diff --git a/pizzicore/pizzicore.env.sample b/pizzicore/pizzicore.env.sample
index 77e10db..2ec8c6a 100644
--- a/pizzicore/pizzicore.env.sample
+++ b/pizzicore/pizzicore.env.sample
@@ -1,3 +1,4 @@
 STORAGE_DIR="/home/puz/my/hackmeeting/numeretti/pizzicore/storage/"
 APP_NAME="Numeretti hackmeeting"
 QUEUES_NUMBER=2
+ADMIN_PASSWORD="superSecure123"
diff --git a/pizzicore/pizzicore.py b/pizzicore/pizzicore.py
index 22a115b..171264d 100644
--- a/pizzicore/pizzicore.py
+++ b/pizzicore/pizzicore.py
@@ -18,6 +18,7 @@ class Settings(BaseSettings):
     app_name: str = "Numeretti"
     storage_dir: Path = Path("/var/lib/pizzicore")
     queues_number: int = 1
+    admin_password: str = "changeme!"
 
     class Config:
         env_file = "pizzicore.env"
@@ -125,9 +126,8 @@ class Value(BaseModel):
 
 
 def get_current_role(credentials: HTTPBasicCredentials = Depends(security)):
-    # XXX: read user/pass from config
-    correct_username = secrets.compare_digest(credentials.username, "avanti")
-    correct_password = secrets.compare_digest(credentials.password, "prossimo")
+    correct_username = secrets.compare_digest(credentials.username, "admin")
+    correct_password = secrets.compare_digest(credentials.password, settings.admin_password)
     if not (correct_username and correct_password):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,