diff --git a/conf/sample.ini b/conf/sample.ini
index b4bc6027abf..05d5e570b20 100644
--- a/conf/sample.ini
+++ b/conf/sample.ini
@@ -367,8 +367,10 @@
 # default admin email, created on startup
 ;admin_email = admin@localhost
 
-# used for signing
-;secret_key = SW2YcwTIb9zpOOhoPsMm
+# IMPORTANT: Set this to a unique, random string in production.
+# Used for signing. If you change it later you may need to re-encode secrets.
+# Example: openssl rand -hex 32
+;secret_key = CHANGE_ME_TO_A_RANDOM_SECRET
 
 # current key provider used for envelope encryption, default to static value specified by secret_key
 ;encryption_provider = secretKey.v1
@@ -2136,8 +2138,10 @@ default_datasource_uid =
 ;run_data_key_migration = true
 
 [secrets_manager.encryption.secret_key.v1]
-# Used to encrypt data keys
-;secret_key = SW2YcwTIb9zpOOhoPsMm
+# IMPORTANT: Set this to a unique, random string in production.
+# Used to encrypt data keys.
+# Example: openssl rand -hex 32
+;secret_key = CHANGE_ME_TO_A_RANDOM_SECRET
 
 
 ################################## Frontend development configuration ###################################