diff --git a/__pycache__/app.cpython-310.pyc b/__pycache__/app.cpython-310.pyc
index e03e650..73e7487 100644
Binary files a/__pycache__/app.cpython-310.pyc and b/__pycache__/app.cpython-310.pyc differ
diff --git a/__pycache__/security.cpython-310.pyc b/__pycache__/security.cpython-310.pyc
index 424e9f7..05ab7d5 100644
Binary files a/__pycache__/security.cpython-310.pyc and b/__pycache__/security.cpython-310.pyc differ
diff --git a/app.old b/app.old
index 466a9f4..1fc28eb 100644
--- a/app.old
+++ b/app.old
@@ -64,8 +64,8 @@ reslevis_router = _reslevis.router
 from fastapi import FastAPI, Security
 from fastapi.security import OAuth2AuthorizationCodeBearer
 
-AUTH_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/auth"
-TOKEN_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/token"
+#AUTH_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/auth"
+#TOKEN_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/token"
 
 oauth2 = OAuth2AuthorizationCodeBearer(
     authorizationUrl=AUTH_URL,
diff --git a/app.py b/app.py
index 7b2c16e..7cc6244 100644
--- a/app.py
+++ b/app.py
@@ -9,6 +9,9 @@ from typing import Any, Dict, List, Optional
 # import wave
 import os
 import shutil
+# import enviroment variables
+import config_env
+#other
 from pathlib import Path
 from tempfile import NamedTemporaryFile
 from typing import Callable
@@ -63,8 +66,14 @@ reslevis_router = _reslevis.router
 from fastapi import FastAPI, Security
 from fastapi.security import OAuth2AuthorizationCodeBearer
 
-AUTH_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/auth"
-TOKEN_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/token"
+#AUTH_URL = "https://10.251.0.30:10002/realms/API.Server.local/protocol/openid-connect/auth"
+#AUTH_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/auth"
+#TOKEN_URL = "https://10.251.0.30:10002/realms/API.Server.local/protocol/openid-connect/token"
+#TOKEN_URL = "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/token"
+
+
+AUTH_URL = config_env.KEYCLOAK_AUTH_URL
+TOKEN_URL = config_env.KEYCLOAK_TOKEN_URL
 
 oauth2 = OAuth2AuthorizationCodeBearer(
     authorizationUrl=AUTH_URL,
diff --git a/config_env.py b/config_env.py
new file mode 100644
index 0000000..3699f09
--- /dev/null
+++ b/config_env.py
@@ -0,0 +1,15 @@
+#This file reads the .env where the variables should be stored
+import os
+from dotenv import load_dotenv
+
+load_dotenv()
+
+SECRET = os.getenv("SECRET")
+KEYCLOAK_AUDIENCE = os.getenv("KEYCLOAK_AUDIENCE")
+KEYCLOAK_SERVER = os.getenv("KEYCLOAK_SERVER")
+KEYCLOAK_ISSUER = os.getenv("KEYCLOAK_ISSUER")
+KEYCLOAK_PROTOCOL_ENDPOINT = os.getenv("KEYCLOAK_PROTOCOL_ENDPOINT")
+KEYCLOAK_JWKS_URL = os.getenv("KEYCLOAK_JWKS_URL")
+KEYCLOAK_AUTH_URL = os.getenv("KEYCLOAK_AUTH_URL")
+KEYCLOAK_TOKEN_URL = os.getenv("KEYCLOAK_TOKEN_URL")
+
diff --git a/routes/__pycache__/reslevis.cpython-310.pyc b/routes/__pycache__/reslevis.cpython-310.pyc
index 291c2b7..220bbc3 100644
Binary files a/routes/__pycache__/reslevis.cpython-310.pyc and b/routes/__pycache__/reslevis.cpython-310.pyc differ
diff --git a/routes/reslevis.py b/routes/reslevis.py
index cbccc61..9362770 100644
--- a/routes/reslevis.py
+++ b/routes/reslevis.py
@@ -6,15 +6,11 @@ from schemas.reslevis import (
 )
 from logica_reslevis.gateway import GatewayJsonRepository
 
-# importa le dipendenze di sicurezza
-from security import get_current_user, require_roles
+from security import get_current_user
 
 gateway_repo = GatewayJsonRepository()
 router = APIRouter()
 
-# -----------------------
-# Endpoints pubblici (se vuoi che restino pubblici, niente Depends)
-# -----------------------
 @router.get("/getBuildings", response_model=List[BuildingItem], tags=["Reslevis"])
 def getBuildings():
     return []
@@ -27,9 +23,6 @@ def getPlans():
 def getZones():
     return []
 
-# -----------------------
-# Endpoints protetti: richiedono almeno un Bearer token valido
-# -----------------------
 @router.get("/getGateways", response_model=List[GatewayItem], tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def getGateways():
     return gateway_repo.list()
@@ -54,18 +47,10 @@ def getAlarms():
 def getTracks():
     return []
 
-# -----------------------
-# Operazioni di scrittura su Gateway:
-# - Token valido
-# - Ruolo richiesto (esempio: "reslevis:write")
-#   Cambia il nome ruolo per allinearlo a come lo hai definito in Keycloak
-# -----------------------
-write_role = "reslevis:write"  # esempio; usa il tuo realm/client role
-
 @router.post(
     "/postGateway",
     tags=["Reslevis"],
-    dependencies=[Depends(require_roles(write_role))]
+    dependencies=[Depends(get_current_user)]
 )
 def postGateway(item: GatewayItem):
     try:
@@ -79,7 +64,7 @@ def postGateway(item: GatewayItem):
 @router.put(
     "/updateGateway",
     tags=["Reslevis"],
-    dependencies=[Depends(require_roles(write_role))]
+    dependencies=[Depends(get_current_user)]
 )
 def updateGateway(item: GatewayItem):
     try:
@@ -96,7 +81,7 @@ def updateGateway(item: GatewayItem):
 @router.delete(
     "/removeGateway/{gateway_id}",
     tags=["Reslevis"],
-    dependencies=[Depends(require_roles(write_role))]
+    dependencies=[Depends(get_current_user)]
 )
 def removeGateway(gateway_id: str):
     try:
@@ -107,35 +92,35 @@ def removeGateway(gateway_id: str):
     except Exception as e:
         raise HTTPException(status_code=500, detail=f"Errore interno: {e}")
 
-@router.post("/postBuilding", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postBuilding", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postBuilding(item: BuildingItem):
     return {"message": "OK"}
 
-@router.post("/postPlan", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postPlan", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postPlan(item: PlanItem):
     return {"message": "OK"}
 
-@router.post("/postZone", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postZone", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postZone(item: ZoneItem):
     return {"message": "OK"}
 
-@router.post("/postTracker", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postTracker", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postTracker(item: TrackerItem):
     return {"message": "OK"}
 
-@router.post("/postOperator", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postOperator", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postOperator(item: OperatorItem):
     return {"message": "OK"}
 
-@router.post("/postSubject", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postSubject", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postSubject(item: SubjectItem):
     return {"message": "OK"}
 
-@router.post("/postAlarm", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postAlarm", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postAlarm(item: AlarmItem):
     return {"message": "OK"}
 
-@router.post("/postTrack", tags=["Reslevis"], dependencies=[Depends(require_roles(write_role))])
+@router.post("/postTrack", tags=["Reslevis"], dependencies=[Depends(get_current_user)])
 def postTrack(item: TrackItem):
     return {"message": "OK"}
 
diff --git a/security.py b/security.py
index cbed1a6..04e4543 100644
--- a/security.py
+++ b/security.py
@@ -3,6 +3,7 @@ from typing import Dict, Any, List, Optional
 import os
 import logging
 import httpx
+import config_env
 from jose import jwt, JWTError
 from fastapi import HTTPException, status, Depends
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
@@ -10,14 +11,20 @@ from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 logger = logging.getLogger("security")
 
 # === CONFIG ===
-KEYCLOAK_ISSUER = os.getenv(
-    "KEYCLOAK_ISSUER",
-    "https://192.168.1.3:10002/realms/API.Server.local",
-)
-KEYCLOAK_JWKS_URL = os.getenv(
-    "KEYCLOAK_JWKS_URL",
-    "https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/certs",
-)
+#KEYCLOAK_ISSUER = os.getenv(
+#    "KEYCLOAK_ISSUER",
+#    "https://10.251.0.30:10002/realms/API.Server.local",
+    #"https://192.168.1.3:10002/realms/API.Server.local",
+#)
+#KEYCLOAK_JWKS_URL = os.getenv(
+#    "KEYCLOAK_JWKS_URL",
+#    "https://10.251.0.30:10002/realms/API.Server.local/protocol/openid-connect/certs",
+    #"https://192.168.1.3:10002/realms/API.Server.local/protocol/openid-connect/certs",
+#)
+
+KEYCLOAK_ISSUER = config_env.KEYCLOAK_ISSUER
+KEYCLOAK_JWKS_URL = config_env.KEYCLOAK_JWKS_URL
+
 KEYCLOAK_AUDIENCE = os.getenv("KEYCLOAK_AUDIENCE", "Fastapi")
 
 ALGORITHMS = ["RS256", "RS384", "RS512", "PS256", "PS384", "PS512"]