diff --git a/borgmatic.yml b/borgmatic.yml
index 4cffd24..7822a17 100644
--- a/borgmatic.yml
+++ b/borgmatic.yml
@@ -1,27 +1,32 @@
 location:
+  source_directories: []
   repositories:
     - {{ env "BORGBASE_REPO" }}
 
-  storage:
-    compression: auto,zstd
-    encryption_passphrase: CHANGEME
-    archive_name_format: "{hostname}-{now}"
-    ssh_command: ssh -i /run/secrets/backup_bot_ssh_key
+storage:
+  compression: auto,zstd
+  encryption_passphrase: {{ secret "backup_bot_password" }}
+  archive_name_format: "{hostname}-{now}"
+  ssh_command: "ssh -o 'StrictHostKeyChecking no' -i /run/secrets/backup_bot_ssh_key"
 
-  retention:
-    keep_daily: 3
-    keep_weekly: 4
-    keep_monthly: 12
-    keep_yearly: 2
-    prefix: "{hostname}-"
+retention:
+  keep_daily: 3
+  keep_weekly: 4
+  keep_monthly: 12
+  keep_yearly: 2
+  prefix: "{hostname}-"
 
-  consistency:
-    checks:
-      - disabled
-    check_last: 3
-    prefix: "{hostname}-"
+consistency:
+  checks:
+    - disabled
+  check_last: 3
+  prefix: "{hostname}-"
 
 hooks:
+  before_backup:
+    - echo "`date` - Starting backup"
+  after_backup:
+    - echo "`date` - Finished backup"
   mysql_databases:
     - name: {{ env "DB_TABLE" }}
       hostname: {{ env "DB_HOST" }}
diff --git a/compose.yml b/compose.yml
index 54a7125..26a8c2b 100644
--- a/compose.yml
+++ b/compose.yml
@@ -46,8 +46,12 @@ services:
 
   backupbot:
     image: "decentral1se/backup-bot:0.0.1"
+    networks:
+      - backend
     secrets:
-      - backup_bot_ssh_key
+      - source: backup_bot_ssh_key
+        mode: 0400
+      - backup_bot_password
       - db_password
     configs:
       - source: borgmatic_config_yml
@@ -62,7 +66,7 @@ services:
       replicas: 0
       labels:
         - "swarm.cronjob.enable=true"
-        - "swarm.cronjob.schedule=0 2 * * *" # "At 02:00 every night"
+        - "swarm.cronjob.schedule=0 2 * * *" # At 02:00
       restart_policy:
         condition: none
 
@@ -78,7 +82,7 @@ volumes:
 
 configs:
   borgmatic_config_yml:
-    name: borgmatic_config_yml_v1
+    name: borgmatic_config_yml_v6
     file: borgmatic.yml
     template_driver: golang
 
@@ -89,3 +93,9 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${DB_ROOT_PASSWORD_VERSION}
+  backup_bot_ssh_key:
+    name: backup_bot_ssh_key_v1
+    external: true
+  backup_bot_password:
+    name: backup_bot_password_v1
+    external: true