diff --git a/agenix-config-module.nix b/agenix-config-module.nix
index 8e9196e..d58a8ad 100644
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@@ -4,4 +4,9 @@
     owner = "dynamicdns";
     group = "dynamicdns";
   };
+  age.secrets.LLDAP_DEFAULT_ADMIN_PASSWORD = {
+    file = ./secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age;
+    owner = "lldap";
+    group = "lldap";
+  };
 }
diff --git a/configuration.nix b/configuration.nix
index 469e8aa..456840d 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -130,10 +130,11 @@
       ldap_base_dn = "dc=twins,dc=pearson";
       # Sets the root administrator's user name
       ldap_user_dn = "admin";
-      # Default administrator password
-      ldap_user_pass = "extending pulsate nastily";
       http_host = "127.0.0.1";
     };
+    environment = {
+      LLDAP_LDAP_USER_PASS_FILE = config.age.secrets.LLDAP_DEFAULT_ADMIN_PASSWORD.path;
+    };
   };
 
   # Dynamic DNS through duck dns
diff --git a/secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age b/secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age
new file mode 100644
index 0000000..e3b34b5
Binary files /dev/null and b/secrets/LLDAP_DEFAULT_ADMIN_PASSWORD.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 117b641..926d1d9 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,4 +6,5 @@ let
 in
 {
   "samsehu_DUCK_DNS_TOKEN.age".publicKeys = geemili ++ [ samsehu ];
+  "LLDAP_DEFAULT_ADMIN_PASSWORD.age".publicKeys = geemili ++ [ samsehu ];
 }