diff --git a/.gitea/workflows/prod.yml b/.gitea/workflows/prod.yml
new file mode 100644
index 0000000..2dcb460
--- /dev/null
+++ b/.gitea/workflows/prod.yml
@@ -0,0 +1,44 @@
+name: deploy
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  release-image:
+    runs-on: act-runner-user
+    env:
+      DOCKER_ORG: gcg
+      DOCKER_LATEST: latest
+    steps:
+      - name: Checkout
+        uses: https://github.com/actions/checkout@v4
+
+      - name: Build
+        run: |
+          mvn package
+
+      - name: Remove old version
+        run: |
+          rm -rf /opt/data/keycloak/providers/spring-security-crypto-*.jar
+          rm -rf /opt/data/keycloak/providers/keycloak-mailcow-*.jar
+
+      - name: Deploy
+        run: |
+          export SPRINGSEC_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:properties/x:version.springsec' -v . pom.xml)
+          curl -sL --output \
+            https://repo1.maven.org/maven2/org/springframework/security/spring-security-crypto/$SPRINGSEC_VERSION/spring-security-crypto-$SPRINGSEC_VERSION.jar
+            /opt/data/keycloak/providers/spring-security-crypto-$SPRINGSEC_VERSION.jar
+          export SPI_VERSION=$(xmlstarlet sel -N x="http://maven.apache.org/POM/4.0.0" -t -m 'x:project/x:version' -v . pom.xml)
+          cp -r target/keycloak-mailcow-$KEYCLOAK_VERSION.jar /opt/data/keycloak/providers/keycloak-mailcow-$KEYCLOAK_VERSION.jar
+
+      - name: Notification
+        uses: actions/telegram-action@main
+        if: always()
+        with:
+          chat_id: ${{ secrets.TG_CHAT_ID }}
+          token: ${{ secrets.TG_TOKEN }}
+
+      - name: Trigger Stack Webhook
+        run: |
+          curl -X POST https://docker.cantorgymnasium.de/api/stacks/webhooks/7f03c15f-dcf2-47cf-938e-6502b8520923
\ No newline at end of file
diff --git a/README.md b/README.md
index ab81a6f..628cd5d 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,13 @@
 # keycloak-mailcow
 
-Keycloak User Storage Provider for mailcow
\ No newline at end of file
+Keycloak User Storage SPI for mailcow
+
+Connects to a mailcow MariaDB database and uses the `username` and `password` columns of the `mailbox` table for authentication.
+
+Currently, only BCrypt-hashed passwords are supported.
+
+## References
+
+- https://www.baeldung.com/java-keycloak-custom-user-providers
+- https://github.com/mailcow/mailcow-dockerized/blob/master/data/web/inc/functions.inc.php
+- https://www.keycloak.org/docs/latest/server_development/index.html#_user-storage-spi
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 5204009..2599c6f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -3,16 +3,17 @@
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 
 	<name>Keycloak mailcow</name>
-	<description />
+	<description>Connect to mailcow database for authentication</description>
 	<modelVersion>4.0.0</modelVersion>
 
 	<groupId>de.cantorgymnasium</groupId>
 	<artifactId>keycloak-mailcow</artifactId>
-	<version>0.0.2</version>
+	<version>1.0.0</version>
 	<packaging>jar</packaging>
 
 	<properties>
 		<version.keycloak>23.0.1</version.keycloak>
+		<version.springsec>6.2.1</version.springsec>
 	</properties>
 
 	<dependencies>
@@ -54,7 +55,7 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-crypto</artifactId>
-			<version>6.2.1</version>
+			<version>${version.springsec}</version>
 		</dependency>
 	</dependencies>