diff --git a/.gitea/workflows/cd-back.yml b/.gitea/workflows/cd-back.yml
new file mode 100644
index 0000000..6cb35d7
--- /dev/null
+++ b/.gitea/workflows/cd-back.yml
@@ -0,0 +1,47 @@
+name: Backend deploy
+on:
+  push:
+    branches:
+      - master
+  workflow_dispatch:
+
+jobs:
+  deploy-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      
+      - name: Import Secrets
+        id: import-secrets
+        uses: hashicorp/vault-action@v3.4.0
+        with:
+          url: https://vault.d3m0k1d.ru
+          token: ${{ secrets.VAULT }}
+          secrets: |
+            secrets/site/prod/data/gitea TOKEN | GITEA_TOKEN ;
+            secrets/site/prod/data/server SSH_KEY | SSH_KEY ;
+            secrets/site/prod/data/server USER | SERVER_USER ;
+            secrets/site/prod/data/server HOST | SERVER_HOST ;
+            secrets/site/prod/data/server PORT | SERVER_PORT
+      
+      - name: Login to registry
+        run: echo "${{ steps.import-secrets.outputs.GITEA_TOKEN }}" | docker login gitea.d3m0k1d.ru -u d3m0k1d --password-stdin
+
+      - name: Build and push
+        run: |
+          docker build -t gitea.d3m0k1d.ru/d3m0k1d/backend:latest ./backend
+          docker push gitea.d3m0k1d.ru/d3m0k1d/backend:latest
+      
+      - name: Deploy at server
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ steps.import-secrets.outputs.SERVER_HOST }}
+          port: ${{ steps.import-secrets.outputs.SERVER_PORT }}
+          username: ${{ steps.import-secrets.outputs.SERVER_USER }}
+          key: ${{ steps.import-secrets.outputs.SSH_KEY }}
+          script: |
+            docker login -u d3m0k1d -p ${{ steps.import-secrets.outputs.GITEA_TOKEN }} gitea.d3m0k1d.ru
+            docker pull gitea.d3m0k1d.ru/d3m0k1d/backend:latest
+            docker rm -f d3m0k1d-backend || true
+            docker run --name d3m0k1d-backend -d -p 80:80 --restart unless-stopped gitea.d3m0k1d.ru/d3m0k1d/backend:latest