diff --git a/semaphore/.env b/semaphore/.env
new file mode 100644
index 0000000..d04d130
--- /dev/null
+++ b/semaphore/.env
@@ -0,0 +1,48 @@
+# .env file for Semaphore with OpenID Connect
+
+# --- Database Configuration ---
+# Use a strong password for the database
+POSTGRES_HOST=database
+POSTGRES_USER=semaphore
+POSTGRES_PASSWORD=your_strong_db_password
+POSTGRES_DB=semaphore
+
+# --- Semaphore Configuration ---
+# Generate a random string for database encryption
+# You can use a tool like "openssl rand -base64 32" to generate a string.
+SEMAPHORE_DATABASE_ENCRYPTION=CHANGE_THIS_TO_A_RANDOM_STRING
+
+# A user to be created on first start (if the database is empty)
+SEMAPHORE_DEFAULT_USER=admin
+SEMAPHORE_DEFAULT_EMAIL=admin@example.com
+SEMAPHORE_DEFAULT_PASSWORD=your_secure_admin_password
+
+# The port where Semaphore will listen
+SEMAPHORE_PORT=3000
+
+# The URL of your Semaphore instance. This is required for OpenID.
+# Replace with the actual URL where you will access Semaphore.
+SEMAPHORE_URL=http://localhost:3000
+
+# --- OpenID Connect Configuration ---
+# Enable OpenID Connect authentication
+SEMAPHORE_OIDC_ENABLED=true
+
+# Your OpenID provider's discovery URL.
+# Example: https://accounts.google.com/.well-known/openid-configuration
+SEMAPHORE_OIDC_DISCOVERY_URL=YOUR_OPENID_DISCOVERY_URL
+
+# The client ID you get from your OpenID provider
+SEMAPHORE_OIDC_CLIENT_ID=YOUR_CLIENT_ID
+
+# The client secret you get from your OpenID provider
+SEMAPHORE_OIDC_CLIENT_SECRET=YOUR_CLIENT_SECRET
+
+# A list of OpenID users who will have admin privileges in Semaphore.
+# The value should be the subject (sub) or email of the user.
+# You can list multiple users separated by a comma, e.g., "user1,user2".
+SEMAPHORE_OIDC_ADMIN_USERS=admin@example.com
+
+# The scope to request from the OpenID provider.
+# "openid" and "email" are standard. You may need more depending on your provider.
+SEMAPHORE_OIDC_SCOPE=openid email