diff --git a/.env.example b/.env.example
index ce55e6bbc..1ff28dd5b 100644
--- a/.env.example
+++ b/.env.example
@@ -25,6 +25,7 @@ SMTP_ENABLE_STARTTLS_AUTO=
 
 #misc
 FRONTEND_URL=http://0.0.0.0:3000
+ACTIVE_STORAGE_SERVICE=local
 
 #s3
 S3_BUCKET_NAME=
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 2a0911e1c..e6534d8ed 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -36,7 +36,7 @@ Rails.application.configure do
   # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
 
   # Store uploaded files on the local file system (see config/storage.yml for options).
-  config.active_storage.service = :local
+  config.active_storage.service = ENV.fetch('ACTIVE_STORAGE_SERVICE', 'local').to_sym
 
   # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
   # config.force_ssl = true
diff --git a/config/storage.yml b/config/storage.yml
index d32f76e8f..2814cb280 100644
--- a/config/storage.yml
+++ b/config/storage.yml
@@ -7,12 +7,12 @@ local:
   root: <%= Rails.root.join("storage") %>
 
 # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
-# amazon:
-#   service: S3
-#   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
-#   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
-#   region: us-east-1
-#   bucket: your_own_bucket
+amazon:
+  service: S3
+  access_key_id: <%= ENV.fetch('AWS_ACCESS_KEY_ID', '') %>
+  secret_access_key: <%= ENV.fetch('AWS_SECRET_ACCESS_KEY', '') %>
+  region: <%= ENV.fetch('AWS_REGION', '') %>
+  bucket: <%= ENV.fetch('S3_BUCKET_NAME', '') %>
 
 # Remember not to checkin your GCS keyfile to a repository
 # google: