diff --git a/omnibus/cookbooks/firezone/libraries/config.rb b/omnibus/cookbooks/firezone/libraries/config.rb
index cf9063f06..0b6322875 100644
--- a/omnibus/cookbooks/firezone/libraries/config.rb
+++ b/omnibus/cookbooks/firezone/libraries/config.rb
@@ -210,7 +210,9 @@ class Firezone
       end
     end
 
-    def self.app_env(attributes)
+    def self.app_env(attributes, reject = [])
+      attributes = attributes.reject { |k| reject.include?(k) }
+
       env = {
         'EGRESS_INTERFACE' => attributes['egress_interface'],
         'WG_PATH' => "#{attributes['install_directory']}/embedded/bin/wg",
@@ -224,7 +226,6 @@ class Firezone
         'PHOENIX_PORT' => attributes['phoenix']['port'].to_s,
         'URL_HOST' => attributes['url_host'],
         'ADMIN_EMAIL' => attributes['admin_email'],
-        'DEFAULT_ADMIN_PASSWORD' => attributes['default_admin_password'],
         'WIREGUARD_INTERFACE_NAME' => attributes['wireguard']['interface_name'],
         'WIREGUARD_ENDPOINT_IP' => attributes['wireguard']['endpoint_ip'],
         'WIREGUARD_PORT' => attributes['wireguard']['port'].to_s,
@@ -240,6 +241,10 @@ class Firezone
         env.merge!('DATABASE_PASSWORD' => attributes['database']['password'])
       end
 
+      if attributes.dig('default_admin_password')
+        env.merge!('DEFAULT_ADMIN_PASSWORD' => attributes['default_admin_password'])
+      end
+
       env
     end
 
diff --git a/omnibus/cookbooks/firezone/recipes/app.rb b/omnibus/cookbooks/firezone/recipes/app.rb
index 159fe4466..eec7c5cbc 100644
--- a/omnibus/cookbooks/firezone/recipes/app.rb
+++ b/omnibus/cookbooks/firezone/recipes/app.rb
@@ -32,6 +32,12 @@ file 'environment-variables' do
   path "#{node['firezone']['var_directory']}/etc/env"
 
   attributes = node['firezone'].to_hash
+
+  # Remove sensitive fields
+  attributes.delete('wireguard_private_key')
+  attributes.delete('default_admin_password')
+
+  # Add needed fields
   attributes.merge!(
     'force_ssl' => node['firezone']['nginx']['force_ssl'],
     'mix_env' => 'prod'
diff --git a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
index 070adde84..fbcd3d1c3 100644
--- a/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
+++ b/omnibus/cookbooks/firezone/templates/sv-phoenix-run.erb
@@ -6,7 +6,7 @@ export LD_LIBRARY_PATH=<%= node['firezone']['install_directory'] %>/embedded/lib
 export DIR=<%= node['firezone']['app_directory'] %>
 export HOME=$DIR
 <%= "export OPENSSL_FIPS=1" if node['firezone']['fips_enabled'] == true %>
-<%= Firezone::Config.environment_variables_from(Firezone::Config.app_env(node['firezone'])) %>
+<%= Firezone::Config.environment_variables_from(Firezone::Config.app_env(node['firezone'], reject: ['default_admin_password'])) %>
 <%= Firezone::Config.locale_variables %>
 
 cd $DIR