diff --git a/app/controllers/concerns/authentication.rb b/app/controllers/concerns/authentication.rb
index 96946050ded1366836d2edcd19a73e0ed03167d1..a64e42acc32dc8e574880474dd361928f35cb291 100644
--- a/app/controllers/concerns/authentication.rb
+++ b/app/controllers/concerns/authentication.rb
@@ -41,8 +41,7 @@ module Authentication
   end
 
   def decrypt_header(token)
-    # TODO: store private key somewhere
-    private_key = "OFE_GQ8Ri8MX-0rH_T0e9ZFIhy-q0n2VxBWPoOyJ1I0="
+    private_key = ENV['NEP_AUTH_PRIVATE_KEY'] || "OFE_GQ8Ri8MX-0rH_T0e9ZFIhy-q0n2VxBWPoOyJ1I0="
     unpacked_key = Base64.urlsafe_decode64(private_key)
     signing_key = unpacked_key[0..15]
     encryption_key = unpacked_key[16..32]
diff --git a/app/controllers/dataset_controller.rb b/app/controllers/dataset_controller.rb
index 63b89aa6cca3bd3014af1020f0de4c7ab34b1f54..467506968953b930e7094ed42eec27602869cb2a 100644
--- a/app/controllers/dataset_controller.rb
+++ b/app/controllers/dataset_controller.rb
@@ -156,11 +156,11 @@ class DatasetController < ApplicationController
 
   def remove_selected_documents
     @nb_removed_docs = params[:documents_ids].size
-    # puts "Remove selected documents called, session has working dataset with id " + String(session[:working_dataset])
     dataset = Dataset.find(session[:working_dataset])
     dataset.remove_documents params[:documents_ids]
-    # puts request.host, request.port, request.url, request.original_fullpath
-    redirect_to "http://127.0.0.1:8001/en/tool/newspapers-platform/dataset/#{dataset.id}", id: dataset.id
+    redirect_url = ENV['NEP_REDIRECT_URL'] || 'http://127.0.0.1:8001/en/tool/newspapers-platform'
+    puts redirect_url
+    redirect_to redirect_url + "/dataset/#{dataset.id}", id: dataset.id
   end
 
   def add_all_documents
diff --git a/config/credentials.yml.enc b/config/credentials.yml.enc
deleted file mode 100644
index 93424628759bc346c9bc67ea30566fb613b7d3f5..0000000000000000000000000000000000000000
--- a/config/credentials.yml.enc
+++ /dev/null
@@ -1 +0,0 @@
-GuFP+gXR5rvGVfgEYis0v/Rw/zXs4gnzV7WbFKql5Aau62F+BA/erMRTlm5iqNkcOW9WP4TNQiVraHKtVoGny9FAt7mcSI5h9oBz+TmV7WYJdm0aGv+D1MPxUZo9vXG/QQ3ESophQwXKUeMmw4WBtIt6v6zcCAVXTTWAZmLlYHRNxtoqM/ivDrWRT/CJugJMGjkzVNqfqgnSOQy5rC/SzStpthYm5YST+nR2+zedzir6XEiWyrQMy/0dMjxl+Mw7+vtXLGupdfpnJUdWu00YgoHJuHhs0opsUmLUA8lX2qTyDfIZfHgPoOhO86XXuzxlSNBJCh6NCg64DhCVdwZxks1ZUBqN/n/h7z46Wfjbc+mXE57LLRtQdW52wLZPNvfuxlaJOj3E1jhHzWBcrNwsOvBhOfLxhy9rFEZH--NwDMcOhk+Fv/AUWL--x0Lb5Ut4UAJoQ8K6rPDVbg==
\ No newline at end of file
diff --git a/config/environments/development.rb b/config/environments/development.rb
index b1fde8c7d6f1c42c56a8f7a1fb4ba0ccf70b1119..ffc77188548f754f8d071b4a2dbb85155b94427f 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -74,7 +74,7 @@ Rails.application.configure do
   config.file_watcher = ActiveSupport::EventedFileUpdateChecker
 
   # Allow Action Cable access from any origin.
-  config.action_cable.url = "http://127.0.0.1:3000/cable"
+  config.action_cable.url = ENV['NEP_CABLE_URL'] || "http://127.0.0.1:3000/cable"
   config.action_cable.disable_request_forgery_protection = true
   # Allow XHR/Ajax requests from different origin
   config.action_controller.forgery_protection_origin_check = false