diff --git a/ccp/modules/datashield-compose.yml b/ccp/modules/datashield-compose.yml
index f3c3f61..1e7341e 100644
--- a/ccp/modules/datashield-compose.yml
+++ b/ccp/modules/datashield-compose.yml
@@ -55,7 +55,7 @@ services:
     container_name: bridgehead-opal-db
     image: docker.verbis.dkfz.de/cache/postgres:15.1-alpine
     environment:
-      POSTGRES_PASSWORD: "${OPAL_DB_PASSWORD}"
+      POSTGRES_PASSWORD: "${OPAL_DB_PASSWORD}" # Set in datashield-setup.sh
       POSTGRES_USER: "opal"
       POSTGRES_DB: "opal"
   #    volumes:
diff --git a/ccp/modules/exporter-compose.yml b/ccp/modules/exporter-compose.yml
index 0f980c3..56525b7 100644
--- a/ccp/modules/exporter-compose.yml
+++ b/ccp/modules/exporter-compose.yml
@@ -4,7 +4,7 @@ services:
     container_name: bridgehead-ccp-exporter
     environment:
       LOG_LEVEL: "INFO"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
       CROSS_ORIGINS: "https://${HOST}"
       EXPORTER_DB_USER: "exporter"
       EXPORTER_DB_PASSWORD: "${EXPORTER_DB_PASSWORD}" # Set in exporter-setup.sh
@@ -40,7 +40,7 @@ services:
       LOG_LEVEL: "INFO"
       CROSS_ORIGINS: "https://${HOST}"
       HTTP_RELATIVE_PATH: "/ccp-reporter"
-      EXPORTER_API_KEY: "${EXPORTER_API_KEY}"
+      EXPORTER_API_KEY: "${EXPORTER_API_KEY}" # Set in exporter-setup.sh
       EXPORTER_URL: "http://exporter:8092"
       LOG_FHIR_VALIDATION: "false"
       HTTP_SERVLET_REQUEST_SCHEME: "https"
diff --git a/ccp/modules/exporter-setup.sh b/ccp/modules/exporter-setup.sh
index fed62e5..c109f9c 100644
--- a/ccp/modules/exporter-setup.sh
+++ b/ccp/modules/exporter-setup.sh
@@ -5,4 +5,5 @@ if [ "$ENABLE_EXPORTER" == true ]; then
   OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
   # TODO: Generate password in another way so that not all passwords are the same?
   EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
+  EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | openssl rsautl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
 fi