diff --git a/.env.sample b/.env.sample
index e69de29..1d3deb1 100644
--- a/.env.sample
+++ b/.env.sample
@@ -0,0 +1,4 @@
+# openssl rand -hex 32
+SECRET_KEY=
+ALGORITHM=HS256
+ACCESS_TOKEN_EXPIRE_MINUTES=30
\ No newline at end of file
diff --git a/app/main.py b/app/main.py
index 18e2c42..e772e63 100755
--- a/app/main.py
+++ b/app/main.py
@@ -6,12 +6,13 @@ from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
 from jose import JWTError, jwt
 from passlib.context import CryptContext
 from pydantic import BaseModel
+from os import getenv
 
 # to get a string like this run:
 # openssl rand -hex 32
-SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
-ALGORITHM = "HS256"
-ACCESS_TOKEN_EXPIRE_MINUTES = 30
+SECRET_KEY = getenv("SECRET_KEY")
+ALGORITHM = getenv("ALGORITHM")
+ACCESS_TOKEN_EXPIRE_MINUTES = int(getenv("ACCESS_TOKEN_EXPIRE_MINUTES"))
 
 
 fake_users_db = {