diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md
index 024fdc7..55b88a4 100644
--- a/DEPLOYMENT.md
+++ b/DEPLOYMENT.md
@@ -202,6 +202,25 @@ In GitHub:
    - `development`
    - `production`
 
+### Exact GitHub UI path
+1. Open the private repository:
+   - `https://github.com/Bostame/workdock-platform`
+2. Click:
+   - `Settings`
+3. In the left sidebar, open:
+   - `Environments`
+4. Click:
+   - `New environment`
+5. Create:
+   - `development`
+6. Repeat and create:
+   - `production`
+7. Open the `development` environment
+8. Under `Environment secrets`, click:
+   - `Add environment secret`
+9. Add each required secret one by one
+10. Repeat the same pattern later for `production`
+
 ### Development environment secrets
 Add:
 - `TEST_DEPLOY_HOST`
@@ -217,6 +236,49 @@ Current test values:
 - `TEST_DEPLOY_PATH=/opt/workdock`
 - `TEST_DEPLOY_SSH_KEY=<private key that can ssh to root@192.168.2.55>`
 
+### Development secret entry example
+Use these exact values in the `development` environment:
+
+`TEST_DEPLOY_HOST`
+```text
+192.168.2.55
+```
+
+`TEST_DEPLOY_USER`
+```text
+root
+```
+
+`TEST_DEPLOY_PORT`
+```text
+22
+```
+
+`TEST_DEPLOY_PATH`
+```text
+/opt/workdock
+```
+
+`TEST_DEPLOY_SSH_KEY`
+```text
+<paste the full private SSH key that can log in to root@192.168.2.55>
+```
+
+The SSH key must include the full multi-line content, for example:
+```text
+-----BEGIN OPENSSH PRIVATE KEY-----
+...
+-----END OPENSSH PRIVATE KEY-----
+```
+
+### How to verify the SSH key before adding it
+From your local machine:
+```bash
+ssh -4 root@192.168.2.55
+```
+
+If that works without asking for a password, the matching private key is the correct one to store in `TEST_DEPLOY_SSH_KEY`.
+
 ### Production environment secrets
 Add:
 - `PROD_DEPLOY_HOST`
@@ -239,6 +301,38 @@ From GitHub Actions:
 1. open `Deploy Test`
 2. click `Run workflow`
 
+### First GitHub Actions validation
+After you add the `development` environment secrets:
+1. Open:
+   - `https://github.com/Bostame/workdock-platform/actions`
+2. Open workflow:
+   - `Deploy Test`
+3. Click:
+   - `Run workflow`
+4. Select branch:
+   - `develop`
+5. Run it
+6. Wait until both steps complete:
+   - upload bundle
+   - deploy over SSH
+7. Verify:
+   - `http://192.168.2.55:8088/healthz/`
+8. Then open the app home page in the browser
+
+### What success looks like
+- workflow status is green in GitHub Actions
+- `Deploy Test` job finishes without SSH or health-check errors
+- `/healthz/` returns `200 OK`
+- the containers on the test server remain up
+
+### If the workflow fails
+Check in this order:
+1. wrong or incomplete `TEST_DEPLOY_SSH_KEY`
+2. wrong `TEST_DEPLOY_USER`
+3. wrong `TEST_DEPLOY_PATH`
+4. changed server host key
+5. server disk-space or Docker runtime issue
+
 ## How to validate a deployment
 ### From your machine
 ```bash
diff --git a/backend/workflows/templates/workflows/developer_handbook.html b/backend/workflows/templates/workflows/developer_handbook.html
index d991796..c0b0a39 100644
--- a/backend/workflows/templates/workflows/developer_handbook.html
+++ b/backend/workflows/templates/workflows/developer_handbook.html
@@ -298,6 +298,17 @@ make backup-verify BACKUP_DIR=backups/backup_YYYYmmdd_HHMMSS</code></pre>
         </ul>
       </li>
     </ul>
+    <h3>Exact GitHub UI steps</h3>
+    <ol>
+      <li>Open the private repository on GitHub.</li>
+      <li>Open <code>Settings</code>.</li>
+      <li>Open <code>Environments</code> in the left sidebar.</li>
+      <li>Create the environment <code>development</code>.</li>
+      <li>Create the environment <code>production</code>.</li>
+      <li>Open <code>development</code>.</li>
+      <li>Under <code>Environment secrets</code>, add the deployment secrets one by one.</li>
+      <li>Repeat later for <code>production</code>.</li>
+    </ol>
     <h3>Current test deployment values</h3>
     <ul>
       <li>Host: <code>192.168.2.55</code></li>
@@ -305,6 +316,22 @@ make backup-verify BACKUP_DIR=backups/backup_YYYYmmdd_HHMMSS</code></pre>
       <li>Path: <code>/opt/workdock</code></li>
       <li>URL: <code>http://192.168.2.55:8088</code></li>
     </ul>
+    <h3>Current development secrets</h3>
+    <ul>
+      <li><code>TEST_DEPLOY_HOST=192.168.2.55</code></li>
+      <li><code>TEST_DEPLOY_USER=root</code></li>
+      <li><code>TEST_DEPLOY_PORT=22</code></li>
+      <li><code>TEST_DEPLOY_PATH=/opt/workdock</code></li>
+      <li><code>TEST_DEPLOY_SSH_KEY=&lt;full private key content&gt;</code></li>
+    </ul>
+    <h3>First GitHub Actions test</h3>
+    <ol>
+      <li>Open GitHub Actions.</li>
+      <li>Run the workflow <code>Deploy Test</code> on branch <code>develop</code>.</li>
+      <li>Wait for the SSH upload and deploy steps to finish successfully.</li>
+      <li>Verify <code>http://192.168.2.55:8088/healthz/</code> returns HTTP 200.</li>
+      <li>Then verify the app UI in the browser.</li>
+    </ol>
     <div class="note">
       The current LAN test deployment intentionally uses <code>DJANGO_DEBUG=1</code> in <code>.env.test</code> because the security checks correctly reject insecure cookie settings when <code>DEBUG=0</code> and the deployment is still plain HTTP. This is acceptable for the internal test box only. Production must run with HTTPS and <code>DEBUG=0</code>.
     </div>