diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml
index f1d01ad7..7f68747e 100644
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@@ -72,39 +72,40 @@ services:
         # Copy Docker Secrets to readable location for www-data
         # Docker Secrets are only readable by root, but PHP (www-data) needs to read them.
         # We copy them here as root to a location where www-data can read them.
+        # Note: Use $$ to escape shell variables in docker-compose YAML
         echo "🔐 Setting up Docker Secrets for PHP access..."
         SECRETS_DIR="/var/www/html/storage/secrets"
         # Ensure we're in the right directory
         cd /var/www/html || exit 1
         # Create secrets directory if it doesn't exist
-        mkdir -p "$SECRETS_DIR"
-        chmod 750 "$SECRETS_DIR"
-        chown www-data:www-data "$SECRETS_DIR"
-        
+        mkdir -p "$$SECRETS_DIR"
+        chmod 750 "$$SECRETS_DIR"
+        chown www-data:www-data "$$SECRETS_DIR"
+
         if [ -f /run/secrets/redis_password ]; then
-          cp /run/secrets/redis_password "$SECRETS_DIR/redis_password" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/redis_password"
-          chown www-data:www-data "$SECRETS_DIR/redis_password"
-          export REDIS_PASSWORD_FILE="$SECRETS_DIR/redis_password"
-          echo "✅ Copied redis_password to $SECRETS_DIR/redis_password"
+          cp /run/secrets/redis_password "$$SECRETS_DIR/redis_password" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/redis_password"
+          chown www-data:www-data "$$SECRETS_DIR/redis_password"
+          export REDIS_PASSWORD_FILE="$$SECRETS_DIR/redis_password"
+          echo "✅ Copied redis_password to $$SECRETS_DIR/redis_password"
         else
           echo "⚠️  Warning: /run/secrets/redis_password not found"
         fi
-        
+
         if [ -f /run/secrets/db_user_password ]; then
-          cp /run/secrets/db_user_password "$SECRETS_DIR/db_user_password" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/db_user_password"
-          chown www-data:www-data "$SECRETS_DIR/db_user_password"
-          export DB_PASSWORD_FILE="$SECRETS_DIR/db_user_password"
-          echo "✅ Copied db_user_password to $SECRETS_DIR/db_user_password"
+          cp /run/secrets/db_user_password "$$SECRETS_DIR/db_user_password" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/db_user_password"
+          chown www-data:www-data "$$SECRETS_DIR/db_user_password"
+          export DB_PASSWORD_FILE="$$SECRETS_DIR/db_user_password"
+          echo "✅ Copied db_user_password to $$SECRETS_DIR/db_user_password"
         fi
-        
+
         if [ -f /run/secrets/app_key ]; then
-          cp /run/secrets/app_key "$SECRETS_DIR/app_key" 2>/dev/null || true
-          chmod 640 "$SECRETS_DIR/app_key"
-          chown www-data:www-data "$SECRETS_DIR/app_key"
-          export APP_KEY_FILE="$SECRETS_DIR/app_key"
-          echo "✅ Copied app_key to $SECRETS_DIR/app_key"
+          cp /run/secrets/app_key "$$SECRETS_DIR/app_key" 2>/dev/null || true
+          chmod 640 "$$SECRETS_DIR/app_key"
+          chown www-data:www-data "$$SECRETS_DIR/app_key"
+          export APP_KEY_FILE="$$SECRETS_DIR/app_key"
+          echo "✅ Copied app_key to $$SECRETS_DIR/app_key"
         fi