diff --git a/.gitignore b/.gitignore
index 15de390..5a045a3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 node_modules
 data
+.env
diff --git a/package.json b/package.json
index a49fab0..db10376 100644
--- a/package.json
+++ b/package.json
@@ -8,7 +8,7 @@
 	"imports": {},
 	"main": "index.js",
 	"scripts": {
-		"start": "NODE_OPTIONS='--experimental-sqlite' node --watch src/index.js",
+		"start": "NODE_OPTIONS='--experimental-sqlite' node --watch --env-file=.env src/index.js",
 		"test": "echo \"Error: no test specified\" && exit 1"
 	},
 	"dependencies": {
diff --git a/src/db/connection.js b/src/db/connection.js
index 81dbcd1..30cf8f6 100644
--- a/src/db/connection.js
+++ b/src/db/connection.js
@@ -1,6 +1,6 @@
 import { DatabaseSync } from "node:sqlite"
 
-const DATABASE_PATH = "/home/thomas/repos/eolas-api/data/eolas.db"
+const DATABASE_PATH = process.env.DB_PATH
 
 const database = new DatabaseSync(DATABASE_PATH)
 
diff --git a/src/index.js b/src/index.js
index 345cd39..e8255e4 100644
--- a/src/index.js
+++ b/src/index.js
@@ -2,16 +2,17 @@ import express from "express"
 import entries from "./routes/entries.js"
 import tags from "./routes/tags.js"
 import cors from "cors"
-
+import { validateApiKey } from "./middlewear/auth.js"
 const app = express()
 
 const port = process.env.PORT || 3000
 
 app.use(cors())
 app.use(express.json())
+app.use("/", validateApiKey)
 app.use("/entries", entries)
 app.use("/tags", tags)
 
 app.listen(port, () => {
-	console.info(`INFO Server running at http://localhost:${port}`)
+	console.info(`INFO eolas-api server running at http://localhost:${port}`)
 })
diff --git a/src/middlewear/auth.js b/src/middlewear/auth.js
new file mode 100644
index 0000000..1c8b93d
--- /dev/null
+++ b/src/middlewear/auth.js
@@ -0,0 +1,17 @@
+const validateApiKey = (req, res, next) => {
+	const apiKey = req.headers["x-api-key"]
+
+	if (!apiKey) {
+		return res.status(401).json({
+			error: "API key is required.",
+		})
+	}
+
+	if (apiKey !== process.env.API_KEY) {
+		return res.status(403).json({ error: "Invalid API key" })
+	}
+
+	next()
+}
+
+export { validateApiKey }