diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index d212f13..9ddaf48 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -76,6 +76,9 @@ jobs:
           RABBITMQ_SMTP_PASS: ${{ secrets.RABBITMQ_SMTP_PASS }}
           KEYCLOAK_ADMIN: ${{ vars.KEYCLOAK_ADMIN }}
           KEYCLOAK_ADMIN_PASSWORD: ${{ secrets.KEYCLOAK_ADMIN_PASSWORD }}
+          PLATFORM_ADMIN_PASSWORD: ${{ secrets.PLATFORM_ADMIN_PASSWORD }}
+          CONTENT_MANAGER_PASSWORD: ${{ secrets.CONTENT_MANAGER_PASSWORD }}
+          ORG_MANAGER_TEMP_PASSWORD: ${{ secrets.ORG_MANAGER_TEMP_PASSWORD }}
           KC_SMTP_HOST: ${{ vars.KC_SMTP_HOST }}
           KC_SMTP_PORT: ${{ vars.KC_SMTP_PORT }}
           KC_SMTP_FROM: ${{ vars.KC_SMTP_FROM }}
@@ -146,6 +149,9 @@ jobs:
             printf 'RABBITMQ_SMTP_PASS=%s\n'       "$RABBITMQ_SMTP_PASS"
             printf 'KEYCLOAK_ADMIN=%s\n'           "$KEYCLOAK_ADMIN"
             printf 'KEYCLOAK_ADMIN_PASSWORD=%s\n'  "$KEYCLOAK_ADMIN_PASSWORD"
+            printf 'PLATFORM_ADMIN_PASSWORD=%s\n'  "$PLATFORM_ADMIN_PASSWORD"
+            printf 'CONTENT_MANAGER_PASSWORD=%s\n' "$CONTENT_MANAGER_PASSWORD"
+            printf 'ORG_MANAGER_TEMP_PASSWORD=%s\n' "$ORG_MANAGER_TEMP_PASSWORD"
             printf 'KC_SMTP_HOST=%s\n'             "$KC_SMTP_HOST"
             printf 'KC_SMTP_PORT=%s\n'             "$KC_SMTP_PORT"
             printf 'KC_SMTP_FROM=%s\n'             "$KC_SMTP_FROM"
diff --git a/api/src/core/settings.py b/api/src/core/settings.py
index 8a9b529..7c63af0 100644
--- a/api/src/core/settings.py
+++ b/api/src/core/settings.py
@@ -26,6 +26,7 @@ class Settings(BaseSettings):
   SMTP_PASSWORD: str = ""
   SMTP_USER: str = ""
   SMTP_FROM: str = ""
+  ORG_MANAGER_TEMP_PASSWORD: str = ""
 
   WEB_URL: str = "http://localhost:5173"
   API_URL: str = "http://localhost:8000"
diff --git a/api/src/services/keycloak_admin/base_handler.py b/api/src/services/keycloak_admin/base_handler.py
index fa5dcf1..5469266 100644
--- a/api/src/services/keycloak_admin/base_handler.py
+++ b/api/src/services/keycloak_admin/base_handler.py
@@ -16,6 +16,7 @@ def __init__(self):
         self.smtp_password = settings.SMTP_PASSWORD
         self.smtp_user = settings.SMTP_USER
         self.smtp_from = settings.SMTP_FROM
+        self.org_manager_temp_password = settings.ORG_MANAGER_TEMP_PASSWORD
         self.keycloak_client = get_keycloak_client()
 
         if not self.keycloak_url:
diff --git a/api/src/services/keycloak_admin/realm_handler.py b/api/src/services/keycloak_admin/realm_handler.py
index 817f3ea..6be74db 100644
--- a/api/src/services/keycloak_admin/realm_handler.py
+++ b/api/src/services/keycloak_admin/realm_handler.py
@@ -140,6 +140,7 @@ def create_realm(
             smtp_password=self.smtp_password,
             smtp_user=self.smtp_user,
             smtp_from=self.smtp_from,
+            org_manager_temp_password=self.org_manager_temp_password,
         )
 
         client_scopes = list(template["client_scopes"])
diff --git a/api/src/services/keycloak_admin/realm_template.json b/api/src/services/keycloak_admin/realm_template.json
index e87ab1b..7a80294 100644
--- a/api/src/services/keycloak_admin/realm_template.json
+++ b/api/src/services/keycloak_admin/realm_template.json
@@ -713,7 +713,7 @@
             "credentials": [
                 {
                     "type": "password",
-                    "value": "1234",
+                    "value": "{org_manager_temp_password}",
                     "temporary": true
                 }
             ],
@@ -727,4 +727,4 @@
             }
         }
     ]
-}
\ No newline at end of file
+}
diff --git a/deployment/.env.dev.example b/deployment/.env.dev.example
index 4b935e1..e614724 100644
--- a/deployment/.env.dev.example
+++ b/deployment/.env.dev.example
@@ -38,6 +38,9 @@ RABBITMQ_SMTP_PASS=smtp_consumer_pass
 # Keycloak Configuration
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
+PLATFORM_ADMIN_PASSWORD=admin
+CONTENT_MANAGER_PASSWORD=admin
+ORG_MANAGER_TEMP_PASSWORD=1234
 CLIENT_SECRET=your_very_secure_key_here
 KEYCLOAK_INTERNAL_URL=http://keycloak:8080
 API_INTERNAL_URL=http://api:8000
diff --git a/deployment/.env.prod.example b/deployment/.env.prod.example
index 3c19a7b..0ea4eda 100644
--- a/deployment/.env.prod.example
+++ b/deployment/.env.prod.example
@@ -38,6 +38,9 @@ RABBITMQ_SMTP_PASS=smtp_consumer_pass
 # Keycloak Configuration
 KEYCLOAK_ADMIN=admin
 KEYCLOAK_ADMIN_PASSWORD=admin
+PLATFORM_ADMIN_PASSWORD=change-me
+CONTENT_MANAGER_PASSWORD=change-me
+ORG_MANAGER_TEMP_PASSWORD=change-me
 CLIENT_SECRET=your_very_secure_key_here
 KEYCLOAK_INTERNAL_URL=http://keycloak:8080/kc
 API_INTERNAL_URL=http://api:80
diff --git a/deployment/docker-compose.dev.yml b/deployment/docker-compose.dev.yml
index 1ed2d67..0744330 100644
--- a/deployment/docker-compose.dev.yml
+++ b/deployment/docker-compose.dev.yml
@@ -69,7 +69,7 @@ services:
       - "3900:3900"
       - "3901:3901"
     volumes:
-      - ./services/garage/garage.template.toml:/etc/garage.toml:ro
+      - ./services/garage/garage.toml:/etc/garage.toml:ro
       - garage_data:/var/lib/garage
     healthcheck:
       test: ["CMD", "/garage", "-c", "/etc/garage.toml", "status"]
@@ -124,6 +124,8 @@ services:
     environment:
       KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      PLATFORM_ADMIN_PASSWORD: ${PLATFORM_ADMIN_PASSWORD}
+      CONTENT_MANAGER_PASSWORD: ${CONTENT_MANAGER_PASSWORD}
       KC_IMPORT: /opt/keycloak/data/import/
       KC_HTTP_ACCESS_LOG_ENABLED: "true"
       KC_LOG_CATEGORY_ORG_KEYCLOAK_AUTHORIZATION: DEBUG
@@ -208,6 +210,7 @@ services:
       SMTP_PASSWORD: ${KC_SMTP_PASSWORD}
       SMTP_USER: ${KC_SMTP_USER}
       SMTP_FROM: ${KC_SMTP_FROM}
+      ORG_MANAGER_TEMP_PASSWORD: ${ORG_MANAGER_TEMP_PASSWORD}
     ports:
       - "8000:8000"
     volumes:
diff --git a/deployment/docker-compose.yml b/deployment/docker-compose.yml
index f7d9594..448fee4 100644
--- a/deployment/docker-compose.yml
+++ b/deployment/docker-compose.yml
@@ -148,6 +148,8 @@ services:
     environment:
       KEYCLOAK_ADMIN: ${KEYCLOAK_ADMIN}
       KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_ADMIN_PASSWORD}
+      PLATFORM_ADMIN_PASSWORD: ${PLATFORM_ADMIN_PASSWORD}
+      CONTENT_MANAGER_PASSWORD: ${CONTENT_MANAGER_PASSWORD}
 
       KC_IMPORT: /opt/keycloak/data/import/
       KC_LOG_LEVEL: INFO
@@ -223,6 +225,7 @@ services:
       SMTP_PASSWORD: ${KC_SMTP_PASSWORD}
       SMTP_USER: ${KC_SMTP_USER}
       SMTP_FROM: ${KC_SMTP_FROM}
+      ORG_MANAGER_TEMP_PASSWORD: ${ORG_MANAGER_TEMP_PASSWORD}
     expose:
       - "80"
     healthcheck:
diff --git a/deployment/services/keycloak/imports/realm-export.json b/deployment/services/keycloak/imports/realm-export.json
index f551c79..4ff1105 100644
--- a/deployment/services/keycloak/imports/realm-export.json
+++ b/deployment/services/keycloak/imports/realm-export.json
@@ -53,7 +53,7 @@
         "credentials": [
           {
             "type": "password",
-            "value": "admin"
+            "value": "${PLATFORM_ADMIN_PASSWORD}"
           }
         ],
         "realmRoles": [
@@ -66,7 +66,7 @@
         "credentials": [
           {
             "type": "password",
-            "value": "admin"
+            "value": "${CONTENT_MANAGER_PASSWORD}"
           }
         ],
         "realmRoles": [
@@ -194,4 +194,4 @@
       }
     ]
   }
-]
\ No newline at end of file
+]