diff --git a/.github/workflows/run-backend-bdd-tests.yml b/.github/workflows/run-backend-bdd-tests.yml
index 768a6516f0..734779a502 100644
--- a/.github/workflows/run-backend-bdd-tests.yml
+++ b/.github/workflows/run-backend-bdd-tests.yml
@@ -65,7 +65,7 @@ jobs:
         uses: docker/bake-action@v5
         timeout-minutes: 30
         with:
-          files: docker-compose.dev.yml
+          files: docker-compose.bdd.yml
           targets: backend
           load: true
           # Uncomment this to force a rebuild of the image
@@ -74,7 +74,7 @@ jobs:
               *.cache-from=type=gha,scope=infisical-backend-bdd-tests
               *.cache-to=type=gha,mode=max,scope=infisical-backend-bdd-tests
       - name: Start Infisical
-        run: docker compose -f docker-compose.dev.yml up -d
+        run: docker compose -f docker-compose.bdd.yml up -d
       - name: Wait for API to be ready
         uses: nick-fields/retry@v3
         with:
@@ -90,12 +90,12 @@ jobs:
           BOOTSTRAP_INFISICAL: "1"
       - name: cleanup
         run: |
-          docker compose -f "docker-compose.dev.yml" down
+          docker compose -f "docker-compose.bdd.yml" down
       - name: Dump backend logs
         if: always()  # Ensures this runs even if previous steps fail
         run: |
           mkdir -p logs
-          docker compose -f docker-compose.dev.yml logs backend > logs/backend.log 2>&1 || true
+          docker compose -f docker-compose.bdd.yml logs backend > logs/backend.log 2>&1 || true
       - name: Upload backend logs as artifact
         if: always()  # Always upload, even on failure/cancellation
         uses: actions/upload-artifact@v4
diff --git a/docker-compose.bdd.yml b/docker-compose.bdd.yml
new file mode 100644
index 0000000000..815c9cf474
--- /dev/null
+++ b/docker-compose.bdd.yml
@@ -0,0 +1,69 @@
+version: "3.9"
+
+services:
+  nginx:
+    container_name: infisical-dev-nginx
+    image: nginx
+    restart: "always"
+    ports:
+      - 8080:80
+      - 8443:443
+    volumes:
+      - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
+    depends_on:
+      - backend
+
+  db:
+    image: postgres:14-alpine
+    ports:
+      - "5432:5432"
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_PASSWORD: infisical
+      POSTGRES_USER: infisical
+      POSTGRES_DB: infisical
+
+  redis:
+    image: redis
+    container_name: infisical-dev-redis
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+    ports:
+      - 6379:6379
+    volumes:
+      - redis_data:/data
+
+
+  backend:
+    container_name: infisical-dev-api
+    build:
+      context: ./backend
+      dockerfile: Dockerfile.dev
+    depends_on:
+      db:
+        condition: service_started
+      redis:
+        condition: service_started
+    env_file:
+      - .env
+    ports:
+      - 4000:4000
+      - 9464:9464 # for OTEL collection of Prometheus metrics
+    environment:
+      - NODE_ENV=development
+      - DB_CONNECTION_URI=postgres://infisical:infisical@db/infisical?sslmode=disable
+      - TELEMETRY_ENABLED=false
+    volumes:
+      - ./backend/src:/app/src
+      - softhsm_tokens:/etc/softhsm2/tokens # SoftHSM tokens are stored in a volume to persist across container restarts
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
+
+volumes:
+  postgres-data:
+    driver: local
+  redis_data:
+    driver: local
+  softhsm_tokens:
+    driver: local
\ No newline at end of file