diff --git a/.gitignore b/.gitignore
index c5d9428..dfd3209 100644
--- a/.gitignore
+++ b/.gitignore
@@ -44,8 +44,6 @@ node_modules/
 package-lock.json
 
 ### api key ###
-src/main/resources/application-google.yml
-src/main/resources/application-dev.yml
 
 
 ### harness ###
diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-local.yml
similarity index 63%
rename from src/main/resources/application-dev.yml
rename to src/main/resources/application-local.yml
index 387fd3b..89366a8 100644
--- a/src/main/resources/application-dev.yml
+++ b/src/main/resources/application-local.yml
@@ -13,21 +13,41 @@ spring:
     show-sql: true
   flyway:
     enabled: true
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: local-dummy-client-id
+            client-secret: local-dummy-client-secret
+            scope:
+              - email
+              - profile
 
 app:
   jwt:
     secret: NHk7ya+qk5IVD/24BO7/BLFfdpqrZ6bSw/J9EyQDP7uCHtoF9NxD7OUwiHpiqt+MsxQd5eOcCknYJhvF+N8AVg==
-    access-token-expiration-seconds: 10
-    refresh-token-expiration-seconds: 86400
+    access-token-expiration-seconds: 3600
+    refresh-token-expiration-seconds: 1209600
   oauth2:
     redirect-success-url: http://localhost:3000/oauth2/redirect
   cookie:
     secure: false
   cors:
     allowed-origins:
+      - https://vs.io.kr
       - http://localhost:3000
       - http://127.0.0.1:3000
     allowed-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
     allowed-headers: Authorization,Content-Type,X-Requested-With,Accept,Origin
     allow-credentials: true
     max-age: 3600
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health
+  endpoint:
+    health:
+      show-details: never
diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml
index e24e831..854d172 100644
--- a/src/main/resources/application-prod.yml
+++ b/src/main/resources/application-prod.yml
@@ -46,8 +46,9 @@ app:
   cors:
     # 브라우저 기반 운영 도메인은 APP_CORS_ALLOWED_ORIGINS에 콤마로 구분해 설정합니다.
     # 예: https://vs.io.kr,https://admin.vs.io.kr
+    # 로컬 프론트 개발 편의를 위해 기본값에 localhost:3000을 임시 포함합니다.
     # 백엔드 서버간 직접 호출에는 브라우저 CORS 검사가 적용되지 않습니다.
-    allowed-origins: ${APP_CORS_ALLOWED_ORIGINS:https://vs.io.kr}
+    allowed-origins: ${APP_CORS_ALLOWED_ORIGINS:https://vs.io.kr,http://localhost:3000,http://127.0.0.1:3000}
     allowed-methods: ${APP_CORS_ALLOWED_METHODS:GET,POST,PUT,PATCH,DELETE,OPTIONS}
     allowed-headers: ${APP_CORS_ALLOWED_HEADERS:Authorization,Content-Type,X-Requested-With,Accept,Origin}
     allow-credentials: ${APP_CORS_ALLOW_CREDENTIALS:true}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 3f29a31..7e65639 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,8 +1,6 @@
 spring:
   application:
     name: vs-server
-  profiles:
-    active: dev,google
   jackson:
     serialization:
       write-dates-as-timestamps: false
diff --git a/src/test/java/com/ject/vs/VsServerApplicationTests.java b/src/test/java/com/ject/vs/VsServerApplicationTests.java
index 435245d..6701e45 100644
--- a/src/test/java/com/ject/vs/VsServerApplicationTests.java
+++ b/src/test/java/com/ject/vs/VsServerApplicationTests.java
@@ -2,11 +2,10 @@
 
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.ActiveProfiles;
 
-@SpringBootTest(properties = {
-		"spring.security.oauth2.client.registration.google.client-id=test",
-		"spring.security.oauth2.client.registration.google.client-secret=test"
-})
+@ActiveProfiles("test")
+@SpringBootTest
 class VsServerApplicationTests {
 
 	@Test
diff --git a/src/test/resources/application-test.yml b/src/test/resources/application-test.yml
new file mode 100644
index 0000000..71a7753
--- /dev/null
+++ b/src/test/resources/application-test.yml
@@ -0,0 +1,51 @@
+spring:
+  datasource:
+    url: jdbc:h2:mem:testdb;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+    driver-class-name: org.h2.Driver
+    username: sa
+    password:
+  h2:
+    console:
+      enabled: false
+  jpa:
+    hibernate:
+      ddl-auto: validate
+  flyway:
+    enabled: true
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: test-dummy-client-id
+            client-secret: test-dummy-client-secret
+            scope:
+              - email
+              - profile
+
+app:
+  jwt:
+    secret: NHk7ya+qk5IVD/24BO7/BLFfdpqrZ6bSw/J9EyQDP7uCHtoF9NxD7OUwiHpiqt+MsxQd5eOcCknYJhvF+N8AVg==
+    access-token-expiration-seconds: 3600
+    refresh-token-expiration-seconds: 1209600
+  oauth2:
+    redirect-success-url: http://localhost:3000/oauth2/redirect
+  cookie:
+    secure: false
+  cors:
+    allowed-origins:
+      - http://localhost:3000
+      - http://127.0.0.1:3000
+    allowed-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
+    allowed-headers: Authorization,Content-Type,X-Requested-With,Accept,Origin
+    allow-credentials: true
+    max-age: 3600
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: health
+  endpoint:
+    health:
+      show-details: never