diff --git a/.env.keycloak.example b/.env.example
similarity index 57%
rename from .env.keycloak.example
rename to .env.example
index 0958510c..744d09e7 100644
--- a/.env.keycloak.example
+++ b/.env.example
@@ -1,10 +1,32 @@
 SECRET_KEY=
+CORS_ORIGIN_ALLOW_ALL=1
+APPLY_MIGRATIONS=1
+ADD_DEFAULT_LANGUAGES=1
 DEBUG=1
-DATABASE_URL=postgres://kukkuu:kukkuu@localhost:5434/kukkuu
+# Values in DATABASE_* and POSTGRES_* variables must match!
+# DATABASE_URL is used by Django
+# DATABASE_HOST is used by docker-entrypoint.sh
+# POSTGRES_* variables are used by the Postgres Docker container
+# i.e. DATABASE_URL should be:
+# postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${DATABASE_HOST}/${POSTGRES_DB}
+# or optionally contain a port number e.g. ":5434" after the host
+# Database settings for Docker + Docker compose based local development:
+DATABASE_URL=postgres://kukkuu:kukkuu@kukkuu-db.helsinki/kukkuu
+DATABASE_HOST=kukkuu-db.helsinki
+# Database settings for non-Docker local development:
+# DATABASE_URL=postgres://kukkuu:kukkuu@localhost/kukkuu
+# DATABASE_HOST=localhost
+POSTGRES_USER=kukkuu
+POSTGRES_PASSWORD=kukkuu
+POSTGRES_DB=kukkuu
+SKIP_DATABASE_CHECK=0
+ALLOWED_HOSTS=*
 CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001,http://localhost:3002
 CORS_ORIGIN_ALLOW_ALL=True
-ALLOWED_HOSTS=*
+# For Keycloak test environment authentication service:
 TOKEN_AUTH_AUTHSERVER_URL=https://tunnistus.test.hel.ninja/auth/realms/helsinki-tunnistus
+# For local Tunnistamo authentication service:
+# TOKEN_AUTH_AUTHSERVER_URL=http://tunnistamo-backend:8000/openid
 # For local Kukkuu API:
 TOKEN_AUTH_ACCEPTED_AUDIENCE=kukkuu-api-dev,profile-api-test
 # For test env Kukkuu API:
@@ -15,9 +37,10 @@ GDPR_API_QUERY_SCOPE=gdprquery
 GDPR_API_DELETE_SCOPE=gdprdelete
 GDPR_API_AUTHORIZATION_FIELD=authorization.permissions.scopes
 HELUSERS_BACK_CHANNEL_LOGOUT_ENABLED=True
+HELUSERS_PASSWORD_LOGIN_DISABLED=False
 KUKKUU_HASHID_SALT=abcdefg123456
 KUKKUU_TICKET_VERIFICATION_URL=http://localhost:3000/ticket-verification-endpoint/{reference_id}
-MAIL_MAILGUN_KEY
+MAIL_MAILGUN_KEY=
 MAIL_MAILGUN_DOMAIN=hel.fi
 MAIL_MAILGUN_API=https://api.eu.mailgun.net/v3
 KUKKUU_NOTIFICATIONS_SHEET_ID=1TkdQsO50DHOg5pi1JhzudOL1GKpiK-V2DCIoAipKj-M
diff --git a/.gitignore b/.gitignore
index 8ff27272..a343f63d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -24,6 +24,13 @@
 .DS_Store
 .eggs/
 .env
+.env.development
+.env.development.local
+.env.local
+.env.production
+.env.production.local
+.env.test
+.env.test.local
 .grunt
 .hypothesis/
 .idea
diff --git a/README.md b/README.md
index 16c88c3b..d03d12da 100644
--- a/README.md
+++ b/README.md
@@ -103,9 +103,9 @@ Optionally if you want to use pre-commit hooks:
 
 ### Development with Docker
 
-1. Copy `docker-compose.env.example` to `docker-compose.env`
-2. Set value for `SECRET_KEY` to `docker-compose.env` with [Generating secret key for Django](#generating-secret-key-for-django) instructions
-3. Set value for `SOCIAL_AUTH_TUNNISTAMO_SECRET` with [Getting secret for django admin login](#getting-secret-for-django-admin-login) instructions
+1. Copy `.env.example` to `.env`
+2. Set value for `SECRET_KEY` to `.env` with [Generating secret key for Django](#generating-secret-key-for-django) instructions
+3. Set value for `SOCIAL_AUTH_TUNNISTAMO_SECRET` to `.env` with [Getting secret for django admin login](#getting-secret-for-django-admin-login) instructions
 4. Run `docker compose up`
 
 If you do not have a super user / admin to administrate the API yet, you can create one with:
@@ -120,8 +120,10 @@ The project is now running at http://localhost:8081 and using public Keycloak te
 ### Development without Docker
 
 1. Install [requirements](#requirements)
-2. Set value for `SECRET_KEY` with [Generating secret key for Django](#generating-secret-key-for-django) instructions
-3. Set value for `SOCIAL_AUTH_TUNNISTAMO_SECRET` with [Getting secret for django admin login](#getting-secret-for-django-admin-login) instructions
+2. Copy `.env.example` to `.env`
+3. Set value for `SECRET_KEY` to `.env` with [Generating secret key for Django](#generating-secret-key-for-django) instructions
+4. Set value for `SOCIAL_AUTH_TUNNISTAMO_SECRET` to `.env` with [Getting secret for django admin login](#getting-secret-for-django-admin-login) instructions
+5. Modify `DATABASE_URL` and `DATABASE_HOST` in your `.env` file based on where your PostgreSQL database is set up
 
 #### Installing Python requirements
 
@@ -206,8 +208,7 @@ value for local development i.e. `kukkuu-django-admin-dev` client:
 - Find `SOCIAL-AUTH-TUNNISTAMO-SECRET` (may need pressing `Load more`), and open it
 - Click on the hexadecimal current version value to open the secret's current version
 - Click on the "Copy to clipboard" icon after the `Secret value` to copy it to clipboard
-- Paste the value into your env file (`.env` or `docker-compose.env` depending on your setup)
-  as `SOCIAL_AUTH_TUNNISTAMO_SECRET=paste-the-copied-value-here`
+- Paste the value into your `.env` file as `SOCIAL_AUTH_TUNNISTAMO_SECRET=paste-the-copied-value-here`
 
 ### Keeping Python requirements up to date
 
diff --git a/compose.yaml b/compose.yaml
index f9d75d4b..07e49c5e 100644
--- a/compose.yaml
+++ b/compose.yaml
@@ -2,10 +2,8 @@ services:
     postgres:
         image: postgres:13
         restart: on-failure
-        environment:
-            POSTGRES_USER: kukkuu
-            POSTGRES_PASSWORD: kukkuu
-            POSTGRES_DB: kukkuu
+        env_file:
+            - .env  # For POSTGRES_USER, POSTGRES_PASSWORD and POSTGRES_DB
         ports:
             - 5434:5432
         volumes:
@@ -15,13 +13,9 @@ services:
     django:
         build:
             context: .
-            target: ${DOCKER_TARGET:-development}
+            target: ${DOCKER_TARGET:-development}  # stage of Dockerfile to build
         env_file:
-            - docker-compose.env
-        environment:
-            DATABASE_URL: postgres://kukkuu:kukkuu@kukkuu-db/kukkuu
-            DATABASE_HOST: kukkuu-db.helsinki
-            SKIP_DATABASE_CHECK: 1
+            - .env
         volumes:
             - .:/app
         ports:
diff --git a/docker-compose.env.example b/docker-compose.env.example
deleted file mode 100644
index a01e72f7..00000000
--- a/docker-compose.env.example
+++ /dev/null
@@ -1,33 +0,0 @@
-SECRET_KEY=
-CORS_ORIGIN_ALLOW_ALL=1
-APPLY_MIGRATIONS=1
-ADD_DEFAULT_LANGUAGES=1
-DEBUG=1
-DATABASE_URL=postgres://kukkuu:kukkuu@localhost:5434/kukkuu
-ALLOWED_HOSTS=*
-CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:3001,http://localhost:3002
-CORS_ORIGIN_ALLOW_ALL=True
-# For Keycloak test environment authentication service:
-TOKEN_AUTH_AUTHSERVER_URL=https://tunnistus.test.hel.ninja/auth/realms/helsinki-tunnistus
-# For local Tunnistamo authentication service:
-# TOKEN_AUTH_AUTHSERVER_URL=http://tunnistamo-backend:8000/openid
-TOKEN_AUTH_ACCEPTED_AUDIENCE=kukkuu-api-dev,profile-api-test
-TOKEN_AUTH_ACCEPTED_SCOPE_PREFIX=
-TOKEN_AUTH_REQUIRE_SCOPE_PREFIX=False
-GDPR_API_QUERY_SCOPE=gdprquery
-GDPR_API_DELETE_SCOPE=gdprdelete
-GDPR_API_AUTHORIZATION_FIELD=authorization.permissions.scopes
-HELUSERS_BACK_CHANNEL_LOGOUT_ENABLED=True
-HELUSERS_PASSWORD_LOGIN_DISABLED=False
-KUKKUU_HASHID_SALT=ULGd5YeRv6yVtvoj
-KUKKUU_TICKET_VERIFICATION_URL=http://localhost:3000/ticket-verification-endpoint/{reference_id}
-MAIL_MAILGUN_KEY=
-MAIL_MAILGUN_DOMAIN=hel.fi
-MAIL_MAILGUN_API=https://api.eu.mailgun.net/v3
-KUKKUU_NOTIFICATIONS_SHEET_ID=1TkdQsO50DHOg5pi1JhzudOL1GKpiK-V2DCIoAipKj-M
-
-# Django-admin Keycloak login related variables:
-SOCIAL_AUTH_TUNNISTAMO_KEY=kukkuu-django-admin-dev
-# Get secret from keyvault, see README.md for instructions:
-SOCIAL_AUTH_TUNNISTAMO_SECRET=
-SOCIAL_AUTH_TUNNISTAMO_OIDC_ENDPOINT=https://tunnistus.test.hel.ninja/auth/realms/helsinki-tunnistus
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 99a4b7f1..f64c1fdf 100755
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -e
 
-# -z for empty / not assigned variable or -o to check whether the value is 0 (=should be skipped)
+# -z for empty / not assigned variable or -o to check whether the value is 0 (=should not be skipped)
 if [ -z "$SKIP_DATABASE_CHECK" -o "$SKIP_DATABASE_CHECK" = "0" ]; then
   until nc -z -v -w30 "$DATABASE_HOST" 5432
   do
diff --git a/kukkuu/settings.py b/kukkuu/settings.py
index 2b28d768..d43f89c8 100644
--- a/kukkuu/settings.py
+++ b/kukkuu/settings.py
@@ -37,7 +37,7 @@
     STATIC_URL=(str, "/static/"),
     ALLOWED_HOSTS=(list, []),
     USE_X_FORWARDED_HOST=(bool, False),
-    DATABASE_URL=(str, "postgres://kukkuu:kukkuu@localhost/kukkuu"),
+    DATABASE_URL=(str, ""),
     CACHE_URL=(str, "locmemcache://"),
     MAILER_EMAIL_BACKEND=(str, "django.core.mail.backends.console.EmailBackend"),
     MAILER_LOCK_PATH=(str, ""),