diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6b43dac..af0bca3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Changelog
 
+## 1.0 - 2024-11-16
+
+- Use python 3.13
+- Restructure project to use similar layout as core
+- Use Mantine + vite for UI
+- Use Docker alpine images
+- Use typer for CLI interface
+
 ## 0.9.0 - 2024-04-07
 
 - Support for scopes/permissions/groups
diff --git a/README.md b/README.md
index 786db70..8cc8b4c 100644
--- a/README.md
+++ b/README.md
@@ -17,82 +17,18 @@ cryptographically signed JWT access token.
 JWT token is delivered to the client as http response payload (json format)
 and as cookie.
 
-![Authentication Server](./images/screenshot.png)
-
 ## Usage
 
-Auth-server is configured only via environment variables.
-The only required parameter you need to provide it secret key (used to sign tokens):
-
-```
-version: "3.9"
-services:
-  web:
-    image: papermerge/auth-server
-    ports:
-     - "7000:80"
-    environment:
-      PAPERMERGE__SECURITY__SECRET_KEY: <your secret string>
-```
-
-If no other settings are provided, it will be assumed authentication against
-credentials stored in database. Default database is "sqlite:////db/db.sqlite3".
-Optionally you can choose to store credentials in PostgreSQL database:
-
-```
-version: "3.9"
-services:
-  web:
-    image: papermerge/auth-server
-    ports:
-     - "7000:80"
-    environment:
-      PAPERMERGE__SECURITY__SECRET_KEY: <your secret string>
-      PAPERMERGE__DATABASE__URL: postgresql://postgres:123@db:5432/postgres
-    depends_on:
-      - db
-  db:
-    image: bitnami/postgresql:14.4.0
-    volumes:
-      - postgres_data:/var/lib/postgresql/data/
-    environment:
-      - POSTGRES_PASSWORD=123
-volumes:
-  postgres_data:
-```
-
-For MySql/MariaDB use `mysql` scheme. For example:
-
-  PAPERMERGE__DATABASE__URL: mysql://user:password@127.0.0.1:3306/mydatabase
-
-And docker compose file would look like:
-
-```
-version: "3.9"
-services:
-  web:
-    image: papermerge/auth-server
-    ports:
-     - "7000:80"
-    environment:
-      PAPERMERGE__SECURITY__SECRET_KEY: <your secret string>
-      PAPERMERGE__DATABASE__URL: mysql://user:password@127.0.0.1:3306/mydatabase
-    depends_on:
-      - db
-  db:
-    image: mariadb:11.2
-    volumes:
-      - maria:/var/lib/mysql
-    environment:
-      MYSQL_ROOT_PASSWORD: password
-      MYSQL_DATABASE: mydatabase
-      MYSQL_USER: user
-      MYSQL_PASSWORD: password
-    ports:
-      - 3306:3306
-volumes:
-  maria:
-```
+To start backend server:
+
+  $ poetry run task server
+
+To start frontend (in dev mode):
+
+  $ cd ui2
+  $ yarn dev
+
+Use nginx.conf (from the root folder) to play.  
 
 In order to enable authentication via OIDC provider you need to
 provide following environment variables:
@@ -112,14 +48,6 @@ You need to provider all five values.
 Above value should be same as in field "Authorized redirect URI" when
 registering oauth2 client.
 
-You can also start the auth server with poetry:
-
-    $ poetry run uvicorn auth_server.main:app \
-        --host 0.0.0.0 \
-        --port 8000 \
-        --reload \
-        --log-config etc/logging.yml
-        --log-level info
 
 Application providers one single endpoint `POST /token` which return jwt access
 token. There two valid options for using `POST /token` endpoint:
diff --git a/auth_server/config.py b/auth_server/config.py
index c6b7948..3691967 100644
--- a/auth_server/config.py
+++ b/auth_server/config.py
@@ -1,5 +1,8 @@
 import logging
+import secrets
 
+
+from pydantic import Field
 from functools import lru_cache
 from enum import Enum
 
@@ -9,6 +12,10 @@
 logger = logging.getLogger(__name__)
 
 
+def generate_secret():
+    return secrets.token_hex(32)
+
+
 class Algs(str, Enum):
     HS256 = "HS256"
     HS384 = "HS384"
@@ -22,10 +29,10 @@ class Algs(str, Enum):
 
 
 class Settings(BaseSettings):
-    papermerge__security__secret_key: str
+    papermerge__security__secret_key: str = Field(default_factory=generate_secret)
     papermerge__security__token_algorithm: Algs = Algs.HS256
     papermerge__security__token_expire_minutes: int = 360
-    papermerge__security__cookie_name: str = 'access_token'
+    papermerge__security__cookie_name: str = "access_token"
 
     # database where to read user table from
     papermerge__database__url: str = "sqlite:////db/db.sqlite3"
@@ -41,10 +48,10 @@ class Settings(BaseSettings):
     # e.g. uid={username},ou=People,dc=ldap,dc=trusel,dc=net
     papermerge__auth__ldap_user_dn_format: str | None = None
     # LDAP Entry attribute name for the email
-    papermerge__auth__ldap_email_attr: str = 'mail'
+    papermerge__auth__ldap_email_attr: str = "mail"
     # if there is an error retrieving ldap_email_attr, the
     # fallback user email will be set to username@<email-domain-fallback>
-    papermerge__auth__ldap_user_email_domain_fallback: str = 'example-ldap.com'
+    papermerge__auth__ldap_user_email_domain_fallback: str = "example-ldap.com"
 
 
 @lru_cache()
diff --git a/images/screenshot.png b/images/screenshot.png
deleted file mode 100644
index ed9a468..0000000
Binary files a/images/screenshot.png and /dev/null differ