diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..909f6d6
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,6 @@
+target
+.git
+storage
+**/*.log
+**/*.tmp
+**/*.swp
diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml
new file mode 100644
index 0000000..5c6416a
--- /dev/null
+++ b/.gitea/workflows/docker.yml
@@ -0,0 +1,34 @@
+name: Docker Image
+
+on:
+  push:
+    branches:
+      - docker-support
+  workflow_dispatch:
+
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ secrets.DOCKER_REGISTRY }}
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ secrets.DOCKER_REGISTRY }}/sdk_storage:latest
+          platforms: linux/amd64,linux/arm64
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..8e191aa
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,19 @@
+# syntax=docker/dockerfile:1
+
+FROM rust:1 as builder
+WORKDIR /app
+COPY Cargo.toml Cargo.lock ./
+COPY src ./src
+RUN cargo build --release
+
+FROM debian:stable-slim
+RUN useradd -m -u 10001 appuser && \
+    apt-get update && apt-get install -y ca-certificates && rm -rf /var/lib/apt/lists/*
+WORKDIR /app
+COPY --from=builder /app/target/release/sdk_storage /usr/local/bin/sdk_storage
+RUN mkdir -p /app/storage && chown -R appuser:appuser /app
+USER appuser
+EXPOSE 8081
+ENV RUST_LOG=info
+ENTRYPOINT ["/usr/local/bin/sdk_storage"]
+CMD ["--permanent"]
diff --git a/docs/README.md b/docs/README.md
index b69c667..20c2d3a 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -14,5 +14,10 @@ Ce dossier documente l'API HTTP, l'architecture et les décisions techniques.
 
 ## REX technique
 
+- Docker
+  - Build local: `docker build -t sdk_storage:local .`
+  - Run: `docker run --rm -p 8081:8081 -v $PWD/storage:/app/storage sdk_storage:local`
+  - Par défaut `--permanent` est activé via CMD, override possible: `docker run ... sdk_storage -- --permanent`
+
 - Refactor initial de la logique depuis `main.rs` vers `lib.rs` pour testabilité et séparation des responsabilités.
 - Durées TTL maintenant validées dans le handler, calcul d'expiration converti en `SystemTime` avant l'appel service.