diff --git a/api/lib/utils.ts b/api/lib/utils.ts
index 2f00e96e5da..bcf7e49b319 100644
--- a/api/lib/utils.ts
+++ b/api/lib/utils.ts
@@ -329,17 +329,28 @@ export function parseSecurityKeys(
 		'S2_AccessControl',
 		'S0_Legacy',
 	]
+	const availableLongRangeKeys = ['S2_Authenticated', 'S2_AccessControl']
 
 	const envKeys = Object.keys(process.env)
 		.filter((k) => k?.startsWith('KEY_'))
 		.map((k) => k.substring(4))
 
+	const longRangeEnvKeys = Object.keys(process.env)
+		.filter((k) => k?.startsWith('KEY_LR_'))
+		.map((k) => k.substring(7))
+
 	// load security keys from env
 	for (const k of envKeys) {
 		if (availableKeys.includes(k)) {
 			config.securityKeys[k] = process.env[`KEY_${k}`]
 		}
 	}
+	// load long range security keys from env
+	for (const k of longRangeEnvKeys) {
+		if (availableLongRangeKeys.includes(k)) {
+			config.securityKeysLongRange[k] = process.env[`KEY_LR_${k}`]
+		}
+	}
 
 	options.securityKeys = {}
 	options.securityKeysLongRange = {}
@@ -359,10 +370,10 @@ export function parseSecurityKeys(
 
 	config.securityKeysLongRange = config.securityKeysLongRange || {}
 
-	// convert security keys to buffer
+	// convert long range security keys to buffer
 	for (const key in config.securityKeysLongRange) {
 		if (
-			availableKeys.includes(key) &&
+			availableLongRangeKeys.includes(key) &&
 			config.securityKeysLongRange[key].length === 32
 		) {
 			options.securityKeysLongRange[key] = Buffer.from(
diff --git a/docs/guide/env-vars.md b/docs/guide/env-vars.md
index 6bd12185a42..c0ff9a9fedc 100644
--- a/docs/guide/env-vars.md
+++ b/docs/guide/env-vars.md
@@ -8,6 +8,8 @@ This is the list of the supported environment variables:
   - `KEY_S2_Unauthenticated`
   - `KEY_S2_Authenticated`
   - `KEY_S2_AccessControl`
+  - `KEY_LR_S2_Authenticated`
+  - `KEY_LR_S2_AccessControl`
 - HTTPS:
   - `HTTPS`: Enable https
   - `SSL_CERTIFICATE` (optional): Absolute path to SSL certificate (for Docker, ensure this is the path as it appears within the container)