diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1534a5b..20c0cac 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -303,12 +303,13 @@ reset_stage:
   allow_failure: true  # Don't fail pipeline if reset has issues
 
 # Integration tests for feature deployment (full suite)
+# Uses DEV_ADMIN_PASSWORD CI variable (same as deploy_feature)
 integration_test_feature:
   <<: *integration_test_template
   needs: [deploy_feature]
   variables:
     ORCHARD_TEST_URL: https://orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools
-    ORCHARD_TEST_PASSWORD: orchardtest123  # Matches values-dev.yaml orchard.auth.adminPassword
+    ORCHARD_TEST_PASSWORD: $DEV_ADMIN_PASSWORD
   rules:
     - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != "main"'
       when: on_success
@@ -460,6 +461,7 @@ deploy_feature:
         --namespace $NAMESPACE \
         -f $VALUES_FILE \
         --set image.tag=git.linux-amd64-$CI_COMMIT_SHA \
+        --set orchard.auth.adminPassword=$DEV_ADMIN_PASSWORD \
         --set ingress.hosts[0].host=orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools \
         --set ingress.tls[0].hosts[0]=orchard-$CI_COMMIT_REF_SLUG.common.global.bsf.tools \
         --set ingress.tls[0].secretName=orchard-$CI_COMMIT_REF_SLUG-tls \
diff --git a/helm/orchard/values-dev.yaml b/helm/orchard/values-dev.yaml
index 723e414..8aafb1d 100644
--- a/helm/orchard/values-dev.yaml
+++ b/helm/orchard/values-dev.yaml
@@ -91,9 +91,8 @@ orchard:
     port: 8080
 
   # Authentication settings
-  auth:
-    # Plain admin password for ephemeral feature environments
-    adminPassword: "orchardtest123"
+  # Admin password is set via CI variable (DEV_ADMIN_PASSWORD) passed as --set flag
+  # This keeps the password out of version control
 
   database:
     host: ""