From 24f017444424451eca03ab992ff91e4d85edca7f Mon Sep 17 00:00:00 2001
From: Egor <egor@philippov.ca>
Date: Sat, 14 Feb 2026 13:31:23 -0800
Subject: [PATCH] highlight the importance of a strong API key password

---
 .env.example | 2 +-
 README.md    | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 41147e2..a5ee584 100644
--- a/.env.example
+++ b/.env.example
@@ -1,4 +1,4 @@
-# Required: API key for authentication
+# Required: Password for web UI login and credential encryption (use a strong unique password)
 # API_KEY=your-secret-key-here
 
 # Optional Configuration
diff --git a/README.md b/README.md
index ab17dce..d12ff91 100644
--- a/README.md
+++ b/README.md
@@ -276,5 +276,6 @@ curl http://localhost:8080/api/v1/health \
 }
 ```
 
+## API Key Security
 
-
+Your API_KEY is both the login password and the master encryption key for all integration credentials. Use a strong unique password. Changing it will make all encrypted credentials unrecoverable.