diff --git a/backoffice/.env.example b/backoffice/.env.example
index 86f0984..a93d08a 100644
--- a/backoffice/.env.example
+++ b/backoffice/.env.example
@@ -34,6 +34,10 @@ JWT_SECRET=your-super-secret-jwt-key
 # Token expiration (should match backend for consistency)
 JWT_EXPIRATION=7d
 
+# RSA Private Key (for Credentials Encryption)
+# Must match the one used by the Backend to decrypt.
+RSA_PRIVATE_KEY_BASE64=your-base64-encoded-private-key
+
 # NOTE: PASSWORD_PEPPER is NOT needed here.
 # The backoffice does not handle login - it only validates tokens via Bearer header or cookie.