diff --git a/containers/pihole/default.nix b/containers/pihole/default.nix
index 3c26ba4..ffcfa8e 100644
--- a/containers/pihole/default.nix
+++ b/containers/pihole/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ config, lib, ... }:
 let
   ip = "10.0.0.203";
   interface = "eno1";
@@ -22,13 +22,26 @@ in
     ];
     environment = {
       TZ = "America/Detroit";
-      WEBPASSWORD = "CHANGE_ME_PLEASE!";
       FTLCONF_LOCAL_IPV4 = ip;
       INTERFACE = interface;
     };
     extraOptions = [ "--network=host" ];
   };
 
+  age.secrets.piholeAdminPass = {
+    file = ../../secrets/piholeAdminPass.age;
+    mode = "770";
+    owner = "share";
+    group = "share";
+  };
+
+  systemd.services.podman-pihole.postStart =
+    let
+      password = config.age.secrets.piholeAdminPass.path;
+    in ''
+      podman exec -it pihole pihole -a -p ${password}
+    '';
+
   networking.firewall = {
     allowedTCPPorts = [ 53 80 ];
     allowedUDPPorts = [ 53 ];
diff --git a/secrets/piholeAdminPass.age b/secrets/piholeAdminPass.age
new file mode 100644
index 0000000..d82ffaa
--- /dev/null
+++ b/secrets/piholeAdminPass.age
@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 VoJMUA CGfkrC5LHa88XpHrxGJAELHXi+fcoSILipOJjxWPWhQ
+ZSlQrcKXSeaevABSk8Xf76PPZZGC3jp+fdhxvB2u60I
+--- m/rAZBuJimyZwQF5Q7AR3bmJoIcyekaprdxpZzZM0Go
+nT÷½(Ð³ÈwiÄVÆÍÄâÊÎq='*u<Ž=ÃsO)iµ«.p	cï®V¤1¹Ç]	JÅyà*®ÊnQ›v
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9906800..75da4e5 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -2,12 +2,14 @@ let
   systems = {
     eden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByi8x1IgXBC6iw6MJoO7xIkkU4bdIaQ3Mi6zEtm+IJh";
     oasis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICCvgPNEJrWjeCUmF/izLhIzaAwSNYHW9o5meYmGHGzj";
+    raindog = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINq0rMkFlizGPijlHKMYS9CGWJ2T1ZJHqaLozWdoySz2";
   };
   allSystems = builtins.attrValues systems;
 in
 {
   "forgejoAdminPass.age".publicKeys = [ systems.oasis ];
   "forgejoRunnerToken.age".publicKeys = [ systems.oasis ];
+  "piholeAdminPass.age".publicKeys = [ systems.raindog ];
   "pushoverAppToken.age".publicKeys = allSystems;
   "pushoverUserToken.age".publicKeys = allSystems;
 }