diff --git a/.do/deploy.template.yaml b/.do/deploy.template.yaml
index ea0fdd8044..0af1d8692e 100644
--- a/.do/deploy.template.yaml
+++ b/.do/deploy.template.yaml
@@ -15,7 +15,9 @@ spec:
       value: "--max-old-space-size=4096"
     - key: LOCKBOX_MASTER_KEY
       type: SECRET
+      value: "REPLACE_ME"
     - key: SECRET_KEY_BASE
+      value: "REPLACE_ME"
       type: SECRET
     - key: DISABLE_SIGNUPS
       value: "false"
diff --git a/docker/production.Dockerfile b/docker/production.Dockerfile
index 839d30dcda..18a42f544c 100644
--- a/docker/production.Dockerfile
+++ b/docker/production.Dockerfile
@@ -36,7 +36,11 @@ FROM node:14.17.3-buster
 
 ENV NODE_ENV=production
 ENV NODE_OPTIONS="--max-old-space-size=4096"
-RUN apt-get update && apt-get install -y postgresql-client freetds-dev libaio1 wget
+RUN apt-get update && \
+    apt-get install -y postgresql-client freetds-dev libaio1 wget && \
+    apt-get -o Dpkg::Options::="--force-confold" upgrade -q -y --force-yes && \
+    apt-get -y autoremove && \
+    apt-get -y autoclean
 
 # Install Instantclient Basic Light Oracle and Dependencies
 WORKDIR /opt/oracle
@@ -45,9 +49,10 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
     cd /opt/oracle/instantclient* && rm -f *jdbc* *occi* *mysql* *mql1* *ipc1* *jar uidrvci genezi adrci && \
     echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf && ldconfig
 WORKDIR /
+# Clean up image
+RUN wget -O - https://raw.githubusercontent.com/digitalocean/marketplace-partners/master/scripts/90-cleanup.sh | bash
 
 RUN mkdir -p /app
-
 # copy npm scripts
 COPY --from=builder /app/package.json ./app/package.json
 # copy plugins dependencies
diff --git a/server/scripts/digitalocean-postbuild.sh b/server/scripts/digitalocean-postbuild.sh
index 72273321b8..b0c5d6c80b 100755
--- a/server/scripts/digitalocean-postbuild.sh
+++ b/server/scripts/digitalocean-postbuild.sh
@@ -2,13 +2,15 @@
 
 echo $CA_CERT > ca-certificate.pem
 
+# Dependency for digital ocean
+apt-get install -y cloud-init
 # FIXME: Trying to connect to digital ocean managed db fails even with adding
 # NODE_EXTRA_CA_CERTS and therefore removing sslmode from database url
 export DATABASE_URL=${DATABASE_URL%"?sslmode=require"}
 
 (
   export NODE_EXTRA_CA_CERTS="$(pwd)/ca-certificate.pem"; \
-  npm run db:migrate && \
+  npm run db:migrate:prod && \
   npm run db:seed && \
   npm run start:prod
 )