diff --git a/.env.example b/.env.example
index a96c1e2..594d95d 100644
--- a/.env.example
+++ b/.env.example
@@ -9,9 +9,46 @@ FLASK_ENV=development
 PORT=5000
 HOST=0.0.0.0
 
-# Database Configuration (PostgreSQL on NORDABIZ-01)
+# Database Configuration
+# ==============================================
+#
+# DATABASE_URL: Full PostgreSQL connection string used by Python scripts
+# Format: postgresql://username:password@host:port/database
+#
+# Development (local Docker):
+#   DATABASE_URL=postgresql://nordabiz_user:nordabiz_password@localhost:5433/nordabiz
+#
+# Production (NORDABIZ-01 server):
+#   DATABASE_URL=postgresql://nordabiz_app:your_password_here@10.22.68.249:5432/nordabiz
+#
+# IMPORTANT SECURITY NOTE:
+# - NEVER hardcode production passwords in source code (CWE-798)
+# - Keep this file (.env) out of version control (already in .gitignore)
+# - Set DATABASE_URL as environment variable before running any script
+# - All Python scripts will fail safely if DATABASE_URL is not set
+#
 DATABASE_URL=postgresql://nordabiz_app:your_password_here@10.22.68.249:5432/nordabiz
 
+# PGPASSWORD: PostgreSQL password for shell scripts (psql, pg_dump, etc.)
+# This environment variable is used by PostgreSQL command-line tools
+#
+# Shell scripts (like view_maturity_results.sh) require PGPASSWORD to be set:
+#   export PGPASSWORD='your_database_password'
+#   ./view_maturity_results.sh
+#
+# Or set it inline (one-time):
+#   PGPASSWORD='your_database_password' ./view_maturity_results.sh
+#
+# SECURITY WARNING:
+# - Do NOT set PGPASSWORD in this .env file (it's only read by Python/Flask)
+# - Shell scripts cannot read .env files automatically
+# - Set PGPASSWORD in your shell session or use .pgpass file instead
+# - See: https://www.postgresql.org/docs/current/libpq-pgpass.html
+#
+# Example .pgpass file (~/.pgpass with chmod 600):
+#   10.22.68.249:5432:nordabiz:nordabiz_app:your_password_here
+#   localhost:5433:nordabiz:nordabiz_user:nordabiz_password
+
 # Google Gemini API
 GOOGLE_GEMINI_API_KEY=your_gemini_api_key_here