diff --git a/.env.sample. b/.env.sample.
index 9f26b47dfc423a62d0fe8317602b06d32bedf8fe..fa965de0c1b2dcc71d5e62b7dce68ba13b2c57ac 100644
--- a/.env.sample.
+++ b/.env.sample.
@@ -5,6 +5,8 @@ HOST=keycloak.FQDN
 
 # KeyCloak
 KC_ADMIN=admin
-KC_ADMIN_PASSWD=admin
+KC_ADMIN_PASSWD=
+MARIADB_PASS=
+
 
 RESTART=always
diff --git a/.gitignore b/.gitignore
index 4c49bd78f1d08f2bc09fa0bd8191ed38b7dce5e3..5409b7278f443413ab7dfec5de0b73a2980855c4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
 .env
+keycloak_db/
diff --git a/README.md b/README.md
index d879dbe09d1116c8a933baeccd3dc1c75a6598b4..d3acf6d2015ffb2a42d7762b7bc0c8d125b047dc 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This is dockerised keycloak system
 
 1. Clone this repository
 2. `cp .env.sample .env`
-3. Edit .env (host and admin credential)
+3. Edit .env (host, keycloak admin credential and MariaDB password)
 4. Run KeyCloak with docker-compose
 
 ## Secure the first application
diff --git a/docker-compose.yml b/docker-compose.yml
index cd6223b6c6775d248ef40adf6977ba7c5828a99b..e9f217e255f252ce8171f3f6e772871d7a3bd989 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,9 +5,36 @@ services:
         image : quay.io/keycloak/keycloak:24.0.3
         container_name: keycloak
         environment:
-            - KEYCLOAK_ADMIN=${KC_ADMIN}
-            - KEYCLOAK_ADMIN_PASSWORD=${KC_ADMIN_PASSWD}
+            KEYCLOAK_ADMIN: ${KC_ADMIN}
+            KEYCLOAK_ADMIN_PASSWORD: ${KC_ADMIN_PASSWD}
               # cf https://github.com/keycloak/keycloak/issues/11170 for below variable
-            - KC_HOSTNAME_URL=https://${HOST}
-            - KC_HOSTNAME_ADMIN_URL=https://${HOST}
+            KC_HOSTNAME_URL: https://${HOST}
+            KC_HOSTNAME_ADMIN_URL: https://${HOST}
+              # Database
+            KC_DB: mariadb
+            KC_DB_SCHEMA: keycloak
+            KC_DB_USERNAME: keycloak
+            KC_DB_PASSWORD: ${MARIADB_PASS}
+            KC_DB_URL_HOST: mariadb
+        restart: ${RESTART}
+
+
         command: ["start-dev", "--import-realm", "--verbose"]
+        depends_on:
+            - mariadb
+        restart: ${RESTART}
+
+    mariadb:
+        image: mariadb:latest
+        container_name: mariadb
+        volumes:
+            - "./keycloak_db:/var/lib/mysql:rw"
+        environment:
+            MYSQL_ROOT_PASSWORD: ${MARIADB_PASS}
+            MYSQL_DATABASE: keycloak
+            MYSQL_USER: keycloak
+            MYSQL_PASSWORD: ${MARIADB_PASS}
+        restart: ${RESTART}
+
+volumes:
+    keycloak_db: