diff --git a/.env.example b/.env.example
index 444cba1..8d159b6 100644
--- a/.env.example
+++ b/.env.example
@@ -1,16 +1,19 @@
+# Dev-only defaults — fine for local. Rotate before deploying anywhere real.
+
 # Used to encrypt JWT tokens
-PAYLOAD_SECRET=YOUR_SECRET_HERE
+PAYLOAD_SECRET=dev_payload_secret_change_me_32_chars_min
 
 # Used to configure CORS, format links and more. No trailing slash
 NEXT_PUBLIC_SERVER_URL=http://localhost:3000
 
 # Secret used to authenticate cron jobs
-CRON_SECRET=YOUR_CRON_SECRET_HERE
+CRON_SECRET=dev_cron_secret_change_me_32_chars_minimum
 
 # Used to validate preview requests
-PREVIEW_SECRET=YOUR_SECRET_HERE
+PREVIEW_SECRET=dev_preview_secret_change_me_32_chars_min
 
-BETTER_AUTH_SECRET=YOUR_SECRET_HERE
+# Required by BetterAuth — must be at least 32 chars
+BETTER_AUTH_SECRET=dev_better_auth_secret_change_me_32_chars
 
 BETTER_AUTH_URL=http://localhost:3000