diff --git a/sample.env b/sample.env
index 2d0b6936f..6fdce3b14 100644
--- a/sample.env
+++ b/sample.env
@@ -1,3 +1,4 @@
+# ## REBUILD THE DEVCONTAINER WHEN YOU MODIFY .ENV ###
 
 NOTIFY_ENVIRONMENT=development
 FLASK_APP=application.py
@@ -6,30 +7,32 @@ WERKZEUG_DEBUG_PIN=off
 
 REDIS_URL=redis://adminredis:6379/0
 DEV_REDIS_URL=redis://adminredis:6379/0
-REDIS_ENABLED=1
+REDIS_ENABLED=True
 
 SQLALCHEMY_DATABASE_URI=postgres://postgres:chummy@db:5432/notification_api
 
 ANTIVIRUS_ENABLED=0
-GIT_SSL_NO_VERIFY=1 # Dont use in production, if we need to install gds reqs from source, get and add the cert manually
 NODE_VERSION=16.15.1
 
-ADMIN_CLIENT_USER_NAME=notify-admin
+# ADMIN_CLIENT_USERNAME is called ADMIN_CLIENT_ID in api repo, they should match
+ADMIN_CLIENT_USERNAME=notify-admin
 ADMIN_CLIENT_SECRET=dev-notify-secret-key
 GOVUK_ALERTS_CLIENT_ID=govuk-alerts
 
-SECRET_KEY=dev-notify-secret-key
-DANGEROUS_SALT=dev-notify-salt
-
 # URL of admin app
-ADMIN_BASE_URL=http://0.0.0.0:6012
+ADMIN_BASE_URL=http://admin:6012
 
 # URL of api app (on AWS this is the internal api endpoint)
-API_HOST_NAME=http://0.0.0.0:6011
-DEV_API_HOST_NAME=http://0.0.0.0:6011
+API_HOST_NAME=http://dev:6011
+DEV_API_HOST_NAME=http://dev:6011
 
 # AWS
 AWS_REGION=us-west-2
-AWS_ACCESS_KEY_ID=
-AWS_SECRET_ACCESS_KEY=
+AWS_ACCESS_KEY_ID="don't write secrets to the sample file"
+AWS_SECRET_ACCESS_KEY="don't write secrets to the sample file"
+
+# beta protection
+BASIC_AUTH_USERNAME=username
+BASIC_AUTH_PASSWORD=password
+