diff --git a/app/controllers/posts_controller.rb b/app/controllers/posts_controller.rb
index 442ee43..7b71c5c 100644
--- a/app/controllers/posts_controller.rb
+++ b/app/controllers/posts_controller.rb
@@ -76,7 +76,7 @@ def post_params
     def authenticate
       # TODO replace with a proper admin login
       authenticate_or_request_with_http_basic do |name, password|
-        name == "admin" && password == "secret"
+        name == ENV['CODEALIA_USERNAME'] && password == ENV['CODEALIA_PASSWORD']
       end
     end
 end