diff --git a/.env.example b/.env.example
index 589eb2d..1412d03 100644
--- a/.env.example
+++ b/.env.example
@@ -74,6 +74,11 @@ AUTHELIA_JWT_SECRET=generate-with-openssl-rand-hex-64
 AUTHELIA_SESSION_SECRET=generate-with-openssl-rand-hex-64
 AUTHELIA_STORAGE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
 
+# ARCANE Secrets - Let ez-homelab.sh generate these unless you know what your doing
+ARCANE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-64
+ARCANE_JWT_SECRET=generate-with-openssl-rand-hex-64
+
+
 # Surfshark WireGuard (OPTIONAL - Advanced users only)
 # Get WireGuard details from Surfshark dashboard
 # SURFSHARK_PRIVATE_KEY=your-wireguard-private-key
diff --git a/docker-compose/arcane/docker-compose.yml b/docker-compose/arcane/docker-compose.yml
index f6c3500..49673b8 100644
--- a/docker-compose/arcane/docker-compose.yml
+++ b/docker-compose/arcane/docker-compose.yml
@@ -9,12 +9,12 @@ services:
       - arcane-data:/app/data
       - /opt/stacks:/opt/stacks
     environment:
-      - APP_URL=http://192.168.4.12:3552
+      - APP_URL=http://${SERVER_IP}:3552
       - PROJECTS_DIRECTORY=/opt/stacks
       - PUID=1000
       - PGID=1000
-      - ENCRYPTION_KEY=5Db7OZ8TtiRNnXi09oh4WN27igS8YohGo45bnBycN7U=
-      - JWT_SECRET=xwe+pZrRvv18OprdQS+8O5R3fhNekn4pOmikSTJzQIg=
+      - ENCRYPTION_KEY=${ARCANE_ENCRYPTION_KEY}
+      - JWT_SECRET=${ARCANE_JWT_SECRET}
     restart: unless-stopped
     networks:
       - traefik-network
@@ -25,8 +25,8 @@ services:
 #    restart: unless-stopped
 #    environment:
 #      - AGENT_MODE=true
-#      - AGENT_TOKEN=
-#      - MANAGER_API_URL=http://192.168.4.4:3552
+#      - AGENT_TOKEN=${ARCANE_AGENT_TOKEN}
+#      - MANAGER_API_URL=http://${SERVER_IP}:3552
 #    ports:
 #      - "3553:3553"
 #    volumes:
diff --git a/scripts/ez-homelab.sh b/scripts/ez-homelab.sh
index 52f43ad..c5cd7c1 100755
--- a/scripts/ez-homelab.sh
+++ b/scripts/ez-homelab.sh
@@ -821,10 +821,22 @@ save_env_file() {
             AUTHELIA_STORAGE_ENCRYPTION_KEY=$(openssl rand -hex 64)
         fi
 
+        # Generate Arcane secrets
+        if [ -z "$ARCANE_ENCRYPTION_KEY" ]; then
+            ARCANE_ENCRYPTION_KEY=$(openssl rand -hex 64)
+        fi
+        if [ -z "$ARCANE_JWT_SECRET" ]; then
+            ARCANE_JWT_SECRET=$(openssl rand -hex 64)
+        fi
+
         # Save Authelia settings to .env
         sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_JWT_SECRET=.*%AUTHELIA_JWT_SECRET=$AUTHELIA_JWT_SECRET%" "$REPO_DIR/.env"
         sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_SESSION_SECRET=.*%AUTHELIA_SESSION_SECRET=$AUTHELIA_SESSION_SECRET%" "$REPO_DIR/.env"
         sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_STORAGE_ENCRYPTION_KEY=.*%AUTHELIA_STORAGE_ENCRYPTION_KEY=$AUTHELIA_STORAGE_ENCRYPTION_KEY%" "$REPO_DIR/.env"
+        
+        # Save Arcane settings to .env
+        sudo -u "$ACTUAL_USER" sed -i "s%ARCANE_ENCRYPTION_KEY=.*%ARCANE_ENCRYPTION_KEY=$ARCANE_ENCRYPTION_KEY%" "$REPO_DIR/.env"
+        sudo -u "$ACTUAL_USER" sed -i "s%ARCANE_JWT_SECRET=.*%ARCANE_JWT_SECRET=$ARCANE_JWT_SECRET%" "$REPO_DIR/.env"
         sudo -u "$ACTUAL_USER" sed -i "s%# AUTHELIA_ADMIN_USER=.*%AUTHELIA_ADMIN_USER=$ADMIN_USER%" "$REPO_DIR/.env"
         sudo -u "$ACTUAL_USER" sed -i "s%AUTHELIA_ADMIN_USER=.*%AUTHELIA_ADMIN_USER=$ADMIN_USER%" "$REPO_DIR/.env"
         sudo -u "$ACTUAL_USER" sed -i "s%# AUTHELIA_ADMIN_EMAIL=.*%AUTHELIA_ADMIN_EMAIL=$ADMIN_EMAIL%" "$REPO_DIR/.env"
@@ -1248,6 +1260,46 @@ deploy_dashboards() {
     echo ""
 }
 
+deploy_arcane() {
+    log_info "Deploying Arcane stack..."
+    log_info "  - Arcane (Docker Management UI)"
+    echo ""
+
+    # Create arcane directory
+    sudo mkdir -p /opt/stacks/arcane
+
+    # Copy arcane compose file
+    cp "$REPO_DIR/docker-compose/arcane/docker-compose.yml" /opt/stacks/arcane/docker-compose.yml
+    cp "$REPO_DIR/.env" /opt/stacks/arcane/.env
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/arcane/docker-compose.yml
+    sudo chown "$ACTUAL_USER:$ACTUAL_USER" /opt/stacks/arcane/.env
+
+    # Remove variables that arcane stack doesn't need
+    sed -i '/^AUTHELIA_/d' /opt/stacks/arcane/.env
+    sed -i '/^QBITTORRENT_/d' /opt/stacks/arcane/.env
+    sed -i '/^GRAFANA_/d' /opt/stacks/arcane/.env
+    sed -i '/^CODE_SERVER_/d' /opt/stacks/arcane/.env
+    sed -i '/^JUPYTER_/d' /opt/stacks/arcane/.env
+    sed -i '/^POSTGRES_/d' /opt/stacks/arcane/.env
+    sed -i '/^NEXTCLOUD_/d' /opt/stacks/arcane/.env
+    sed -i '/^GITEA_/d' /opt/stacks/arcane/.env
+    sed -i '/^WORDPRESS_/d' /opt/stacks/arcane/.env
+    sed -i '/^BOOKSTACK_/d' /opt/stacks/arcane/.env
+    sed -i '/^MEDIAWIKI_/d' /opt/stacks/arcane/.env
+    sed -i '/^BITWARDEN_/d' /opt/stacks/arcane/.env
+    sed -i '/^FORMIO_/d' /opt/stacks/arcane/.env
+    sed -i '/^HOMEPAGE_VAR_/d' /opt/stacks/arcane/.env
+
+    # Replace placeholders in arcane compose file
+    localize_yml_file "/opt/stacks/arcane/docker-compose.yml"
+
+    # Deploy arcane stack
+    cd /opt/stacks/arcane
+    run_cmd docker compose up -d || true
+    log_success "Arcane stack deployed"
+    echo ""
+}
+
 # Deployment function
 perform_deployment() {
     debug_log "perform_deployment() called with DEPLOY_CORE=$DEPLOY_CORE, DEPLOY_INFRASTRUCTURE=$DEPLOY_INFRASTRUCTURE, DEPLOY_DASHBOARDS=$DEPLOY_DASHBOARDS, SETUP_STACKS=$SETUP_STACKS"
@@ -1337,6 +1389,11 @@ perform_deployment() {
         deploy_dashboards
     fi
 
+    # Deploy arcane stack (deployed for both core and additional servers)
+    if [ "$DEPLOY_CORE" = true ] || [ "$DEPLOY_INFRASTRUCTURE" = true ]; then
+        deploy_arcane
+    fi
+
     # Setup stacks for Dockge
     if [ "$SETUP_STACKS" = true ]; then
         setup_stacks_for_dockge