diff --git a/apps/fz_http/lib/fz_http/application.ex b/apps/fz_http/lib/fz_http/application.ex
index ce56ebe38..45dac53b8 100644
--- a/apps/fz_http/lib/fz_http/application.ex
+++ b/apps/fz_http/lib/fz_http/application.ex
@@ -58,4 +58,11 @@ defmodule FzHttp.Application do
       FzHttpWeb.Presence
     ]
   end
+
+  defp children(:database) do
+    [
+      FzHttp.Repo,
+      FzHttp.Vault
+    ]
+  end
 end
diff --git a/apps/fz_http/lib/fz_http/release.ex b/apps/fz_http/lib/fz_http/release.ex
index aa197b021..34cdbfb85 100644
--- a/apps/fz_http/lib/fz_http/release.ex
+++ b/apps/fz_http/lib/fz_http/release.ex
@@ -24,10 +24,7 @@ defmodule FzHttp.Release do
   end
 
   def create_admin_user do
-    load_app()
-
-    # The whole app needs to be started to run actual DB queries
-    Application.ensure_all_started(@app)
+    boot_database_app()
 
     reply =
       if Repo.exists?(from u in User, where: u.email == ^email()) do
@@ -48,6 +45,8 @@ defmodule FzHttp.Release do
   end
 
   def create_api_token(device \\ :stdio) do
+    boot_database_app()
+
     device
     |> IO.write(default_admin_user() |> mint_jwt())
   end
@@ -76,6 +75,10 @@ defmodule FzHttp.Release do
     FzHttp.Config.fetch_env!(@app, :admin_email)
   end
 
+  defp set_supervision_tree_mode(mode) do
+    Application.put_env(@app, :supervision_tree_mode, mode)
+  end
+
   defp default_admin_user do
     Users.get_by_email(email())
   end
@@ -89,6 +92,12 @@ defmodule FzHttp.Release do
     secret
   end
 
+  defp boot_database_app do
+    load_app()
+    set_supervision_tree_mode(:database)
+    start_app()
+  end
+
   defp load_app do
     Application.load(@app)
 
@@ -97,6 +106,10 @@ defmodule FzHttp.Release do
     Application.ensure_all_started(:ssl)
   end
 
+  defp start_app do
+    Application.ensure_all_started(@app)
+  end
+
   defp default_password do
     FzHttp.Config.fetch_env!(@app, :default_admin_password)
   end
diff --git a/docs/docs/administer/troubleshoot.mdx b/docs/docs/administer/troubleshoot.mdx
index 54bebc44a..575a4b937 100644
--- a/docs/docs/administer/troubleshoot.mdx
+++ b/docs/docs/administer/troubleshoot.mdx
@@ -145,8 +145,8 @@ to reset the admin user's password. The password for the user specified by
 in `$HOME/.firezone/.env` will be reset to the `DEFAULT_ADMIN_PASSWORD` variable.
 
 ```shell
-  cd $HOME/.firezone
-  docker compose exec firezone bin/create-or-reset-admin
+cd $HOME/.firezone
+docker compose exec firezone bin/create-or-reset-admin
 ```
 
 **Note**: If local authentication is disabled, resetting the admin user's
diff --git a/docs/docs/deploy/docker/README.mdx b/docs/docs/deploy/docker/README.mdx
index d2f619d9c..78003fce2 100644
--- a/docs/docs/deploy/docker/README.mdx
+++ b/docs/docs/deploy/docker/README.mdx
@@ -79,7 +79,7 @@ installation process, follow the steps below to install manually.
    Optionally modify other secrets as needed.
 1. Create the first admin:
   ```shell
-  docker compose exec firezone bin/create-or-reset-admin
+  docker compose run --rm firezone bin/create-or-reset-admin
   ```
 1. Bring the services up: `docker compose up -d`
 
diff --git a/omnibus/cookbooks/firezone/recipes/create_admin.rb b/omnibus/cookbooks/firezone/recipes/create_admin.rb
index 2880132fe..f07100476 100644
--- a/omnibus/cookbooks/firezone/recipes/create_admin.rb
+++ b/omnibus/cookbooks/firezone/recipes/create_admin.rb
@@ -21,7 +21,7 @@
 include_recipe 'firezone::config'
 
 execute 'create_admin' do
-  command 'bin/firezone rpc "FzHttp.Release.create_admin_user"'
+  command 'bin/firezone eval "FzHttp.Release.create_admin_user"'
   cwd node['firezone']['app_directory']
   environment(Firezone::Config.app_env(node))
   user node['firezone']['user']
diff --git a/rel/overlays/bin/create-api-token b/rel/overlays/bin/create-api-token
index d90f2d4f5..446c58523 100755
--- a/rel/overlays/bin/create-api-token
+++ b/rel/overlays/bin/create-api-token
@@ -1,3 +1,3 @@
 #!/bin/sh
 cd -P -- "$(dirname -- "$0")"
-exec ./firezone rpc FzHttp.Release.create_api_token
+exec ./firezone eval FzHttp.Release.create_api_token
diff --git a/scripts/install.sh b/scripts/install.sh
index fbde2efad..06f92f701 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -161,7 +161,7 @@ firezoneSetup() {
   echo "Resetting DB password..."
   $dc -f $installDir/docker-compose.yml exec postgres psql -p 5432 -U postgres -d firezone -h 127.0.0.1 -c "ALTER ROLE postgres WITH PASSWORD '${db_pass}'"
   echo "Creating admin..."
-  $dc -f $installDir/docker-compose.yml exec firezone bin/create-or-reset-admin
+  $dc -f $installDir/docker-compose.yml run --rm firezone bin/create-or-reset-admin
   echo "Upping firezone services..."
   $dc -f $installDir/docker-compose.yml up -d firezone caddy