diff --git a/.woodpecker.yml b/.woodpecker.yml
index 7dd3c4b..9090e01 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -43,23 +43,11 @@ steps:
       known_hosts:
         from_secret: STAGING_KNOWN_HOSTS
     script:
-      - set -euo pipefail
-      - ENV=dev
-      - PROJECT=aptivaai-dev
-      - ROOT=/opt/aptiva-staging-app
-      - REG=us-central1-docker.pkg.dev/${PROJECT}/aptiva-repo
+      - set -eu
       - TAG=$(echo "$CI_COMMIT_SHA" | head -c 8)
-      - cd "$ROOT"
-      - export IMG_TAG="$TAG"
-      - SECRETS=(JWT_SECRET OPENAI_API_KEY ONET_USERNAME ONET_PASSWORD STRIPE_SECRET_KEY STRIPE_PUBLISHABLE_KEY STRIPE_WH_SECRET STRIPE_PRICE_PREMIUM_MONTH STRIPE_PRICE_PREMIUM_YEAR STRIPE_PRICE_PRO_MONTH STRIPE_PRICE_PRO_YEAR DB_HOST DB_PORT DB_USER DB_PASSWORD TWILIO_ACCOUNT_SID TWILIO_AUTH_TOKEN TWILIO_MESSAGING_SERVICE_SID)
-      - echo "🔐 Pulling secrets from Secret Manager"
-      - for S in "${SECRETS[@]}"; do export "$S"="$(gcloud secrets versions access latest --secret="${S}_${ENV}" --project="${PROJECT}")"; done
-      - export FROM_SECRETS_MANAGER=true
-      - preserve_vars=(IMG_TAG FROM_SECRETS_MANAGER $(IFS=,; echo "${SECRETS[*]}"))
-      - preserve=$(IFS=,; echo "${preserve_vars[*]}")
-      - echo "🚀 Deploying with preserved env: $preserve"
-      - sudo --preserve-env="$preserve" docker compose pull
-      - sudo --preserve-env="$preserve" docker compose up -d --force-recreate --remove-orphans
+      - cd /opt/aptiva-staging-app
+      - IMG_TAG=$TAG docker compose pull
+      - IMG_TAG=$TAG docker compose up -d --force-recreate --remove-orphans
     when:
       event: [push, manual]
       branch: [master]