diff --git a/cfg/jobs/photoprism.run b/cfg/jobs/photoprism.run
index 90729e1..36c39d0 100755
--- a/cfg/jobs/photoprism.run
+++ b/cfg/jobs/photoprism.run
@@ -10,7 +10,7 @@ VER="${VER//./-}"
 UPSTREAM_VER="1.2409.15+240915-e1280b2fb"
 UPSTREAM_VER_DASH="${UPSTREAM_VER//[.+]/-}"
 UPSTREAM_NAME="photoprism"
-SERIAL="2benoitjpnet"
+SERIAL="3benoitjpnet"
 CNAME="$UPSTREAM_NAME-$UPSTREAM_VER_DASH-$SERIAL-$DIST-$VER"
 ALIAS="$UPSTREAM_NAME-$UPSTREAM_VER-$SERIAL"
 
@@ -28,13 +28,15 @@ incus exec "$CNAME" -- apt install -y /tmp/photoprism.deb syncthing
 incus exec "$CNAME" -- groupadd photoprism
 incus exec "$CNAME" -- useradd -g photoprism -d /opt/photoprism -s /bin/false photoprism
 incus exec "$CNAME" -- chown -R photoprism:photoprism /opt/photoprism
+MARIADB_PASS=$(openssl rand -base64 32)
+PHOTOPRISM_PASS=$(openssl rand -base64 32)
 incus exec "$CNAME" -- mysql -e "CREATE DATABASE photoprism;"
-incus exec "$CNAME" -- mysql -e "CREATE USER 'photoprism'@'localhost' IDENTIFIED WITH auth_socket;"
+incus exec "$CNAME" -- mysql -e "CREATE USER 'photoprism'@'localhost' IDENTIFIED BY '$MARIADB_PASS';"
 incus exec "$CNAME" -- mysql -e "GRANT ALL PRIVILEGES ON photoprism.* TO 'photoprism'@'localhost';"
 incus exec "$CNAME" -- mysql -e "FLUSH PRIVILEGES;"
 
-incus file push "$WORKSPACE"/defaults.yaml \
-  "$CNAME"/etc/photoprism/
+incus file push <(sed -e "s/SED_DATABASE_PASSWORD/$MARIADB_PASS/" -e "s/SED_ADMIN_PASSWORD/$PHOTOPRISM_PASS/" "$WORKSPACE"/defaults.yaml) \
+  "$CNAME"/etc/photoprism/defaults.yml
 incus file push "$WORKSPACE"/{syncthing,photoprism}.service \
   "$CNAME"/etc/systemd/system/
 
diff --git a/run/photoprism/workspace/defaults.yml b/run/photoprism/workspace/defaults.yml
index 90e4774..0688bb6 100644
--- a/run/photoprism/workspace/defaults.yml
+++ b/run/photoprism/workspace/defaults.yml
@@ -3,12 +3,13 @@ StoragePath: "/opt/photoprism/storage"
 OriginalsPath: "/opt/photoprism/originals"
 ImportPath: "/mnt"
 AdminUser: "admin"
-AdminPassword: "insecure"
+AdminPassword: "SED_ADMIN_PASSWORD"
 AuthMode: "password"
 DatabaseDriver: "mysql"
 DatabaseServer: "localhost"
 DatabaseName: "photoprism"
 DatabaseUser: "photoprism"
+DatabasePassword: "SED_DATABASE_PASSWORD"
 HttpHost: "::"
 HttpPort: 2342
 HttpCompression: "gzip"