diff --git a/.env.example b/.env.example
index 62ed026..2c6c4fe 100644
--- a/.env.example
+++ b/.env.example
@@ -1,86 +1,86 @@
 # Base Configuration
 
 # The base URL where Tinyauth is accessible
-TINYAUTH_APPURL=https://auth.example.com
+TINYAUTH_APPURL="https://auth.example.com"
 # Log level: trace, debug, info, warn, error
-TINYAUTH_LOGLEVEL=info
+TINYAUTH_LOGLEVEL="info"
 # Directory for static resources
-TINYAUTH_RESOURCESDIR=/data/resources
+TINYAUTH_RESOURCESDIR="/data/resources"
 # Path to SQLite database file
-TINYAUTH_DATABASEPATH=/data/tinyauth.db
+TINYAUTH_DATABASEPATH="/data/tinyauth.db"
 # Disable version heartbeat
-TINYAUTH_DISABLEANALYTICS=false
+TINYAUTH_DISABLEANALYTICS="false"
 # Disable static resource serving
-TINYAUTH_DISABLERESOURCES=false
+TINYAUTH_DISABLERESOURCES="false"
 # Disable UI warning messages
-TINYAUTH_DISABLEUIWARNINGS=false
+TINYAUTH_DISABLEUIWARNINGS="false"
 # Enable JSON formatted logs
-TINYAUTH_LOGJSON=false
+TINYAUTH_LOGJSON="false"
 
 # Server Configuration
 
 # Port to listen on
-TINYAUTH_SERVER_PORT=3000
+TINYAUTH_SERVER_PORT="3000"
 # Interface to bind to (0.0.0.0 for all interfaces)
-TINYAUTH_SERVER_ADDRESS=0.0.0.0
+TINYAUTH_SERVER_ADDRESS="0.0.0.0"
 # Unix socket path (optional, overrides port/address if set)
-TINYAUTH_SERVER_SOCKETPATH=
+TINYAUTH_SERVER_SOCKETPATH=""
 # Comma-separated list of trusted proxy IPs/CIDRs
-TINYAUTH_SERVER_TRUSTEDPROXIES=
+TINYAUTH_SERVER_TRUSTEDPROXIES=""
 
 # Authentication Configuration
 
 # Format: username:bcrypt_hash (use bcrypt to generate hash)
-TINYAUTH_AUTH_USERS=admin:$2a$10$example_bcrypt_hash_here
+TINYAUTH_AUTH_USERS="admin:$2a$10$example_bcrypt_hash_here"
 # Path to external users file (optional)
-TINYAUTH_USERSFILE=
+TINYAUTH_USERSFILE=""
 # Enable secure cookies (requires HTTPS)
-TINYAUTH_SECURECOOKIE=true
+TINYAUTH_SECURECOOKIE="true"
 # Session expiry in seconds (7200 = 2 hours)
-TINYAUTH_SESSIONEXPIRY=7200
+TINYAUTH_SESSIONEXPIRY="7200"
 # Login timeout in seconds (300 = 5 minutes)
-TINYAUTH_LOGINTIMEOUT=300
+TINYAUTH_LOGINTIMEOUT="300"
 # Maximum login retries before lockout
-TINYAUTH_LOGINMAXRETRIES=5
+TINYAUTH_LOGINMAXRETRIES="5"
 
 # OAuth Configuration
 
 # Regex pattern for allowed email addresses (e.g., /@example\.com$/)
-TINYAUTH_OAUTH_WHITELIST=
+TINYAUTH_OAUTH_WHITELIST=""
 # Provider ID to auto-redirect to (skips login page)
-TINYAUTH_OAUTH_AUTOREDIRECT=
+TINYAUTH_OAUTH_AUTOREDIRECT=""
 # OAuth Provider Configuration (replace MYPROVIDER with your provider name)
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID=your_client_id_here
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET=your_client_secret_here
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL=https://provider.example.com/oauth/authorize
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL=https://provider.example.com/oauth/token
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL=https://provider.example.com/oauth/userinfo
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL=https://auth.example.com/oauth/callback/myprovider
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES=openid email profile
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME=My OAuth Provider
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTID="your_client_id_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_CLIENTSECRET="your_client_secret_here"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_AUTHURL="https://provider.example.com/oauth/authorize"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_TOKENURL="https://provider.example.com/oauth/token"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_USERINFOURL="https://provider.example.com/oauth/userinfo"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_REDIRECTURL="https://auth.example.com/oauth/callback/myprovider"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_SCOPES="openid email profile"
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_NAME="My OAuth Provider"
 # Allow self-signed certificates
-TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE=false
+TINYAUTH_OAUTH_PROVIDERS_MYPROVIDER_INSECURE="false"
 
 # UI Customization
 
 # Custom title for login page
-TINYAUTH_UI_TITLE=Tinyauth
+TINYAUTH_UI_TITLE="Tinyauth"
 # Message shown on forgot password page
 TINYAUTH_UI_FORGOTPASSWORDMESSAGE="Contact your administrator to reset your password"
 # Background image URL for login page
-TINYAUTH_UI_BACKGROUNDIMAGE=
+TINYAUTH_UI_BACKGROUNDIMAGE=""
 
 # LDAP Configuration
 
 # LDAP server address
-TINYAUTH_LDAP_ADDRESS=ldap://ldap.example.com:389
+TINYAUTH_LDAP_ADDRESS="ldap://ldap.example.com:389"
 # DN for binding to LDAP server
-TINYAUTH_LDAP_BINDDN=cn=readonly,dc=example,dc=com
+TINYAUTH_LDAP_BINDDN="cn=readonly,dc=example,dc=com"
 # Password for bind DN
-TINYAUTH_LDAP_BINDPASSWORD=your_bind_password
+TINYAUTH_LDAP_BINDPASSWORD="your_bind_password"
 # Base DN for user searches
-TINYAUTH_LDAP_BASEDN=dc=example,dc=com
+TINYAUTH_LDAP_BASEDN="dc=example,dc=com"
 # Search filter (%s will be replaced with username)
-TINYAUTH_LDAP_SEARCHFILTER=(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))
+TINYAUTH_LDAP_SEARCHFILTER="(&(uid=%s)(memberOf=cn=users,ou=groups,dc=example,dc=com))"
 # Allow insecure LDAP connections
-TINYAUTH_LDAP_INSECURE=false
+TINYAUTH_LDAP_INSECURE="false"