diff --git a/.env.example b/.env.example
new file mode 100644
index 0000000..70bd52a
--- /dev/null
+++ b/.env.example
@@ -0,0 +1,7 @@
+# Web interface authentication password
+WEB_PASSWORD=admin
+
+# Encryption key for securing stored OTP secrets
+# You MUST change this for a production deployment!
+# Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
+ENCRYPTION_KEY=CHANGE_ME_TO_A_VALID_FERNET_KEY
diff --git a/README.md b/README.md
index e30582c..797f920 100644
--- a/README.md
+++ b/README.md
@@ -16,7 +16,7 @@ This application acts as a central manager. You can add the IP address, Port (de
 ## Setup & Running
 
 1. Clone or copy this directory.
-2. Edit `docker-compose.yml`:
+2. Copy `.env.example` to `.env` and edit it:
    - Change `WEB_PASSWORD` to your desired password for the web interface (the username can be anything, e.g., `admin`).
    - Change `ENCRYPTION_KEY` to a securely generated Fernet key.
      *You can generate one by running: `python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"`*
diff --git a/docker-compose.yml b/docker-compose.yml
index 2ad2584..53489ea 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,11 +5,11 @@ services:
     build: .
     container_name: xivlauncher-remote-otp
     ports:
-      - "8080:8080"
+      - "127.0.0.1:8080:8080"
     volumes:
       - ./data:/app/data
     environment:
-      - WEB_PASSWORD=admin
+      - WEB_PASSWORD=${WEB_PASSWORD:-admin}
       # Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
-      - ENCRYPTION_KEY=CHANGE_ME_TO_A_VALID_FERNET_KEY
+      - ENCRYPTION_KEY=${ENCRYPTION_KEY:-CHANGE_ME_TO_A_VALID_FERNET_KEY}
     restart: unless-stopped