diff --git a/_infra/credentials/database_prod.tf b/_infra/credentials/database_prod.tf
new file mode 100644
index 0000000..c4b797f
--- /dev/null
+++ b/_infra/credentials/database_prod.tf
@@ -0,0 +1,43 @@
+resource "doppler_environment" "database_prod" {
+  project = doppler_project.database.name
+  slug    = "prod"
+  name    = "Production"
+}
+
+resource "doppler_config" "database_prod_config" {
+  project     = doppler_project.database.name
+  environment = doppler_environment.database_prod.slug
+  name        = "prod_database"
+}
+
+resource "doppler_service_token" "database_prod_token" {
+  project = doppler_project.database.name
+  config = doppler_config.database_prod_config.name
+  name = "CI Token"
+  access = "read"
+}
+
+variable "database_prod_secrets_map" {
+  type = map(string)
+  default = {
+    "ADMIN_USER" = "",
+    "ADMIN_PASSWORD" = "",
+    "DATABASE_NAME" = "",
+    "PORT" = "3306"
+  }
+}
+
+resource "doppler_secret" "database_prod_secrets" {
+  for_each = var.database_prod_secrets_map
+
+  project = doppler_project.database.name
+  config  = doppler_config.database_prod_config.name
+  name    = each.key
+  value   = each.value
+
+  lifecycle {
+    ignore_changes = [
+      value,  # Ignore changes to the secret value
+    ]
+  }
+}
diff --git a/_infra/credentials/main.tf b/_infra/credentials/main.tf
index 725e0ee..f919aa7 100644
--- a/_infra/credentials/main.tf
+++ b/_infra/credentials/main.tf
@@ -3,4 +3,9 @@ provider "doppler" {}
 resource "doppler_project" "backend" {
   name        = "snipcode-backend"
   description = "The main backend project"
-}
\ No newline at end of file
+}
+
+resource "doppler_project" "database" {
+  name        = "snipcode-database"
+  description = "The main database project"
+}
diff --git a/_infra/credentials/outputs.tf b/_infra/credentials/outputs.tf
index 5fe1dec..c9d9fbe 100644
--- a/_infra/credentials/outputs.tf
+++ b/_infra/credentials/outputs.tf
@@ -6,4 +6,9 @@ output "backend_prod_token_key" {
 output "backend_dev_token_key" {
   value = doppler_service_token.backend_dev_token.key
   sensitive = true
-}
\ No newline at end of file
+}
+
+output "database_prod_token_key" {
+  value = doppler_service_token.database_prod_token.key
+  sensitive = true
+}
diff --git a/_infra/global/main.tf b/_infra/global/main.tf
index 95c262e..44639cc 100644
--- a/_infra/global/main.tf
+++ b/_infra/global/main.tf
@@ -6,3 +6,4 @@ provider "aws" {
 resource "aws_route53_zone" "hosted_zone" {
   name = var.domain_name
 }
+