diff --git a/.env b/.env
new file mode 100644
index 0000000..088fc6e
--- /dev/null
+++ b/.env
@@ -0,0 +1,2 @@
+LR_LOGIN_USERNAME=admin
+LR_LOGIN_PASSWORD=hidroteklr2026
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 667aaef..ff0bebf 100644
--- a/.gitignore
+++ b/.gitignore
@@ -31,3 +31,5 @@ build/
 
 ### VS Code ###
 .vscode/
+
+.env
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index c11ed54..d47d22e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -62,6 +62,11 @@
 			<artifactId>jsch</artifactId>
 			<version>0.2.21</version>
 		</dependency>
+		<dependency>
+			<groupId>me.paulschwarz</groupId>
+			<artifactId>spring-dotenv</artifactId>
+			<version>4.0.0</version>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/src/main/java/com/litoralregas/vpnorchestrator/login/LoginController.java b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginController.java
new file mode 100644
index 0000000..5472c50
--- /dev/null
+++ b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginController.java
@@ -0,0 +1,38 @@
+package com.litoralregas.vpnorchestrator.login;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+@RestController
+@RequestMapping("/api/login")
+public class LoginController {
+    private final LoginService loginService;
+
+    public LoginController(
+            LoginService loginService
+    ) {
+        this.loginService = loginService;
+    }
+
+    @PostMapping
+    public ResponseEntity<LoginResponse> login(
+            @RequestBody LoginRequest request
+    ) {
+        boolean authenticated =
+                loginService.authenticate(
+                        request.username(),
+                        request.password()
+                );
+
+        if (!authenticated) {
+            return ResponseEntity
+                    .status(HttpStatus.UNAUTHORIZED)
+                    .body(new LoginResponse(false));
+        }
+
+        return ResponseEntity.ok(
+                new LoginResponse(true)
+        );
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/com/litoralregas/vpnorchestrator/login/LoginRequest.java b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginRequest.java
new file mode 100644
index 0000000..461b68f
--- /dev/null
+++ b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginRequest.java
@@ -0,0 +1,6 @@
+package com.litoralregas.vpnorchestrator.login;
+
+public record LoginRequest(
+        String username,
+        String password
+) {}
\ No newline at end of file
diff --git a/src/main/java/com/litoralregas/vpnorchestrator/login/LoginResponse.java b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginResponse.java
new file mode 100644
index 0000000..fea5a5c
--- /dev/null
+++ b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginResponse.java
@@ -0,0 +1,5 @@
+package com.litoralregas.vpnorchestrator.login;
+
+public record LoginResponse(
+        boolean authenticated
+) {}
\ No newline at end of file
diff --git a/src/main/java/com/litoralregas/vpnorchestrator/login/LoginService.java b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginService.java
new file mode 100644
index 0000000..5305bb6
--- /dev/null
+++ b/src/main/java/com/litoralregas/vpnorchestrator/login/LoginService.java
@@ -0,0 +1,22 @@
+package com.litoralregas.vpnorchestrator.login;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+@Service
+public class LoginService {
+
+    @Value("${lr.login.username}")
+    private String expectedUsername;
+
+    @Value("${lr.login.password}")
+    private String expectedPassword;
+
+    public boolean authenticate(
+            String username,
+            String password
+    ) {
+        return expectedUsername.equals(username)
+                && expectedPassword.equals(password);
+    }
+}
\ No newline at end of file
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index e69c952..fe2f72b 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -22,4 +22,9 @@ app:
       username: lr-vpn
       password: hidrotek2026
       connect-timeout-ms: 10000
-      command-timeout-ms: 15000
\ No newline at end of file
+      command-timeout-ms: 15000
+
+lr:
+  login:
+    username: ${LR_LOGIN_USERNAME}
+    password: ${LR_LOGIN_PASSWORD}
\ No newline at end of file