diff --git a/.env.example b/.env.example
index 5a2bdd7..99935b0 100644
--- a/.env.example
+++ b/.env.example
@@ -11,3 +11,21 @@ INFERENCE_API_URL=http://localhost:8001
 INFERENCE_API_TIMEOUT=30000
 INFERENCE_BATCH_TIMEOUT=120000
 NEXT_PUBLIC_PREDICTIONS_ENABLED=true
+
+# Authentication Configuration (Auth.js v5)
+# Generate a strong random value for AUTH_SECRET: openssl rand -hex 32
+AUTH_SECRET=change_me_to_a_strong_random_secret
+
+# Google OAuth Configuration
+# Get these from Google Cloud Console: https://console.cloud.google.com/
+AUTH_GOOGLE_ID=your_google_oauth_client_id
+AUTH_GOOGLE_SECRET=your_google_oauth_client_secret
+
+# Auth.js trust host configuration
+# Set to true when using HTTP (e.g., localhost), should be false in production with HTTPS
+AUTH_TRUST_HOST=true
+
+# Default admin user credentials
+# Change these to your desired default admin email and password
+DEFAULT_ADMIN_EMAIL=admin@example.com
+DEFAULT_ADMIN_PASSWORD=change_me_to_a_strong_password
diff --git a/openspec/changes/user-accounts/tasks.md b/openspec/changes/user-accounts/tasks.md
index 59d75ff..5b2a11d 100644
--- a/openspec/changes/user-accounts/tasks.md
+++ b/openspec/changes/user-accounts/tasks.md
@@ -1,7 +1,7 @@
 ## 1. Dependencies & Configuration
 
 - [x] 1.1 `[haiku]` Install npm dependencies: `next-auth@5`, `bcryptjs`, `@types/bcryptjs`
-- [ ] 1.2 `[haiku]` Add environment variables to `.env.example`: `AUTH_SECRET`, `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET`, `AUTH_TRUST_HOST`, `DEFAULT_ADMIN_EMAIL`, `DEFAULT_ADMIN_PASSWORD`
+- [x] 1.2 `[haiku]` Add environment variables to `.env.example`: `AUTH_SECRET`, `AUTH_GOOGLE_ID`, `AUTH_GOOGLE_SECRET`, `AUTH_TRUST_HOST`, `DEFAULT_ADMIN_EMAIL`, `DEFAULT_ADMIN_PASSWORD`
 - [ ] 1.3 `[haiku]` Update `docker-compose.yml` to pass new auth env vars to the candle-annotator service
 
 ## 2. Database Schema & Migration