diff --git a/.github/workflows/potaris.yaml b/.github/workflows/potaris.yaml
new file mode 100644
index 0000000..3c53418
--- /dev/null
+++ b/.github/workflows/potaris.yaml
@@ -0,0 +1,57 @@
+name: ci
+
+on:
+  push:
+    branches:
+      - "potaris"
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    environment:
+        name: prod
+    steps:
+      -
+        name: Checkout
+        uses: actions/checkout@v3
+      -
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      -
+        name: Login to Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ secrets.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USER }}
+          password: ${{ secrets.REGISTRY_PASS }}
+      -
+        name: Build and push Potaris DE image
+        uses: docker/build-push-action@v3
+        with:
+          context: ./docker/potaris/
+          platforms: linux/amd64
+          push: true
+          tags: "${{ secrets.REGISTRY }}/athq/fjsd-potaris:latest"
+          build-args: |
+            BRANCH=potaris
+            CONFIG_BRANCH=master
+          secrets: |
+            "CONFIG_REPOSITORY=${{ secrets.CONFIG_REPOSITORY_POTARIS }}"
+            "CONFIG_REPOSITORY_KEY=${{ secrets.CONFIG_REPOSITORY_POTARIS_KEY }}"
+      -
+        name: Build and push Potaris EN image
+        uses: docker/build-push-action@v3
+        with:
+          context: ./docker/potaris/
+          platforms: linux/amd64
+          push: true
+          tags: "${{ secrets.REGISTRY }}/athq/fjsd-potaris-en:latest"
+          build-args: |
+            BRANCH=potaris
+            CONFIG_BRANCH=en
+          secrets: |
+            "CONFIG_REPOSITORY=${{ secrets.CONFIG_REPOSITORY_POTARIS }}"
+            "CONFIG_REPOSITORY_KEY=${{ secrets.CONFIG_REPOSITORY_POTARIS_KEY }}"
diff --git a/.gitignore b/.gitignore
index 51b85b0..dec8adf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,5 @@ cache.json
 auth.txt
 *content/
 config_prod.py
+config_repository.txt
+config_repository_key.txt
diff --git a/docker/potaris/Dockerfile b/docker/potaris/Dockerfile
new file mode 100644
index 0000000..657cd62
--- /dev/null
+++ b/docker/potaris/Dockerfile
@@ -0,0 +1,35 @@
+FROM python:3.8-slim-buster
+
+ARG BRANCH
+ARG CONFIG_BRANCH
+
+RUN mkdir /run/secrets/
+RUN --mount=type=secret,id=CONFIG_REPOSITORY_KEY,dst=/run/secrets/CONFIG_REPOSITORY_KEY,required echo "$(cat /run/secrets/CONFIG_REPOSITORY_KEY)" && ls -l /run/secrets
+
+RUN apt update
+RUN apt install python3-pip git -y
+RUN python3 -m pip install waitress
+RUN python3 -m pip install --upgrade pip
+
+RUN git clone --branch $BRANCH https://github.com/FAUSheppy/flask-json-dream-website /app
+WORKDIR /app
+
+RUN mkdir ~/.ssh/
+RUN ssh-keyscan github.com >> ~/.ssh/known_hosts
+RUN --mount=type=secret,id=CONFIG_REPOSITORY \
+    --mount=type=secret,id=CONFIG_REPOSITORY_KEY \
+    eval `ssh-agent -s` && \
+    echo "$(cat /run/secrets/CONFIG_REPOSITORY_KEY)" | ssh-add - && \
+    git clone --branch ${CONFIG_BRANCH} $(cat /run/secrets/CONFIG_REPOSITORY) content
+
+RUN ln -s content/config.py config_prod.py
+
+RUN python3 -m pip install --no-cache-dir -r req.txt
+
+HEALTHCHECK CMD --interval=5m --timeout=5s /usr/bin/curl http://localhost:5000/ || exit 1
+EXPOSE 5000/tcp
+
+RUN apt remove git -y
+RUN apt autoremove -y
+
+CMD waitress-serve --host 0.0.0.0 --port 5000 --call 'app:createApp'