diff --git a/api/App/Program.cs b/api/App/Program.cs
index 5eb51fd..af7e8e9 100644
--- a/api/App/Program.cs
+++ b/api/App/Program.cs
@@ -25,6 +25,13 @@ public class Program
         var authOptions = builder.Configuration.GetSection("Auth").Get<AuthOptions>()
             ?? throw new InvalidOperationException("Auth configuration was not found.");
 
+        if (builder.Environment.IsProduction())
+        {
+            authOptions.Admin.Password =
+                Environment.GetEnvironmentVariable("KLAPI_ADMIN_PASSWORD")
+                ?? throw new InvalidOperationException("Admin password must be set in production environment using KLAPI_ADMIN_PASSWORD environment variable.");
+        }
+
         if (string.IsNullOrWhiteSpace(authOptions.SigningKey) || authOptions.SigningKey.Length < 32)
         {
             throw new InvalidOperationException("Auth:SigningKey must be at least 32 characters long.");
diff --git a/api/App/appsettings.json b/api/App/appsettings.json
index baa5594..0dc4bd3 100644
--- a/api/App/appsettings.json
+++ b/api/App/appsettings.json
@@ -12,15 +12,10 @@
     "Issuer": "klapi-api",
     "Audience": "klapi-ui",
     "SigningKey": "change-this-to-a-long-random-32-char-minimum-key",
-    "AllowedOrigins": [
-      "http://localhost:5173",
-      "http://127.0.0.1:5173",
-      "http://localhost:4173",
-      "http://127.0.0.1:4173"
-    ],
+    "AllowedOrigins": ["https://klapi.tietokonepaja.fi"],
     "Admin": {
       "Username": "admin",
-      "Password": "changeme",
+      "Password": "<set in env var KLAPI_ADMIN_PASSWORD>",
       "DisplayName": "Administrator"
     }
   },
diff --git a/api/Database/klapi.db b/api/Database/klapi.db
index f92d992..7270131 100644
Binary files a/api/Database/klapi.db and b/api/Database/klapi.db differ