diff --git a/README.md b/README.md
index 7c082496..5ec75e70 100644
--- a/README.md
+++ b/README.md
@@ -71,11 +71,28 @@ npm install
 
 ## Deployment to CapRover
 
+### CapRover Dev (vbv-lernwelt.control.iterativ.ch)
+
 ```
 # run deploy script
+./caprover_deploy.sh vbv-lernwelt
+
+# of vbv-lernwelt is default value
 ./caprover_deploy.sh
 ```
 
+### CapRover Stage (myvbv-stage.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv-stage
+```
+
+### CapRover Prod (myvbv.iterativ.ch)
+
+```
+./caprover_deploy.sh myvbv
+```
+
 ## IntelliJ Configuration
 
 * In the .idea/vbv_lernwelt.iml file change the module type to "PYTHON_MODULE".
diff --git a/caprover_create_app.py b/caprover_create_app.py
index 6d776d48..870bdc35 100644
--- a/caprover_create_app.py
+++ b/caprover_create_app.py
@@ -3,7 +3,7 @@ import sys
 
 from environs import Env
 
-# TODO: I use a locally patched caprover api for no
+# TODO: I use a locally patched caprover api for now
 sys.path.append(r'/Users/daniel/workspace/iterativ-caprover/Caprover-API')
 from caprover_api import caprover_api
 
@@ -12,7 +12,8 @@ logging.basicConfig(level=logging.DEBUG)
 
 
 env = Env()
-env.read_env("./env_secrets/caprover.env")
+env.read_env("./env_secrets/caprover_stage.env", recurse=False, override=True)
+app_name = "myvbv-stage"
 
 cap = caprover_api.CaproverAPI(
     dashboard_url=env.str('CAPROVER_DOMAIN'),
@@ -25,7 +26,7 @@ db_name = env.str('POSTGRES_DB')
 
 cap.deploy_one_click_app(
     one_click_app_name='postgres',
-    namespace='vbv-lernwelt',
+    namespace=app_name,
     # check https://github.com/caprover/one-click-apps/blob/master/public/v4/apps/postgres.yml
     app_variables={
         '$$cap_postgres_version': '14.2',
@@ -37,23 +38,43 @@ cap.deploy_one_click_app(
 )
 
 cap.create_and_update_app(
-    app_name='vbv-lernwelt',
+    app_name=app_name,
     enable_ssl=True,
     force_ssl=True,
     expose_as_web_app=True,
     image_name='docker.io/iterativ/vbv-lernwelt-django',
     environment_variables={
         # 'DJANGO_SETTINGS_MODULE': 'config.settings.base',
-        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
-        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
-        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
-        'IT_DJANGO_DEBUG': 'false',
-        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
-        'IT_APP_ENVIRONMENT': 'caprover',
-        'POSTGRES_HOST': 'srv-captain--vbv-lernwelt-postgres-db',
+        'IT_APP_ENVIRONMENT': env.str('IT_APP_ENVIRONMENT'),
+
+        'POSTGRES_HOST': f'srv-captain--{app_name}-postgres-db',
         'POSTGRES_PORT': 5432,
         'POSTGRES_DB': db_name,
         'POSTGRES_USER': db_user,
         'POSTGRES_PASSWORD': db_pass,
+
+        'IT_ALLOW_LOCAL_LOGIN': env.str('IT_ALLOW_LOCAL_LOGIN'),
+
+        'IT_DJANGO_SECRET_KEY': env.str('IT_DJANGO_SECRET_KEY'),
+        'IT_DJANGO_ADMIN_URL': env.str('IT_DJANGO_ADMIN_URL'),
+        'IT_DJANGO_ALLOWED_HOSTS': env.str('IT_DJANGO_ALLOWED_HOSTS'),
+
+        'IT_DJANGO_DEBUG': 'false',
+        'IT_SERVE_VUE': 'false',
+
+        'IT_SENTRY_DSN': env.str('IT_SENTRY_DSN'),
+
+        'IT_OAUTH_CLIENT_NAME': env.str('IT_OAUTH_CLIENT_NAME'),
+        'IT_OAUTH_CLIENT_ID': env.str('IT_OAUTH_CLIENT_ID'),
+        'IT_OAUTH_CLIENT_SECRET': env.str('IT_OAUTH_CLIENT_SECRET'),
+        'IT_OAUTH_ACCESS_TOKEN_URL': env.str('IT_OAUTH_ACCESS_TOKEN_URL'),
+        'IT_OAUTH_AUTHORIZE_URL': env.str('IT_OAUTH_AUTHORIZE_URL'),
+        'IT_OAUTH_API_BASE_URL': env.str('IT_OAUTH_API_BASE_URL'),
+        'IT_OAUTH_LOCAL_DIRECT_URI': env.str('IT_OAUTH_LOCAL_DIRECT_URI'),
+        'IT_OAUTH_TENANT_ID': env.str('IT_OAUTH_TENANT_ID'),
+        'IT_OAUTH_SCOPE': env.str('IT_OAUTH_SCOPE'),
+        'IT_OAUTH_SERVER_METADATA_URL': env.str('IT_OAUTH_SERVER_METADATA_URL'),
+        'IT_OAUTH_TOKEN_NAME': env.str('IT_OAUTH_TOKEN_NAME'),
+        'IT_OAUTH_LOGOUT_URL': env.str('IT_OAUTH_LOGOUT_URL'),
     },
 )
diff --git a/caprover_deploy.sh b/caprover_deploy.sh
index 8b026264..0f99b4b4 100755
--- a/caprover_deploy.sh
+++ b/caprover_deploy.sh
@@ -6,18 +6,19 @@ LATEST="${REPO}:latest"
 BUILD_TIMESTAMP=$( date '+%F_%H:%M:%S' )
 VERSION_TAG="${REPO}:$VERSION"
 
+APP_NAME=${1:-vbv-lernwelt}
+
+echo "Deploy to $APP_NAME"
+
 # script should fail when any process returns non zero code
 set -ev
 
 # create client
 npm run build
 
-## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
-
 # create and push new docker container
-docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT=$(git log -1 --format=%h) .
-
-
-#deploy to caprover, explicitly use the version tag... so if there is a mismach you get an error message
-caprover deploy -h https://captain.control.iterativ.ch -a vbv-lernwelt -i docker.io/"$VERSION_TAG"
+## Note that images build with buildx do not appear in your docker images list, therefore the push true must be set
+docker buildx build --push=true  --platform=linux/amd64 -f compose/django/Dockerfile -t "$REPO" -t "$LATEST" -t "$VERSION_TAG" --build-arg VERSION="$VERSION" --build-arg BUILD_TIMESTAMP="$BUILD_TIMESTAMP" --build-arg GIT_COMMIT="$(git log -1 --format=%h)" .
 
+#deploy to caprover, explicitly use the version tag... so if there is a mismatch you get an error message
+caprover deploy -h https://captain.control.iterativ.ch -a "$APP_NAME" -i docker.io/"$VERSION_TAG"
diff --git a/env_secrets/caprover.env b/env_secrets/caprover.env
deleted file mode 100644
index 738c5c3f..00000000
Binary files a/env_secrets/caprover.env and /dev/null differ
diff --git a/env_secrets/caprover_dev.env b/env_secrets/caprover_dev.env
new file mode 100644
index 00000000..4551800d
Binary files /dev/null and b/env_secrets/caprover_dev.env differ
diff --git a/env_secrets/caprover_prod.env b/env_secrets/caprover_prod.env
new file mode 100644
index 00000000..32320d96
Binary files /dev/null and b/env_secrets/caprover_prod.env differ
diff --git a/env_secrets/caprover_stage.env b/env_secrets/caprover_stage.env
new file mode 100644
index 00000000..d0b38980
Binary files /dev/null and b/env_secrets/caprover_stage.env differ
diff --git a/git-crypt-encrypted-files.txt b/git-crypt-encrypted-files.txt
index dd4c2af7..1720be9a 100644
--- a/git-crypt-encrypted-files.txt
+++ b/git-crypt-encrypted-files.txt
@@ -1,3 +1,7 @@
-    encrypted: env_secrets/caprover.env
-    encrypted: env_secrets/production.env
+    encrypted: env_secrets/caprover_dev.env
+    encrypted: env_secrets/caprover_prod.env
+    encrypted: env_secrets/caprover_stage.env
+    encrypted: env_secrets/local_chrigu.env
+    encrypted: env_secrets/local_daniel.env
     encrypted: env_secrets/local_lorenz.env
+    encrypted: env_secrets/production.env
diff --git a/server/config/settings/base.py b/server/config/settings/base.py
index b6315517..9fd92a30 100644
--- a/server/config/settings/base.py
+++ b/server/config/settings/base.py
@@ -574,7 +574,7 @@ if APP_ENVIRONMENT == "development":
     # https://django-extensions.readthedocs.io/en/latest/installation_instructions.html#configuration
     INSTALLED_APPS += ["django_extensions"]  # noqa F405
 
-if APP_ENVIRONMENT in ["production", "caprover"]:
+if APP_ENVIRONMENT in ["production", "caprover"] or APP_ENVIRONMENT.startswith("caprover"):
     # SECURITY
     # ------------------------------------------------------------------------------
     # https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header