diff --git a/README.md b/README.md
index 0a9c37b..1610cf8 100644
--- a/README.md
+++ b/README.md
@@ -101,7 +101,7 @@ The standard pi-hole customization abilities apply to this docker, but with dock
 
 Why is this style of upgrading good?  A couple reasons: Everyone is starting from the same base image which has been tested to know it works.  No worrying about upgrading from A to B, B to C, or A to C is required when rolling out updates, it reducing complexity, and simply allows a 'fresh start' every time while preserving customizations with volumes.  Basically I'm encouraging [phoenix servers](https://www.google.com/?q=phoenix+servers) principles for your containers.
 
-### Persisting piholoe volume
+### Persisting pihole volume
 
 `-v my-pihole-configs/:/etc/pihole/` Volume mapping the entire /etc/pihole directory is the easiest way to save all your customizations.  Clear out the directory if you want to start from scratch.
 
diff --git a/bash_functions.sh b/bash_functions.sh
index ab63f42..d8da0d4 100644
--- a/bash_functions.sh
+++ b/bash_functions.sh
@@ -108,6 +108,14 @@ setup_php_env_alpine() {
     cat "$PHP_ENV_CONFIG"
 }
 
+setup_web_password() {
+    if [ -z "${WEBPASSWORD+x}" ] ; then 
+        # Not set at all, give the user a random pass
+        WEBPASSWORD=$(tr -dc _A-Z-a-z-0-9 < /dev/urandom | head -c 8)
+        echo "Assigning random password: $WEBPASSWORD"
+    fi;
+    pihole -a -p "$WEBPASSWORD"
+}
 setup_ipv4_ipv6() {
     local ip_versions="IPv4 and IPv6"
     if [ "$IPv6" != "True" ] ; then
diff --git a/start.sh b/start.sh
index 7ee7701..384d30c 100755
--- a/start.sh
+++ b/start.sh
@@ -20,6 +20,7 @@ validate_env
 prepare_setup_vars
 change_setting "IPV4_ADDRESS" "$ServerIP"
 change_setting "IPV6_ADDRESS" "$ServerIPv6"
+setup_web_password "$WEBPASSWORD"
 setup_dnsmasq_dns "$DNS1" "$DNS2"
 setup_php_env
 setup_dnsmasq_hostnames "$ServerIP" "$ServerIPv6" "$HOSTNAME"
diff --git a/test/test_bash_functions.py b/test/test_bash_functions.py
index 59e5176..68a578a 100644
--- a/test/test_bash_functions.py
+++ b/test/test_bash_functions.py
@@ -57,3 +57,23 @@ def test_debian_setup_php_env(Docker, tag, expected_lines, repeat_function):
         search_config_cmd = "grep -c '{}' /etc/lighttpd/conf-enabled/15-fastcgi-php.conf".format(expected_line)
         search_config_count = Docker.run(search_config_cmd)
         assert search_config_count.stdout.rstrip('\n') == '1'
+
+@pytest.mark.parametrize('args,secure,setupVarsHash', [
+    ('-e ServerIP=1.2.3.4 -e WEBPASSWORD=login', True, 'WEBPASSWORD=6060d59351e8c2f48140f01b2c3f3b61652f396c53a5300ae239ebfbe7d5ff08'),
+    ('-e ServerIP=1.2.3.4 -e WEBPASSWORD=""', False, ''),
+    ('-e ServerIP=1.2.3.4', True, 'WEBPASSWORD='),
+])
+def test_webPassword_env_assigns_password_to_file(Docker, args, secure, setupVarsHash):
+    ''' When a user sets webPassword env the admin password gets set to that '''
+    function = Docker.run('. /bash_functions.sh ; eval `grep setup_web_password /start.sh`')
+    if secure and 'WEBPASSWORD' not in args:
+        assert 'Assigning random password' in function.stdout
+    else:
+        assert 'Assigning random password' not in function.stdout
+
+    if secure:
+        assert 'New password set' in function.stdout
+        assert Docker.run('grep -q \'{}\' {}'.format(setupVarsHash, '/etc/pihole/setupVars.conf')).rc == 0
+    else:
+        assert 'Password removed' in function.stdout
+        assert Docker.run('grep -q \'^WEBPASSWORD=$\' /etc/pihole/setupVars.conf').rc == 0