diff --git a/.gitignore b/.gitignore
index d2d8b91..40ab411 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,22 @@ ENV/
 # OS
 .DS_Store
 Thumbs.db
+
+# Secrets and credentials (defensive)
+.env
+.env.*
+!.env.example
+!.env.*.example
+*.pem
+*.key
+id_rsa
+id_rsa.*
+*.ppk
+*.p12
+*.pfx
+secrets.json
+secrets.yaml
+secrets.yml
+*_secret
+*_secrets
+credentials.json
diff --git a/parser/backfill_changeover.py b/parser/backfill_changeover.py
index 661d4c0..b28e3cb 100644
--- a/parser/backfill_changeover.py
+++ b/parser/backfill_changeover.py
@@ -1,11 +1,9 @@
 #!/usr/bin/env python3
 """Backfill changeover values for udcparts"""
 import mysql.connector
+from config import DB_CONFIG
 
-conn = mysql.connector.connect(
-    host='127.0.0.1', port=3306, user='root', 
-    password='rootpassword', database='shopdb'
-)
+conn = mysql.connector.connect(**DB_CONFIG)
 cursor = conn.cursor()
 
 # Get all machines
diff --git a/parser/clmparser.py b/parser/clmparser.py
index b1b8ca5..10ac87b 100644
--- a/parser/clmparser.py
+++ b/parser/clmparser.py
@@ -35,13 +35,14 @@ from mysql.connector import Error
 try:
     from config import DB_CONFIG, CLM_DATA_PATH, BATCH_SIZE
 except ImportError:
+    import os
     import platform
     IS_WINDOWS = platform.system() == 'Windows'
     DB_CONFIG = {
         'host': '127.0.0.1',
         'port': 3306,
         'user': 'root',
-        'password': 'rootpassword',
+        'password': os.environ.get('SHOPDB_DB_PASSWORD', 'rootpassword'),
         'database': 'shopdb'
     }
     CLM_DATA_PATH = r'S:\SPC\UDC\CLM_Data' if IS_WINDOWS else '/home/camp/projects/UDC/CLM_Data'
diff --git a/parser/config.py b/parser/config.py
index b8e714f..3af43ba 100644
--- a/parser/config.py
+++ b/parser/config.py
@@ -1,6 +1,7 @@
 """
 UDC Parser Configuration
 """
+import os
 import platform
 
 # Detect OS
@@ -21,16 +22,16 @@ DB_CONFIG_DEV = {
     'host': '127.0.0.1',
     'port': 3306,
     'user': 'root',
-    'password': 'rootpassword',
+    'password': os.environ.get('SHOPDB_DB_PASSWORD', 'rootpassword'),
     'database': 'shopdb'
 }
 
 # Database - Production (update these values)
 DB_CONFIG_PROD = {
-    'host': 'PROD_MYSQL_HOST',  # TODO: Update with production host
+    'host': os.environ.get('SHOPDB_DB_HOST', 'PROD_MYSQL_HOST'),
     'port': 3306,
-    'user': 'PROD_USER',        # TODO: Update with production user
-    'password': 'PROD_PASSWORD', # TODO: Update with production password
+    'user': os.environ.get('SHOPDB_DB_USER', 'PROD_USER'),
+    'password': os.environ.get('SHOPDB_DB_PASSWORD', 'PROD_PASSWORD'),
     'database': 'shopdb'
 }
 
diff --git a/parser/udcparser.py b/parser/udcparser.py
index b21f40c..a55d9f6 100644
--- a/parser/udcparser.py
+++ b/parser/udcparser.py
@@ -23,13 +23,14 @@ from mysql.connector.pooling import MySQLConnectionPool
 try:
     from config import DB_CONFIG, UDC_LOG_PATH as LOG_DIRECTORY, BATCH_SIZE
 except ImportError:
+    import os
     import platform
     IS_WINDOWS = platform.system() == 'Windows'
     DB_CONFIG = {
         'host': '127.0.0.1',
         'port': 3306,
         'user': 'root',
-        'password': 'rootpassword',
+        'password': os.environ.get('SHOPDB_DB_PASSWORD', 'rootpassword'),
         'database': 'shopdb'
     }
     LOG_DIRECTORY = r'S:\SPC\UDC\LogFiles' if IS_WINDOWS else '/home/camp/projects/UDC/LogFiles'