diff --git a/.env.example b/.env.example
index 940a6d0..2b7ce27 100644
--- a/.env.example
+++ b/.env.example
@@ -4,10 +4,14 @@
 # When the environment is "development", DEBUG is set to True.
 SERVALA_ENVIRONMENT='development'
 
-# Set PREVIOUS_SECRET_KEY when rotating to a new secret key in order to not expire all sessions
+# Set SERVALA_PREVIOUS_SECRET_KEY when rotating to a new secret key in order to not expire all sessions and to remain able to read encrypted fields!
 # SERVALA_PREVIOUS_SECRET_KEY=''
 SERVALA_SECRET_KEY='django-insecure-8sl^1&1f-$3%w7cf)q(rcvi4jo(#s3ug-@be0ooc2ioep*&%7@'
 
+# Set SERVALA_PREVIOUS_SALT_KEY when rotating to a new salt in order to remain able to read encrypted fields!
+# SERVALA_PREVIOUS_SALT_KEY=''
+SERVALA_SALT_KEY='eed6UaCi3euZojai5Iequ8ochookun1o'
+
 # Set the allowed hosts as comma-separated list.
 # Use a leading dot to match a domain and all subdomains.
 # Leave or unset in the development environment in order to accept localhost names.
diff --git a/src/servala/settings.py b/src/servala/settings.py
index d8e5e54..c4c2627 100644
--- a/src/servala/settings.py
+++ b/src/servala/settings.py
@@ -21,6 +21,10 @@ SECRET_KEY = os.environ.get("SERVALA_SECRET_KEY")
 if previous_secret_key := os.environ.get("SERVALA_PREVIOUS_SECRET_KEY"):
     SECRET_KEY_FALLBACKS = [previous_secret_key]
 
+SALT_KEY = os.environ.get("SERVALA_SALT_KEY")
+if previous_salt := os.environ.get("SERVALA_PREVIOUS_SALT_KEY"):
+    SALT_KEY = [SALT_KEY, previous_salt]
+
 BASE_DIR = Path(__file__).resolve().parent.parent
 
 ALLOWED_HOSTS = []