# Admin Account

You can configure a list of the principals (users, service accounts) with root admin access. Access control allows any API operation performed by such principals. If not set, it will default to **\[]**.

Admin accounts are set in the **config.yaml** for HQ under the [auth.administrators](https://docs.lenses.io/latest/devx/6.0/deployment/hq#authconfig) key, as an array of **usernames**.

{% code title="config.yaml" %}

```yaml
auth:
  administrators:
  - admin
  - brian.lifeof@lenses.io
  - bob.builder@lenses.io    
```

{% endcode %}

## Changing the Admin Password

To change the admin password, update the **config.yaml** in the [auth.users](https://docs.lenses.io/latest/devx/6.0/deployment/hq#authconfig) section. Set the password of the admin users.

{% hint style="success" %}
Passwords need to be bcrypt hashes.
{% endhint %}

You can use the Lenses CLI to create a bcrypt password. You can download the CLI [here](https://archive.lenses.io/pub/testing/lenses/?_gl=1*1umw118*_ga*MTE5OTE3ODMwMy4xNzQ0NjYzMDQ5*_ga_50VQBLH4K2*MTc0NDcxNjM3My4yLjEuMTc0NDcxNjQwNi4wLjAuMA..). The executable for Lenses 6 CLI is called "hq". 

```sh
hq utils hash-password
```

```yaml
auth:
  - admin
  - brian.lifeof@lenses.io
  - bob.builder@lenses.io
users:
  - username: admin
    password: $2a$12$XQW..XQrtZXCvbQWertqQeFi/1KoQW4eNephNXTfHqtoW9Q4qih5G 
```