diff --git a/monitoring/compose.yml b/monitoring/compose.yml
index 51c326f..86f7776 100644
--- a/monitoring/compose.yml
+++ b/monitoring/compose.yml
@@ -6,6 +6,8 @@ services:
     image: grafana/grafana:8.4.4
     volumes:
       - grafana-data:/var/lib/grafana:rw
+    secrets:
+      - grafana_admin_password
     configs:
       - source: grafana_datasources_yml
         target: /etc/grafana/provisioning/datasources/datasources.yml
@@ -28,6 +30,7 @@ services:
       - GF_SECURITY_ALLOW_EMBEDDING
       - GF_INSTALL_PLUGINS=grafana-piechart-panel
       - GF_SERVER_ROOT_URL=https://${GRAFANA_DOMAIN}
+      - GF_SECURITY_ADMIN_PASSWORD__FILE=/run/secrets/grafana_admin_password
     deploy:
       labels:
         - "traefik.enable=true"
@@ -134,3 +137,6 @@ secrets:
   loki_aws_secret_access_key:
     external: true
     name: ${STACK_NAME}_loki_aws_secret_access_key_${SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION}
+  grafana_admin_password:
+    external: true
+    name: ${STACK_NAME}_grafana_admin_password_${SECRET_GRAFANA_ADMIN_PASSWORD_VERSION}
diff --git a/monitoring/env b/monitoring/env
index 5117372..6e16112 100644
--- a/monitoring/env
+++ b/monitoring/env
@@ -41,3 +41,4 @@ GRAFANA_STACKS_DASHBOARD_JSON_VERSION=v1
 GRAFANA_TRAEFIK_DASHBOARD_JSON_VERSION=v1
 
 SECRET_LOKI_AWS_SECRET_ACCESS_KEY_VERSION=v1
+SECRET_GRAFANA_ADMIN_PASSWORD_VERSION=v1