diff --git a/README.md b/README.md
index e905e63..9cda94b 100644
--- a/README.md
+++ b/README.md
@@ -53,6 +53,12 @@ docker compose run --rm web bundle update
 docker compose up --build
 ```
 
+## Production build
+
+```
+docker build -f production.Dockerfile .
+```
+
 ## Credits/References
 
 ### Rails with Docker
diff --git a/heroku.yml b/heroku.yml
new file mode 100644
index 0000000..187f7e0
--- /dev/null
+++ b/heroku.yml
@@ -0,0 +1,5 @@
+build:
+  docker:
+    web: production.Dockerfile
+run:
+  web: bundle exec puma -C config/puma.rb
diff --git a/production.Dockerfile b/production.Dockerfile
new file mode 100644
index 0000000..c8bb292
--- /dev/null
+++ b/production.Dockerfile
@@ -0,0 +1,40 @@
+FROM ruby:3.1.2-slim
+
+
+RUN apt-get update -qq && apt-get install -yq --no-install-recommends \
+    build-essential \
+    gnupg2 \
+    curl \
+    git \
+    libpq-dev \
+  && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+ENV LANG=C.UTF-8 \
+  BUNDLE_JOBS=4 \
+  BUNDLE_RETRY=3 \
+ RAILS_ENV=production
+
+RUN gem update --system && gem install bundler
+
+WORKDIR /usr/src/app
+
+COPY Gemfile* ./
+
+RUN bundle config frozen true \
+ && bundle config jobs 4 \
+ && bundle config deployment true \
+ && bundle config without 'development test' \
+ && bundle install
+
+COPY . .
+
+# Precompile assets
+# SECRET_KEY_BASE or RAILS_MASTER_KEY is required in production, but we don't
+# want real secrets in the image or image history. The real secret is passed in
+# at run time
+ARG SECRET_KEY_BASE=fakekeyforassets
+RUN bundle exec rails assets:clobber && bundle exec rails assets:precompile
+
+EXPOSE 3000
+
+CMD ["bundle", "exec", "puma", "-C", "config/puma.rb"]