diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
new file mode 100644
index 0000000..843345e
--- /dev/null
+++ b/DEPLOYMENT.md
@@ -0,0 +1,35 @@
+# Wishlist Production Deployment
+
+Uses Phase for secrets management.
+
+## Required Secrets
+
+Ensure these exist in your Phase project under the `Production` environment:
+
+- `POSTGRES_USER`, `POSTGRES_PASSWORD`, `POSTGRES_DB` - Database credentials
+- `AUTH_SECRET` - Auth.js secret (generate: `openssl rand -base64 32`)
+- `AUTH_URL` - Public URL (e.g., `https://wish.rasmusq.com`)
+- `GOOGLE_CLIENT_ID`, `GOOGLE_CLIENT_SECRET` - (Optional) Google OAuth
+- `AUTHENTIK_CLIENT_ID`, `AUTHENTIK_CLIENT_SECRET`, `AUTHENTIK_ISSUER` - (Optional) Authentik OAuth
+
+## Common Commands
+
+```bash
+# Deploy/rebuild
+phase run docker compose -f docker-compose.prod.yml up -d --build
+
+# View logs
+docker compose -f docker-compose.prod.yml logs -f
+
+# Restart
+phase run docker compose -f docker-compose.prod.yml restart
+
+# Stop
+phase run docker compose -f docker-compose.prod.yml down
+
+# Database migrations
+phase run bun run db:migrate
+
+# Development
+phase run bun run dev
+```