diff --git a/lib/authenticate.ts b/lib/authenticate.ts
index 8f451f4..9df5003 100644
--- a/lib/authenticate.ts
+++ b/lib/authenticate.ts
@@ -1,3 +1,5 @@
+const ADMIN_PASSWORD = process.env.ADMIN_PASSWORD
+
 export function authenticateAdmin({
   username,
   password,
@@ -9,8 +11,11 @@ export function authenticateAdmin({
     return false
   }
 
-  // FIXME: move at least to env variable
-  if (password !== 'secret') {
+  if (!ADMIN_PASSWORD) {
+    throw new Error('ADMIN_PASSWORD not set. Login disabled!')
+  }
+
+  if (password !== ADMIN_PASSWORD) {
     return false
   }