diff --git a/docs/SECRETS_MAP.md b/docs/SECRETS_MAP.md
index e061906..b1c5505 100644
--- a/docs/SECRETS_MAP.md
+++ b/docs/SECRETS_MAP.md
@@ -3,28 +3,28 @@
 Dieses Dokument listet alle sensiblen Daten (Passwörter, Tokens, Keys) und deren Speicherorte.
 
 ## Grundregeln
-
 - Secrets liegen **niemals im Git-Repository**
 - Speicherort: `/mnt/user/appdata/secrets/`
 - Berechtigungen: `chmod 600`
-- Nutzung in Docker über `_FILE` Variablen
+- Nutzung in Docker über `_FILE` Variablen oder Komodo/Portainer Stack Environment Variables
 
 ---
 
 ## Übersicht
 
-| Service        | Secret | Datei | Status |
-|---------------|--------|------|--------|
-| Vaultwarden   | ADMIN_TOKEN | vaultwarden_admin_token.txt | ⏳ |
-| PostgreSQL    | DB Password | postgres_password.txt | ⏳ |
-| Mealie        | DB Password | mealie_db.txt | ⏳ |
-| Gotify        | User Passwort | gotify_password.txt | ⏳ |
-| DIUN          | Gotify Token | diun_gotify_token.txt | ⏳ |
-| Paperless     | DB Password | paperless_db.txt | ⏳ |
-| Code-Server   | Passwort | code_server_password.txt | ⏳ |
-| Immich        | DB Password | immich_db.txt | ⏳ |
-| Mail-Archiver | DB Passwort | mailarchiver_db.txt | ⏳ |
-| Scanopy       | DB Passwort | scanopy_db.txt | ⏳ |
+| Service | Secret | Datei / Methode | Status |
+|---|---|---|---|
+| Vaultwarden | ADMIN_TOKEN | `vaultwarden_admin_token.txt` → `ADMIN_TOKEN_FILE` | ✅ |
+| PostgreSQL 17 | DB Password | `postgres_password.txt` → `POSTGRES_PASSWORD_FILE` | ✅ |
+| Mealie | DB Password | Stack ENV `${MEALIE_DB_PASSWORD}` (kein `_FILE`-Support) | ✅ |
+| mealie-postgres | DB Password | Stack ENV `${POSTGRES_PASSWORD}` | ✅ |
+| Gotify | User Passwort | `gotify_password.txt` → `GOTIFY_DEFAULTUSER_PASS_FILE` | ✅ |
+| Paperless-ngx | DB Password | Stack ENV `${PAPERLESS_DBPASS}` (kein `_FILE`-Support) | ✅ |
+| code-server | Passwort | `code_server_password.txt` → `PASSWORD_FILE` | ✅ |
+| Immich (server) | DB Password | Stack ENV `${IMMICH_DB_PASSWORD}` | ✅ |
+| immich-postgres | DB Password | `immich_db.txt` → `POSTGRES_PASSWORD_FILE` | ✅ |
+| mail-archiver | Auth Password | Stack ENV `${MAILARCHIVER_AUTH_PASSWORD}` | ✅ |
+| ~~diun~~ | ~~Gotify Token~~ | ~~Stack ENV~~ | ❌ Container entfernt (2026-03-28) |
 
 ---
 
@@ -34,11 +34,16 @@ Dieses Dokument listet alle sensiblen Daten (Passwörter, Tokens, Keys) und dere
 /mnt/user/appdata/secrets/
 ├── vaultwarden_admin_token.txt
 ├── postgres_password.txt
-├── mealie_db.txt
 ├── gotify_password.txt
-├── diun_gotify_token.txt
-├── paperless_db.txt
 ├── code_server_password.txt
-├── immich_db.txt
-├── mailarchiver_db.txt
-└── scanopy_db.txt
\ No newline at end of file
+└── immich_db.txt
+```
+
+> **Hinweis:** Mealie, Paperless, mail-archiver und Immich-Server nutzen Stack Environment Variables statt Datei-Mounts, da `_FILE`-Support nicht vorhanden oder unzuverlässig ist.
+
+---
+
+## Regel
+
+Wenn `_FILE` nicht unterstützt wird → Stack Environment Variable in Komodo/Portainer verwenden.
+Secrets niemals direkt in die Compose-Datei schreiben.