diff --git a/README.md b/README.md
index 9a3e9b2..a01bf95 100644
--- a/README.md
+++ b/README.md
@@ -1,22 +1,31 @@
 # auth-server
 
-The configs, tweaks, and pieces that make up the `login.starcat.systems` Authentik server.
+The configs, tweaks, and pieces that make up the `id.starcat.systems` accounts server.
+
+[![Forgejo Last Commit (main)](https://img.shields.io/gitea/last-commit/starcat-infra/auth-server/main?gitea_url=https%3A%2F%2Fgit.starcat.systems&style=flat&logo=git&logoColor=fff&logoSize=auto&label=last%20commit%20(main))](https://git.starcat.systems/starcat-infra/auth-server/src/branch/main)
 
 ## Contents
+-   `pockey-id`:
+    -   `docker-compose.yml`: the Docker Compose file that runs Pocket ID
+    -   `.env`: environment variables to configure Pocket ID
+-   `caddy`:
+    -   `Caddyfile`: the Caddy server configuration (reverse proxies Pocket ID)
 
+## More Information
+For more information on this repo, please see [Pocket ID in the handbook](https://about.starcat.systems/handbook/infrastructure/security/pocket-id/).
 
 ## Repo Mirrors
 Repo contents are automatically pushed to the following mirrors:
 
-[![Main Forge Badge](https://img.shields.io/badge/git.starcat.systems-main-4BC61D?style=flat&logo=forgejo&logoColor=fff&logoSize=auto)](https://git.starcat.systems/starcat-infra/git-server)
+[![Main Forge Badge](https://img.shields.io/badge/git.starcat.systems-main-4BC61D?style=flat&logo=forgejo&logoColor=fff&logoSize=auto)](https://git.starcat.systems/starcat-infra/auth-server)
 
-[![SourceHut Badge](https://img.shields.io/badge/sourcehut-mirror-blue?style=flat&logo=sourcehut&logoColor=fff&logoSize=auto)](https://git.sr.ht/~starcatsys/git-server)
+[![SourceHut Badge](https://img.shields.io/badge/sourcehut-mirror-blue?style=flat&logo=sourcehut&logoColor=fff&logoSize=auto)](https://git.sr.ht/~starcatsys/auth-server)
 
-[![GitLab Badge](https://img.shields.io/badge/GitLab-mirror-blue?style=flat&logo=gitlab&logoColor=fff&logoSize=auto)](https://gitlab.com/starcatsys-mirror/starcat-infra/git-server)
+[![GitLab Badge](https://img.shields.io/badge/GitLab-mirror-blue?style=flat&logo=gitlab&logoColor=fff&logoSize=auto)](https://gitlab.com/starcatsys-mirror/starcat-infra/auth-server)
 
-⚠️ **These mirrors are not routinely monitored.** All issues and pull requests should be directed to the [main forge](https://git.starcat.systems/starcat-infra/git-server).
+⚠️ **These mirrors are not routinely monitored.** All issues and pull requests should be directed to the [main forge](https://git.starcat.systems/starcat-infra/auth-server).
 
 *[Why do we mirror some repos?](https://about.starcat.systems/handbook/infrastructure/code/mirroring/)*
 
 # Licensing Note
-The changes and customizations to configurations, projects, and files in this repo are released under the MIT license. Other files, including those from Authentik, Caddy, and images/logos may be released under different licenses.
\ No newline at end of file
+The changes and customizations to configurations, projects, and files in this repo are released under the MIT license. Other files, including those from Pocket ID, Caddy, and images/logos may be released under different licenses.
\ No newline at end of file
diff --git a/caddy/Caddyfile b/caddy/Caddyfile
new file mode 100644
index 0000000..8143270
--- /dev/null
+++ b/caddy/Caddyfile
@@ -0,0 +1,10 @@
+##############################################################################
+# Caddyfile for PocketID
+# /etc/caddy/Caddyfile
+# After modifying, gracefully reload Caddy with `sudo systemctl reload caddy`
+##############################################################################
+
+# Reverse proxy for PocketID
+id.starcat.systems {
+  reverse_proxy 127.0.0.1:1411
+}
\ No newline at end of file
diff --git a/goauthentik.png b/goauthentik.png
deleted file mode 100644
index de38be4..0000000
Binary files a/goauthentik.png and /dev/null differ
diff --git a/pocket-id.png b/pocket-id.png
new file mode 100644
index 0000000..8aa7f00
Binary files /dev/null and b/pocket-id.png differ
diff --git a/pocket-id/.env b/pocket-id/.env
new file mode 100644
index 0000000..cc5cb8d
--- /dev/null
+++ b/pocket-id/.env
@@ -0,0 +1,11 @@
+# Pocket ID .env app configuration
+# Configures the Pocket ID application
+# File location: /srv/pocket-id/.env
+# More information - git repo: https://git.starcat.systems/starcat-infra/auth-server
+# More information - handbook: https://about.starcat.systems/handbook/infrastructure/security/pocket-id/
+# See the documentation for more information: https://pocket-id.org/docs/configuration/environment-variables
+APP_URL=https://id.starcat.systems
+TRUST_PROXY=true
+MAXMIND_LICENSE_KEY=*REDACTED*
+PUID=1000
+PGID=1000
\ No newline at end of file
diff --git a/pocket-id/README.md b/pocket-id/README.md
new file mode 100644
index 0000000..ad9373d
--- /dev/null
+++ b/pocket-id/README.md
@@ -0,0 +1,20 @@
+# Pocket ID README
+## what
+The Docker Compose and `.env` files that run Pocket ID
+
+## where
+```
+/srv/pocket-id/docker-compose.yml
+/srv/pocket-id/.env
+```
+
+## redacted values
+For security, secrets have been redacted from this file. StarCat team members can find these values in [1Password](https://start.1password.com/open/i?a=B5NVCNGFJBCCLCDCN5FKFPGVBI&v=35hhast2kp5lgw3iud374426oa&i=ahsb5ohjmkyvfuoudj564xucgy&h=starcatsys.1password.com). Soon, these values will be autofilled from Vault when the container starts.
+
+## making changes
+If you make changes to `.env` or need to upgrade Pocket ID, just pull the latest image and restart the service:
+
+```
+docker compose pull
+docker compose up -d
+```
\ No newline at end of file
diff --git a/pocket-id/docker-compose.yml b/pocket-id/docker-compose.yml
new file mode 100644
index 0000000..5f15efb
--- /dev/null
+++ b/pocket-id/docker-compose.yml
@@ -0,0 +1,19 @@
+# Docker Compose file for PocketID
+# Location: /srv/pocket-id/docker-compose.yml
+
+services:
+  pocket-id:
+    image: ghcr.io/pocket-id/pocket-id:v1
+    restart: unless-stopped
+    env_file: .env
+    ports:
+      - 1411:1411
+    volumes:
+      - "./data:/app/data"
+    # Optional healthcheck
+    healthcheck:
+      test: "curl -f http://localhost:1411/healthz"
+      interval: 1m30s
+      timeout: 5s
+      retries: 2
+      start_period: 10s
\ No newline at end of file