diff --git a/.github/workflows/time-tracker-ui-cd-prod.yml b/.github/workflows/time-tracker-ui-cd-prod.yml
index 0a7ba4679..26c54d0c1 100644
--- a/.github/workflows/time-tracker-ui-cd-prod.yml
+++ b/.github/workflows/time-tracker-ui-cd-prod.yml
@@ -15,7 +15,7 @@ jobs:
         ARM_CLIENT_SECRET: ${{secrets.TF_ARM_CLIENT_SECRET}}
         ARM_SUBSCRIPTION_ID: ${{secrets.TF_ARM_SUBSCRIPTION_ID}}
         ARM_TENANT_ID: ${{secrets.TF_ARM_TENANT_ID}}
-
+        
     steps:
     - name: Checkout
       uses: actions/checkout@v3
@@ -30,8 +30,16 @@ jobs:
       with:
         creds: ${{ secrets.AZURE_CREDENTIALS }}
 
+    - name: Unlock PROD secrets
+      uses: sliteteam/github-action-git-crypt-unlock@1.2.0
+      env:
+        GIT_CRYPT_KEY: ${{ secrets.GIT_CRYPT_KEY_PROD }}
+      
     - name: Build the docker image
-      run: make build_prod
+      run: |-
+        docker build \
+          --target production -t timetracker_ui  -f Dockerfile_prod \
+          .
 
     - name: Publish docker image to prod azure container registry
       run: |
diff --git a/.github/workflows/time-tracker-ui-cd-stage.yml b/.github/workflows/time-tracker-ui-cd-stage.yml
index 3f73c471c..a57cfec09 100644
--- a/.github/workflows/time-tracker-ui-cd-stage.yml
+++ b/.github/workflows/time-tracker-ui-cd-stage.yml
@@ -38,7 +38,7 @@ jobs:
     - name: Build the docker image
       run: |-
         docker build \
-          --target production -t timetracker_ui \
+          --target production -t timetracker_ui -f Dockerfile_stage \
           .
 
     - name: Publish docker image to stage azure container registry
@@ -61,4 +61,4 @@ jobs:
 
     - name: Terraform Apply
       working-directory: ${{ env.WORKING_DIR }}
-      run: terraform apply -lock=false -var-file="${{ env.TF_WORKSPACE }}.tfvars" -var "image_tag=$RELEASE_VERSION" -auto-approve
+      run: terraform apply -var-file="${{ env.TF_WORKSPACE }}.tfvars" -var "image_tag=$RELEASE_VERSION" -auto-approve
diff --git a/.github/workflows/time-tracker-ui-ci.yml b/.github/workflows/time-tracker-ui-ci.yml
index 07e52253c..d7992606d 100644
--- a/.github/workflows/time-tracker-ui-ci.yml
+++ b/.github/workflows/time-tracker-ui-ci.yml
@@ -66,8 +66,7 @@ jobs:
 
     - name: Terraform Plan Prod
       id: plan-prod
-      # run: terraform plan -var-file=${{ env.TF_WORKSPACE }}.tfvars -var image_tag=latest -no-color
-      run: echo "Disabled for now up to restructure infra tiers"
+      run: terraform plan -var-file=${{ env.TF_WORKSPACE }}.tfvars -var image_tag=latest -no-color
       continue-on-error: true
       working-directory: ./${{ env.WORKING_DIR }}
       env:
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index babf9d405..000000000
--- a/Dockerfile
+++ /dev/null
@@ -1,28 +0,0 @@
-FROM node:14-alpine AS building
-WORKDIR /app
-# ENV USERNAME timetracker
-# ENV HOME /home/${USERNAME}
-# RUN useradd -ms /bin/bash ${USERNAME}
-# WORKDIR ${HOME}/time-tracker-ui
-COPY . /app
-# RUN chown ${USERNAME}:${USERNAME} -R ${HOME}/time-tracker-ui
-# RUN chmod -R 777 ${HOME}/time-tracker-ui
-# USER ${USERNAME}
-RUN npm cache clean --force && npm install
-EXPOSE 4200 9876
-RUN source .stage.env && npm run build
-# >> scrt && 
-#
-
-FROM nginx:1.21 AS production
-COPY nginx.conf /etc/nginx/conf.d/default.conf
-COPY --from=building /app/dist/time-tracker /usr/share/nginx/html
-# FIXME: Actually if we can deploy to azure in port 80 we need a root user
-# Maybe we can refactor this dockerfile to use root user directly this is not a good approach y
-# security terms. It's a good practice to have rootless in containers so for this
-# we can to refactor this dockerfile and the terraform module to deploy in other ports because
-# Ports below 1024 needs root permisions.
-
-# USER ${USERNAME}
-
-EXPOSE 80
\ No newline at end of file
diff --git a/Dockerfile_prod b/Dockerfile_prod
new file mode 100644
index 000000000..3d51f5643
--- /dev/null
+++ b/Dockerfile_prod
@@ -0,0 +1,13 @@
+FROM node:14-alpine AS building
+WORKDIR /app
+COPY . /app
+RUN npm cache clean --force && npm install
+EXPOSE 4200 9876
+RUN source .prod.env && npm run build
+
+
+FROM nginx:1.21 AS production
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=building /app/dist/time-tracker /usr/share/nginx/html
+EXPOSE 80
+
diff --git a/Dockerfile_stage b/Dockerfile_stage
new file mode 100644
index 000000000..5922ed3d9
--- /dev/null
+++ b/Dockerfile_stage
@@ -0,0 +1,13 @@
+FROM node:14-alpine AS building
+WORKDIR /app
+COPY . /app
+RUN npm cache clean --force && npm install
+EXPOSE 4200 9876
+RUN source .stage.env && npm run build
+
+
+FROM nginx:1.21 AS production
+COPY nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=building /app/dist/time-tracker /usr/share/nginx/html
+EXPOSE 80
+
diff --git a/infrastructure/main.tf b/infrastructure/main.tf
index 308044629..4907d9b7f 100644
--- a/infrastructure/main.tf
+++ b/infrastructure/main.tf
@@ -43,7 +43,7 @@ locals {
 
 module "ui" {
   #source = "../../infra-terraform-modules/azure-app-service"
-  source                   = "git@github.com:ioet/infra-terraform-modules.git//azure-app-service?ref=tags/v0.0.13"
+  source                   = "git@github.com:ioet/infra-terraform-modules.git//azure-app-service?ref=tags/v0.0.20"
   app_service_name         = "${local.service_name}-ui"
   create_app_service_plan  = local.create_app_service_plan
   docker_image_name        = "${local.image_name}:${var.image_tag}"