diff --git a/docker-compose.yml b/docker-compose.yml
index 146fcea..21eb0da 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -22,6 +22,15 @@ services:
       options:
         max-size: "10m"
         max-file: "5"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.secret.rule=Host(`secret.corp.samsonopt.ru`)"
+      - "traefik.http.services.secret.loadbalancer.server.port=443"
+      - "traefik.docker.network=reverse-proxy"
+      - "traefik.http.routers.secret.tls=true"
+    networks:
+      - default
+      - vault-wrap
 
   traefik:
     image: traefik:v3.0
@@ -57,7 +66,8 @@ networks:
   default:
     name: reverse-proxy
     external: true
-
+  vault-wrap:
+    internal: true
 
 volumes:
   vault-wrap-log:
diff --git a/entrypoint.sh b/entrypoint.sh
index 099470f..04e8dbc 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,7 +2,7 @@
 set -u
 
 while true ;do
-    /go/binv/ault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}"
+    /go/bin/vault-wrap -action-address "${ACTION_ADDRESS}" -vault-url "${VAULT_ADDRESS}" -tls-cert "/usr/local/share/vault-wrap/${TLS_CERT_FILE}" -tls-key "/usr/local/share/vault-wrap/${TLS_KEY_FILE}" -template-dir /usr/local/share/vault-wrap -log-file /var/log/vault-wrap/vault-wrap.log -listen-port "${LISTEN_PORT}"
 
     sleep 120
 done