diff --git a/infra/terraform/locals.tf b/infra/terraform/locals.tf
index 7c2bbcd..79f74c5 100644
--- a/infra/terraform/locals.tf
+++ b/infra/terraform/locals.tf
@@ -16,7 +16,11 @@ locals {
     var.telegram_webhook_secret_id,
     var.scheduler_shared_secret_id,
     var.supabase_url_secret_id,
-    var.supabase_publishable_key_secret_id
+    var.supabase_publishable_key_secret_id,
+    var.database_url_secret_id,
+    var.telegram_bot_token_secret_id,
+    var.telegram_bot_username_secret_id,
+    var.openai_api_key_secret_id
   ]))
 
   api_services = toset([
diff --git a/infra/terraform/main.tf b/infra/terraform/main.tf
index fe105f2..ff41a55 100644
--- a/infra/terraform/main.tf
+++ b/infra/terraform/main.tf
@@ -91,6 +91,18 @@ module "bot_api_service" {
     },
     var.supabase_publishable_key_secret_id == null ? {} : {
       SUPABASE_PUBLISHABLE_KEY = var.supabase_publishable_key_secret_id
+    },
+    var.database_url_secret_id == null ? {} : {
+      DATABASE_URL = var.database_url_secret_id
+    },
+    var.telegram_bot_token_secret_id == null ? {} : {
+      TELEGRAM_BOT_TOKEN = var.telegram_bot_token_secret_id
+    },
+    var.telegram_bot_username_secret_id == null ? {} : {
+      TELEGRAM_BOT_USERNAME = var.telegram_bot_username_secret_id
+    },
+    var.openai_api_key_secret_id == null ? {} : {
+      OPENAI_API_KEY = var.openai_api_key_secret_id
     }
   )
 
diff --git a/infra/terraform/variables.tf b/infra/terraform/variables.tf
index dc817e1..15ef420 100644
--- a/infra/terraform/variables.tf
+++ b/infra/terraform/variables.tf
@@ -70,6 +70,35 @@ variable "supabase_publishable_key_secret_id" {
   nullable    = true
 }
 
+variable "database_url_secret_id" {
+  description = "Optional Secret Manager ID for DATABASE_URL"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "telegram_bot_token_secret_id" {
+  description = "Optional Secret Manager ID for TELEGRAM_BOT_TOKEN"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "telegram_bot_username_secret_id" {
+  description = "Optional Secret Manager ID for TELEGRAM_BOT_USERNAME"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+variable "openai_api_key_secret_id" {
+  description = "Optional Secret Manager ID for OPENAI_API_KEY"
+  type        = string
+  default     = null
+  nullable    = true
+}
+
+
 variable "scheduler_path" {
   description = "Reminder endpoint path on bot API"
   type        = string
diff --git a/infra/terraform/versions.tf b/infra/terraform/versions.tf
index f5a1a2b..9439515 100644
--- a/infra/terraform/versions.tf
+++ b/infra/terraform/versions.tf
@@ -1,6 +1,11 @@
 terraform {
   required_version = ">= 1.8.0"
 
+  backend "gcs" {
+    # The bucket will need to be configured via `terraform init -backend-config="bucket=<YOUR_BUCKET>"`
+    # or you can hardcode the bucket name here. Since it's a generic module, we leave it to be configured via init args.
+  }
+
   required_providers {
     google = {
       source  = "hashicorp/google"