diff --git a/cmd/server/main.go b/cmd/server/main.go
index 879f0b9..219689b 100644
--- a/cmd/server/main.go
+++ b/cmd/server/main.go
@@ -44,7 +44,7 @@ func main() {
 	uploadPartHandler := handlers.NewUploadPartHandler(s3Repo)
 	completeMultipartHandler := handlers.NewCompleteMultipartHandler(s3Repo)
 	deleteFileHandler := handlers.NewDeleteFileHandler(s3Repo)
-	loginHandler := handlers.NewLoginHandler(middleware.API_KEY_VALUE)
+	loginHandler := handlers.NewLoginHandler(cfg.AuthAPIKey)
 
 	// Register Handlers
 	mediator.Register[handlers.UploadFileCommand, string](m, uploadHandler)
@@ -93,7 +93,7 @@ func main() {
 
 	// API授权中间件组
 	api := r.Group("/")
-	api.Use(middleware.AuthMiddleware())
+	api.Use(middleware.AuthMiddleware(cfg.AuthAPIKey))
 	{
 		// File operations
 		api.POST("/files/upload", fileEndpoint.UploadFile)
diff --git a/docker-compose.yml b/docker-compose.yml
index 4076fec..c9f82a9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -9,6 +9,11 @@ services:
     restart: unless-stopped
     environment:
       - GIN_MODE=release
+      - RUSTFS_ENDPOINT_URL=http://192.168.1.154:9000
+      - RUSTFS_ACCESS_KEY_ID=rustfsadmin
+      - RUSTFS_SECRET_ACCESS_KEY=rustfsadmin123
+      - RUSTFS_REGION=us-east-1
+      - AUTH_API_KEY=rustfsadmin123
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/swagger/index.html"]
       interval: 30s
diff --git a/internal/common/config.go b/internal/common/config.go
index e735b34..759660f 100644
--- a/internal/common/config.go
+++ b/internal/common/config.go
@@ -8,15 +8,17 @@ type Config struct {
 	RustFSSecretAccessKey string
 	RustFSRegion          string
 	ServerPort            string
+	AuthAPIKey            string
 }
 
 func LoadConfig() *Config {
 	return &Config{
-		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.22:20060"), // Default to docker-compose port
-		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", "xiangning"),                // Default from user input
-		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", "xn001624."),            // Default from user input
-		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),                       // Default region
+		RustFSEndpoint:        getEnv("RUSTFS_ENDPOINT_URL", "http://192.168.1.154:9000"),
+		RustFSAccessKeyID:     getEnv("RUSTFS_ACCESS_KEY_ID", ""),
+		RustFSSecretAccessKey: getEnv("RUSTFS_SECRET_ACCESS_KEY", ""),
+		RustFSRegion:          getEnv("RUSTFS_REGION", "us-east-1"),
 		ServerPort:            getEnv("SERVER_PORT", "8080"),
+		AuthAPIKey:            getEnv("AUTH_API_KEY", ""),
 	}
 }
 
diff --git a/internal/middleware/auth.go b/internal/middleware/auth.go
index 1b5d078..0007d37 100644
--- a/internal/middleware/auth.go
+++ b/internal/middleware/auth.go
@@ -6,19 +6,16 @@ import (
 	"github.com/gin-gonic/gin"
 )
 
-const (
-	API_KEY_HEADER = "X-API-Key"
-	API_KEY_VALUE  = "xn001624."
-)
+const API_KEY_HEADER = "X-API-Key"
 
 // AuthMiddleware 验证API密钥的中间件
-func AuthMiddleware() gin.HandlerFunc {
+func AuthMiddleware(apiKey string) gin.HandlerFunc {
 	return func(c *gin.Context) {
 		// 从请求头中获取API密钥
-		apiKey := c.GetHeader(API_KEY_HEADER)
+		key := c.GetHeader(API_KEY_HEADER)
 
 		// 验证密钥是否正确
-		if apiKey != API_KEY_VALUE {
+		if key != apiKey {
 			c.JSON(http.StatusUnauthorized, gin.H{
 				"code":    http.StatusUnauthorized,
 				"message": "未授权：请在请求头中提供有效的API密钥",
diff --git a/web/login.html b/web/login.html
index 916e32b..195d05c 100644
--- a/web/login.html
+++ b/web/login.html
@@ -130,7 +130,7 @@
                     </div>
                     <div class="form-text text-muted mt-2">
                         <i class="fas fa-info-circle me-1"></i>
-                        密钥格式: xn001624.
+                        请输入管理员分配的 API 密钥
                     </div>
                 </div>