diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..f4ebfab
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,21 @@
+# Build artifacts
+secret
+coverage.out
+*.test
+
+# IDE and editor files
+.vscode
+.idea
+*.swp
+*.swo
+*~
+
+# macOS
+.DS_Store
+
+# Claude files
+.claude/
+
+# Local settings
+.golangci.yml
+.claude/settings.local.json
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..c16f021
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,50 @@
+# Build stage
+FROM golang:1.24-alpine AS builder
+
+# Install build dependencies
+RUN apk add --no-cache \
+    gcc \
+    musl-dev \
+    make \
+    git
+
+# Set working directory
+WORKDIR /build
+
+# Copy go mod files
+COPY go.mod go.sum ./
+
+# Download dependencies
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Build the binary
+RUN CGO_ENABLED=1 go build -v -o secret cmd/secret/main.go
+
+# Runtime stage
+FROM alpine:latest
+
+# Install runtime dependencies
+RUN apk add --no-cache \
+    ca-certificates \
+    gnupg
+
+# Create non-root user
+RUN adduser -D -s /bin/sh secret
+
+# Copy binary from builder
+COPY --from=builder /build/secret /usr/local/bin/secret
+
+# Ensure binary is executable
+RUN chmod +x /usr/local/bin/secret
+
+# Switch to non-root user
+USER secret
+
+# Set working directory
+WORKDIR /home/secret
+
+# Set entrypoint
+ENTRYPOINT ["secret"]
\ No newline at end of file
diff --git a/Makefile b/Makefile
index b6dc7c0..6c55c0e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,5 @@
 export CGO_ENABLED=1
+export DOCKER_HOST := ssh://root@ber1app1.local
 
 default: check
 
@@ -23,6 +24,14 @@ lint:
 # Check all code quality (build + vet + lint + unit tests)
 check: ./secret vet lint test
 
+# Build Docker container
+docker: 
+	docker build -t sneak/secret .
+
+# Run Docker container interactively
+docker-run:
+	docker run --rm -it sneak/secret
+
 # Clean build artifacts
 clean:
 	rm -f ./secret