diff --git a/docs/deployment/breaking-changes.md b/docs/deployment/breaking-changes.md
index 15acc880..47086ba9 100644
--- a/docs/deployment/breaking-changes.md
+++ b/docs/deployment/breaking-changes.md
@@ -10,8 +10,20 @@ This table regroups all the breaking changes introduced, with the corresponding
 
 | Change                                | Deprecated in | Changed in |
 |:--------------------------------------|:--------------|:-----------|
+| [OpenAEV encryption of secret](#openaev-encryption) | -         | 2.1.0      |
 | [OpenAEV renaming](#openaev-renaming) | 1.18.20       | 2.0.0      |
 
+## OpenAEV 2.1.0
+
+### Introduction
+
+<a id="openaev-encryption"></a>
+#### OpenAEV encryption
+
+With the introduction of the OpenAEV catalog, built-in connectors now store their configuration in the database. To ensure security, secrets and passwords within these configurations must be encrypted. This requires two new mandatory properties to be configured.
+
+For more details, see [this migration guide](breaking-changes/2.1.0-encrypting-password.md)
+
 ## OpenAEV 2.0.0
 
 ### Deprecation
diff --git a/docs/deployment/breaking-changes/2.1.0-encrypting-password.md b/docs/deployment/breaking-changes/2.1.0-encrypting-password.md
new file mode 100644
index 00000000..d3b85ab7
--- /dev/null
+++ b/docs/deployment/breaking-changes/2.1.0-encrypting-password.md
@@ -0,0 +1,16 @@
+# OpenAEV encryption
+
+!!! info ""
+
+    * **Introduced in**: `OpenAEV 2.1.0`
+
+## Description of changes
+
+With the introduction of the composer catalog, built-in connectors are managed through the OpenAEV UI. Those connectors have their configuration saved in database.
+
+For security reasons, the properties of type password need to be encrypted inside the database. This means that we need to introduce two new mandatory properties (as you can see here in the page dedicated to [configuration](../../configuration/#basic-parameters)) :
+
+| Parameter                          | Environment variable               | Default value         | Description                                                                                                              |
+|:-----------------------------------|:-----------------------------------|:----------------------|:-------------------------------------------------------------------------------------------------------------------------|
+| openaev.admin.encryption_key       | OPENAEV_ADMIN_ENCRYPTION_KEY       | ChangeMe              | Encryption key used for encrypting sensitive data in database. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose.                                |
+| openaev.admin.encryption_salt      | OPENAEV_ADMIN_ENCRYPTION_SALT      | ChangeMe              | Encryption salt used for encrypting sensitive data in database. Must be at least 8 bytes long. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose  |
diff --git a/docs/deployment/configuration.md b/docs/deployment/configuration.md
index 76338738..7327fbe4 100644
--- a/docs/deployment/configuration.md
+++ b/docs/deployment/configuration.md
@@ -37,6 +37,8 @@ Here are the configuration keys, for both containers (environment variables) and
 | openaev.admin.email                | OPENAEV_ADMIN_EMAIL                | admin@openaev.io      | Default login email of the admin user                                                                                    |
 | openaev.admin.password             | OPENAEV_ADMIN_PASSWORD             | ChangeMe              | Default password of the admin user                                                                                       |
 | openaev.admin.token                | OPENAEV_ADMIN_TOKEN                | ChangeMe              | Default token (must be a valid UUIDv4)                                                                                   |
+| openaev.admin.encryption_key       | OPENAEV_ADMIN_ENCRYPTION_KEY       | ChangeMe              | Encryption key used for encrypting sensitive data in database. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose.                                |
+| openaev.admin.encryption_salt      | OPENAEV_ADMIN_ENCRYPTION_SALT      | ChangeMe              | Encryption salt used for encrypting sensitive data in database. Must be at least 8 bytes long. Encryption key and salt are used to generate a 256bit encryption key for encrypting purpose  |
 | openaev.healthcheck.key            | OPENAEV_HEALTHCHECK_KEY            | ChangeMe              | The key to use in the health check endpoint (/api/health)                                                                |
 | inject.execution.threshold.minutes | INJECT_EXECUTION_THRESHOLD_MINUTES | 10                    | Inject execution threshold in minutes. If this time is exceeded, the inject will be moved to the MAYBE_PREVENTED status. |
 | openaev.starterpack.enabled        | OPENAEV_STARTERPACK_ENABLED        | true                  | StarterPack feature, providing default endpoint, asset group, scenarios and dashboards                                   |
diff --git a/mkdocs.yml b/mkdocs.yml
index 900af519..01bd9549 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -128,6 +128,7 @@ nav:
       - Index: deployment/breaking-changes.md
       - Migration guides:
         - OpenAEV renaming: deployment/breaking-changes/2.0.0-openaev-renaming.md
+        - OpenAEV encryption: deployment/breaking-changes/2.1.0-encrypting-password.md
   - User Guide:
     - Getting started: usage/getting-started.md
     - Foundations: