diff --git a/main.tf b/main.tf
index 48f11e2..c662fb6 100644
--- a/main.tf
+++ b/main.tf
@@ -12,6 +12,7 @@ terraform {
     endpoints = {
       s3 = "http://s3.localdomain"
     }
+    //@formatter:off
     key                         = "postgres.tfstate"
     bucket                      = "terraform"
     region                      = "FR"
@@ -22,15 +23,34 @@ terraform {
     shared_credentials_files    = ["~/.aws/credentials"]
     profile                     = "minio"
     use_path_style              = true
+    //@formatter:on
+  }
+}
+
+locals {
+  # because merge function didn't support deep merging
+  # order matter because otherwise typing contained in var.connections is set as value in the result local.connection
+  connection = {for key, config in var.connections : key => merge(config, local.private_connection[key])}
+  private_connection = {
+    "default" = {
+      db   = "postgres"
+      host = "database.localdomain"
+      port = 5432
+    },
+    "prod" = {
+      db   = "postgres"
+      host = "database-trusted-primate.localdomain"
+      port = 5432
+    }
   }
 }
 
 provider "postgresql" {
-  host            = "database.localdomain"
-  port            = 5432
-  database        = var.postgres.db
-  username        = var.postgres.user
-  password        = var.postgres.secret
+  host            = local.connection[terraform.workspace].host
+  port            = local.connection[terraform.workspace].port
+  database        = local.connection[terraform.workspace].db
+  username        = local.connection[terraform.workspace].username
+  password        = local.connection[terraform.workspace].password
   sslmode         = "disable"
   connect_timeout = 15
 }
@@ -55,7 +75,7 @@ module "gitea" {
   username      = "gitea"
   collate       = "fr_FR.UTF-8"
   ctype         = "fr_FR.UTF-8"
-  privileges    = ["CREATE", "CONNECT", "TEMPORARY"]
+  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
 }
 
 module "keycloak" {
@@ -64,7 +84,7 @@ module "keycloak" {
   username      = "keycloak"
   collate       = "fr_FR.utf8"
   ctype         = "fr_FR.utf8"
-  privileges    = ["CREATE", "CONNECT", "TEMPORARY"]
+  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
 }
 
 module "nextcloud" {
@@ -73,13 +93,13 @@ module "nextcloud" {
   username      = "nextcloud"
   collate       = "fr_FR.utf8"
   ctype         = "fr_FR.utf8"
-  privileges    = ["CREATE", "CONNECT", "TEMPORARY"]
+  privileges = ["CREATE", "CONNECT", "TEMPORARY"]
 }
 
 module "favorite_link" {
-  source = "./generic-database"
+  source        = "./generic-database"
   database_name = "favorite-link"
-  username = "favorite-link"
+  username      = "favorite-link"
 }
 
 output "ampere_account" {
@@ -103,6 +123,6 @@ output "nextcloud_account" {
   sensitive = true
 }
 output "favorite_link_account" {
-  value = module.favorite_link.account
+  value     = module.favorite_link.account
   sensitive = true
 }
\ No newline at end of file
diff --git a/variables.tf b/variables.tf
index e32aa44..173849b 100644
--- a/variables.tf
+++ b/variables.tf
@@ -1,9 +1,29 @@
+variable "connections" {
+  description = "postgres configuration map by environment"
+  sensitive   = true
+  type = object({
+    default : object({
+      db : optional(string)
+      host : optional(string)
+      port : optional(number)
+      username : optional(string, "postgres")
+      password : string
+    })
+    prod : object({
+      db : optional(string)
+      host : optional(string)
+      port : optional(number)
+      username : optional(string, "postgres")
+      password : string
+    })
+  })
+}
+
 variable "postgres" {
   description = "postgres configuration"
-  sensitive   = true
-  type        = object({
-    user   = optional(string, "postgres")
+  type = object({
+    user = optional(string, "postgres")
     secret = string
-    db     = optional(string, "postgres")
+    db = optional(string, "postgres")
   })
 }
\ No newline at end of file