    dwengo_postgres_keycloak:
 
 networks:
     dwengo-1:
diff --git a/compose.yml b/compose.yml
index 9435f6f8..246a35ad 100644
--- a/compose.yml
+++ b/compose.yml
@@ -25,8 +25,6 @@ services:
         restart: unless-stopped
         volumes:
             - ./config/idp:/opt/keycloak/data/import
-        depends_on:
-            - db
         environment:
             KC_HOSTNAME: localhost
             KC_HOSTNAME_PORT: 7080