diff --git a/backend/server.js b/backend/server.js
index f6ebf2e..c6e62fc 100644
--- a/backend/server.js
+++ b/backend/server.js
@@ -9,17 +9,21 @@ const db = require('./db');
 
 const app = express();
 const PORT = process.env.PORT || 8180;
-const JWT_SECRET = process.env.JWT_SECRET || 'super_secret_corporate_token_key_123!';
-
-// Setup default admin credentials
+const JWT_SECRET = process.env.JWT_SECRET;
 const ADMIN_USER = process.env.ADMIN_USERNAME || 'admin';
-let ADMIN_PASS = process.env.ADMIN_PASSWORD || 'adminpass';
+const ADMIN_PASS = process.env.ADMIN_PASSWORD;
+
+if (!JWT_SECRET || !ADMIN_PASS) {
+  console.error('Missing required ADMIN_PASSWORD or JWT_SECRET environment variable.');
+  process.exit(1);
+}
+
 const ADMIN_PASS_HASH = bcrypt.hashSync(ADMIN_PASS, 10);
 
 console.log(`=========================================`);
 console.log(`Intranet Address Book Server starting...`);
 console.log(`Admin Username: ${ADMIN_USER}`);
-console.log(`Admin Password: ${process.env.ADMIN_PASSWORD ? '****** (From Env)' : 'adminpass (Default)'}`);
+console.log(`Admin Password: ****** (From Env)`);
 console.log(`Default Port: ${PORT}`);
 console.log(`=========================================`);
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 617fdc5..70b6b71 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -14,7 +14,7 @@ services:
       - NODE_ENV=production
       - DATABASE_PATH=/app/data/database.db
       - ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
-      - ADMIN_PASSWORD=${ADMIN_PASSWORD:-adminpass}
-      - JWT_SECRET=${JWT_SECRET:-corporate-address-book-secret-key-987654321!}
+      - ADMIN_PASSWORD=${ADMIN_PASSWORD:?ADMIN_PASSWORD is required. Create .env or run install.sh}
+      - JWT_SECRET=${JWT_SECRET:?JWT_SECRET is required. Create .env or run install.sh}
     volumes:
       - ./data:/app/data
diff --git a/install.sh b/install.sh
index 6ce0105..344bc9a 100755
--- a/install.sh
+++ b/install.sh
@@ -8,6 +8,8 @@ REPO_URL="https://git.h0melab.ru/fabritsky/corp-address-book.git"
 HOST_PORT="8180"
 CONTAINER_PORT="3000"
 IMAGE_NAME="corp-address-book:latest"
+ENV_CREATED="false"
+GENERATED_ADMIN_PASSWORD=""
 
 log() {
   printf '\n[%s] %s\n' "$(date +'%H:%M:%S')" "$*"
@@ -39,7 +41,8 @@ install_base_packages() {
     ca-certificates \
     curl \
     git \
-    gnupg
+    gnupg \
+    openssl
 }
 
 install_docker_if_needed() {
@@ -96,6 +99,8 @@ prepare_env_and_data() {
   if [ ! -f "${INSTALL_DIR}/.env" ]; then
     jwt_secret="$(openssl rand -hex 32 2>/dev/null || date +%s%N)"
     admin_password="$(openssl rand -base64 24 2>/dev/null | tr -d '\n' || date +%s%N)"
+    GENERATED_ADMIN_PASSWORD="$admin_password"
+    ENV_CREATED="true"
     as_root tee "${INSTALL_DIR}/.env" >/dev/null <<EOF_ENV
 # Created by install.sh. Keep this file private and do not commit it.
 # Change ADMIN_PASSWORD after first login.
@@ -174,8 +179,15 @@ print_result() {
   fi
 
   log "Installation completed"
+  printf 'URL: http://%s:%s/\n' "$server_ip" "$HOST_PORT"
   printf 'Local check: http://127.0.0.1:%s/\n' "$HOST_PORT"
-  printf 'Open: http://%s:%s/\n' "$server_ip" "$HOST_PORT"
+  printf 'Admin login: admin\n'
+  if [ "$ENV_CREATED" = "true" ]; then
+    printf 'Admin password: %s\n' "$GENERATED_ADMIN_PASSWORD"
+    printf 'The password was saved in %s/.env. JWT_SECRET was not printed.\n' "$INSTALL_DIR"
+  else
+    printf 'Admin password: unchanged; read it from %s/.env on the server.\n' "$INSTALL_DIR"
+  fi
 }
 
 main() {