diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..9394c1b
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,3 @@
+WEBHOOK_PROXY_URL=
+GITHUB_TOKEN=
+GITHUB_WEBHOOK_SECRET=
\ No newline at end of file
diff --git a/README.md b/README.md
index edc2c4c..b41ba42 100644
--- a/README.md
+++ b/README.md
@@ -177,10 +177,18 @@ To ensure that you follow the development workflow, please setup the pre-commit
 uv run pre-commit install
 ```
 
-To test the webhook handler, use the `compose.yaml` file with the following command:
+### Run the application locally
+
+To test the webhook handler you need to fill an `.env` file, run:
+
+```shell
+cp .env.example .env
+```
+
+then run:
 
 ```shell
-WEBHOOK_PROXY_URL=https://smee.io/XXX docker compose up
+docker compose up
 ```
 
 ## Acknowledgements
diff --git a/compose.yaml b/compose.yaml
index f2ae5f9..aea7bb2 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -11,6 +11,7 @@ services:
       - ./tests:/opt/app/tests:z
     environment:
       - GITHUB_TOKEN=$GITHUB_TOKEN
+      - GITHUB_WEBHOOK_SECRET=$GITHUB_WEBHOOK_SECRET
     entrypoint:
       - uv
       - run
diff --git a/scripts/github_app.py b/scripts/github_app.py
index bb8edc4..f143a64 100644
--- a/scripts/github_app.py
+++ b/scripts/github_app.py
@@ -7,7 +7,7 @@
 from fastgithub import GithubWebhookHandler, SignatureVerificationSHA256, webhook_router
 from fastgithub.recipes.github import AutoCreatePullRequest, LabelsFromCommits
 
-signature_verification = SignatureVerificationSHA256(secret="mysecret")  # noqa: S106
+signature_verification = SignatureVerificationSHA256(secret=os.environ["GITHUB_WEBHOOK_SECRET"])  # noqa: S106
 webhook_handler = GithubWebhookHandler(signature_verification)
 
 github = Github(auth=Auth.Token(os.environ["GITHUB_TOKEN"]))