diff --git a/docker-compose.yml b/docker-compose.yml
index f45ba41..0f1fd1a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -28,6 +28,8 @@ services:
       KC_HOSTNAME_URL: "http://localhost:8081/"
       KC_HOSTNAME_ADMIN_URL: "http://localhost:8081/"
       KC_HOSTNAME_STRICT_HTTPS: "false"
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
 
     ports:
       - "8081:8081"
@@ -44,6 +46,9 @@ services:
     depends_on:
       postgres: { condition: service_healthy }
     environment:
+      # Aktivera Spring-profilen "dev"
+      SPRING_PROFILES_ACTIVE: dev
+
       SPRING_DATASOURCE_URL: jdbc:postgresql://postgres:5432/hemhub
       SPRING_DATASOURCE_USERNAME: hemhub
       SPRING_DATASOURCE_PASSWORD: hemhub
diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml
new file mode 100644
index 0000000..cab49f7
--- /dev/null
+++ b/src/main/resources/application-dev.yml
@@ -0,0 +1,27 @@
+server:
+  port: 8080
+
+spring:
+  datasource:
+    url: jdbc:postgresql://postgres:5432/hemhub
+    username: hemhub
+    password: hemhub
+  jpa:
+    hibernate:
+      ddl-auto: none
+  flyway:
+    enabled: true
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://host.docker.internal:8081/realms/hemhub/protocol/openid-connect/certs
+springdoc:
+  swagger-ui:        # (valfritt, behåll om du redan har)
+    url: /v3/api-docs
+
+logging:
+  level:
+    org.springframework.security: DEBUG
+    org.springframework.security.oauth2: DEBUG
+
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index ed39de1..bc9ed96 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -11,12 +11,6 @@ spring:
       ddl-auto: none
   flyway:
     enabled: true
-  security:
-    oauth2:
-      resourceserver:
-        jwt:
-          jwk-set-uri: http://keycloak:8080/realms/hemhub/protocol/openid-connect/certs
-          issuer-uri: https://rubble.se/hemhub/auth/realms/hemhub
 springdoc:
   swagger-ui:        # (valfritt, behåll om du redan har)
     url: /v3/api-docs
diff --git a/src/main/resources/applications-prod.yml b/src/main/resources/applications-prod.yml
new file mode 100644
index 0000000..f61c921
--- /dev/null
+++ b/src/main/resources/applications-prod.yml
@@ -0,0 +1,7 @@
+spring:
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://keycloak:8080/realms/hemhub/protocol/openid-connect/certs
+          issuer-uri: https://rubble.se/hemhub/auth/realms/hemhub
\ No newline at end of file
diff --git a/src/test/java/se/urmo/hemhub/integration/HouseholdControllerIT.java b/src/test/java/se/urmo/hemhub/integration/HouseholdControllerIT.java
index 36f7b13..2642932 100644
--- a/src/test/java/se/urmo/hemhub/integration/HouseholdControllerIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/HouseholdControllerIT.java
@@ -4,8 +4,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import java.util.List;
 import java.util.Map;
@@ -19,6 +21,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class HouseholdControllerIT {
 
     @Autowired
diff --git a/src/test/java/se/urmo/hemhub/integration/MeControllerBranchesIT.java b/src/test/java/se/urmo/hemhub/integration/MeControllerBranchesIT.java
index 6be6894..9206fb1 100644
--- a/src/test/java/se/urmo/hemhub/integration/MeControllerBranchesIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/MeControllerBranchesIT.java
@@ -4,8 +4,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import java.util.Map;
 
@@ -17,6 +19,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class MeControllerBranchesIT {
 
     @Autowired
diff --git a/src/test/java/se/urmo/hemhub/integration/MeControllerIT.java b/src/test/java/se/urmo/hemhub/integration/MeControllerIT.java
index eaf1e37..23955dc 100644
--- a/src/test/java/se/urmo/hemhub/integration/MeControllerIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/MeControllerIT.java
@@ -4,8 +4,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import java.util.List;
 import java.util.Map;
@@ -18,6 +20,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class MeControllerIT {
 
     @Autowired
diff --git a/src/test/java/se/urmo/hemhub/integration/PagingAndFilteringIT.java b/src/test/java/se/urmo/hemhub/integration/PagingAndFilteringIT.java
index 2f32256..cc80c35 100644
--- a/src/test/java/se/urmo/hemhub/integration/PagingAndFilteringIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/PagingAndFilteringIT.java
@@ -5,9 +5,11 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import java.time.LocalDate;
 
@@ -19,6 +21,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class PagingAndFilteringIT {
 
     @Autowired MockMvc mvc;
diff --git a/src/test/java/se/urmo/hemhub/integration/ProjectTaskControllerIT.java b/src/test/java/se/urmo/hemhub/integration/ProjectTaskControllerIT.java
index f42e39b..42552d4 100644
--- a/src/test/java/se/urmo/hemhub/integration/ProjectTaskControllerIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/ProjectTaskControllerIT.java
@@ -5,8 +5,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
@@ -15,6 +17,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class ProjectTaskControllerIT {
 
     @Autowired MockMvc mvc;
diff --git a/src/test/java/se/urmo/hemhub/integration/PublicControllerIT.java b/src/test/java/se/urmo/hemhub/integration/PublicControllerIT.java
index 0a880f0..05686de 100644
--- a/src/test/java/se/urmo/hemhub/integration/PublicControllerIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/PublicControllerIT.java
@@ -4,8 +4,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
@@ -14,6 +16,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class PublicControllerIT {
 
     @Autowired
diff --git a/src/test/java/se/urmo/hemhub/integration/TaskDueControllerIT.java b/src/test/java/se/urmo/hemhub/integration/TaskDueControllerIT.java
index db34f71..ea0d133 100644
--- a/src/test/java/se/urmo/hemhub/integration/TaskDueControllerIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/TaskDueControllerIT.java
@@ -5,8 +5,10 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import java.time.LocalDate;
 
@@ -19,6 +21,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class TaskDueControllerIT {
 
     @Autowired
diff --git a/src/test/java/se/urmo/hemhub/integration/ValidationAndErrorHandlingIT.java b/src/test/java/se/urmo/hemhub/integration/ValidationAndErrorHandlingIT.java
index 7fd5cc2..e9d1780 100644
--- a/src/test/java/se/urmo/hemhub/integration/ValidationAndErrorHandlingIT.java
+++ b/src/test/java/se/urmo/hemhub/integration/ValidationAndErrorHandlingIT.java
@@ -5,9 +5,11 @@ import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.web.servlet.MockMvc;
+import se.urmo.hemhub.support.TestSecurityConfig;
 
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.jwt;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
@@ -16,6 +18,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @SpringBootTest
 @AutoConfigureMockMvc
 @ActiveProfiles("test")
+@Import(TestSecurityConfig.class)
 class ValidationAndErrorHandlingIT {
 
     @Autowired MockMvc mvc;
diff --git a/src/test/java/se/urmo/hemhub/support/TestSecurityConfig.java b/src/test/java/se/urmo/hemhub/support/TestSecurityConfig.java
new file mode 100644
index 0000000..2526f43
--- /dev/null
+++ b/src/test/java/se/urmo/hemhub/support/TestSecurityConfig.java
@@ -0,0 +1,22 @@
+package se.urmo.hemhub.support;
+
+import java.time.Instant;
+import org.springframework.boot.test.context.TestConfiguration;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtDecoder;
+
+@TestConfiguration
+public class TestSecurityConfig {
+
+    @Bean
+    JwtDecoder jwtDecoder() {
+        return token -> Jwt.withTokenValue(token)
+                .header("alg", "none")
+                .claim("sub", "test-user")
+                .claim("preferred_username", "test")
+                .issuedAt(Instant.now())
+                .expiresAt(Instant.now().plusSeconds(300))
+                .build();
+    }
+}
diff --git a/src/test/resources/application-test.yml b/src/test/resources/application-test.yml
index c1ec63c..9162c72 100644
--- a/src/test/resources/application-test.yml
+++ b/src/test/resources/application-test.yml
@@ -6,7 +6,7 @@ spring:
     password:
   jpa:
     hibernate:
-      ddl-auto: none          # 👈 turn off Hibernate's validate/ddl in tests
+      ddl-auto: none
     properties:
       hibernate.hbm2ddl.auto: none
   flyway: