diff --git a/.env b/.env
index afcb1e4e3..7dc017b6c 100644
--- a/.env
+++ b/.env
@@ -6,7 +6,8 @@ KEYCLOAK_REALM_NAME=open-products-facts
 KEYCLOAK_TAG=main
 COMPOSE_PROJECT_NAME=openfoodfacts-auth
 COMPOSE_PATH_SEPARATOR=,
-COMPOSE_FILE=docker-compose.yml,docker-compose-run.yml
+COMPOSE_FILE_RUN=docker-compose.yml,docker-compose-run.yml
+COMPOSE_FILE=${COMPOSE_FILE_RUN},docker/dev.yml
 
 KC_DB_USERNAME=keycloak
 KC_DB_PASSWORD=Secret123!
@@ -19,5 +20,5 @@ REDIS_URL=redis:6379
 
 KEYCLOAK_EXPOSE_PORT=5600
 
-# Set to "prod" for hardened deployment. If not suppied then desigend to run more as a test container
+# Set to "prod" for hardened deployment or "dev" for start-dev. Other values will run more as a test container
 KEYCLOAK_STARTUP=dev
diff --git a/Makefile b/Makefile
index 2c716ed51..616dd29bd 100644
--- a/Makefile
+++ b/Makefile
@@ -9,7 +9,7 @@ build:
 	node build-scripts/build_languages.mjs
 	mkdir -p target
 	set -o allexport; source .env; set +o allexport; envsubst \$$PRODUCT_OPENER_OIDC_CLIENT_ID,\$$PRODUCT_OPENER_DOMAIN,\$$PRODUCT_OPENER_OIDC_CLIENT_SECRET,\$$REDIS_URL < conf/open-products-facts-realm.json > target/open-products-facts-realm.json
-	COMPOSE_FILE=${COMPOSE_FILE},docker/dev.yml docker compose up -d --build
+	docker compose up -d --build
 
 up:
 	docker compose up -d
@@ -17,8 +17,10 @@ up:
 down:
 	docker compose down --remove-orphans
 
-dev: run_deps build up
+dev: run_deps build
 
+# We keep a copy of the Keycloak themes in our own source control so that we can easily see diffs after keycloak upgrades.
+# These themese aren't actually used in the deployment, they are just for reference
 refresh_themes:
 	wget https://github.com/keycloak/keycloak/releases/download/${KEYCLOAK_VERSION}/keycloak-${KEYCLOAK_VERSION}.tar.gz
 	tar -xzvf keycloak-${KEYCLOAK_VERSION}.tar.gz keycloak-${KEYCLOAK_VERSION}/lib/lib/main/org.keycloak.keycloak-themes-${KEYCLOAK_VERSION}.jar --strip-components=4
@@ -30,10 +32,9 @@ refresh_themes:
 	rm org.keycloak.keycloak-themes-${KEYCLOAK_VERSION}.jar
 	node build-scripts/refresh_messages.mjs
 
+# Called by other projects to start this project as a dependency
 run: run_deps
-# Don't include dev.yml in "run" mode so we use the pre-built image
-# Change the KEYCLOAK_TAG value to "dev" to use the dev image on run
-	COMPOSE_FILE=docker-compose.yml,docker-compose-run.yml docker compose up -d
+	COMPOSE_FILE=${COMPOSE_FILE_RUN} docker compose up -d
 
 # Space delimited list of dependant projects
 DEPS=openfoodfacts-shared-services
diff --git a/docker-compose-run.yml b/docker-compose-run.yml
index f11774a6a..7f782dbe6 100644
--- a/docker-compose-run.yml
+++ b/docker-compose-run.yml
@@ -21,8 +21,6 @@ services:
       - POSTGRES_PASSWORD=${KC_DB_PASSWORD}
     volumes:
       - dbdata:/var/lib/postgresql/data
-    ports:
-      - 5601:5432
 
   smtp:
     image: rnwood/smtp4dev:latest
diff --git a/docker/dev.yml b/docker/dev.yml
index 905056ef3..c02fdb0c1 100644
--- a/docker/dev.yml
+++ b/docker/dev.yml
@@ -1,9 +1,15 @@
 services:
   keycloak:
+    image: ghcr.io/openfoodfacts/openfoodfacts-auth:dev
     build:
       context: .
       dockerfile: Dockerfile
-      args: 
+      args:
         - KEYCLOAK_VERSION
     volumes:
+      # Bind mount to theme folder so theme can be edited without rebuilding
       - ./theme/off:/opt/keycloak/themes/off
+
+  keycloak_postgres:
+    ports:
+      - 5601:5432