diff --git a/main.go b/main.go
index eb71c92..89b34e2 100644
--- a/main.go
+++ b/main.go
@@ -5,6 +5,7 @@ import (
 	"log"
 	"net/http"
 	"os"
+	"strings"
 
 	"github.com/gorilla/mux"
 	"github.com/jinzhu/gorm"
@@ -18,10 +19,21 @@ var (
 
 func main() {
 
-	configFile := os.Getenv("CONFIG")
+	configFile := os.Getenv("BOXES_API_CONFIG")
 	var err error
 	config, err = LoadConfig(configFile)
 
+	// Get the allowed origins from the ALLOWED_ORIGINS environment variable
+	// If empty, defaults to http://localhost:3000
+	allowedOrigins := os.Getenv("BOXES_API_ALLOWED_ORIGINS")
+	origins := []string{"http://localhost:3000"} // Default value
+
+	if allowedOrigins != "" {
+		// Split the comma-separated string into a slice of strings
+		origins = strings.Split(allowedOrigins, ",")
+		fmt.Println("Listening for connections from: ", origins)
+	}
+
 	// check for errors
 	if err != nil || config == nil {
 		log.Fatalf("Failed to load config: %v", err)
@@ -77,7 +89,7 @@ func main() {
 
 	// Apply CORS middleware
 	c := cors.New(cors.Options{
-		AllowedOrigins:   []string{"http://localhost:3000", "http://10.0.0.16:3000"}, // Change this to your frontend domain
+		AllowedOrigins:   origins,
 		AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
 		AllowedHeaders:   []string{"Authorization", "Content-Type"},
 		ExposedHeaders:   []string{"Content-Length", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers", "Cache-Control", "Content-Language", "Content-Type", "Expires", "Last-Modified", "Pragma", "ETag"},
diff --git a/scripts/createAdminUser.bash b/scripts/createAdminUser.bash
new file mode 100644
index 0000000..59509d6
--- /dev/null
+++ b/scripts/createAdminUser.bash
@@ -0,0 +1,10 @@
+#!/binb/ash
+
+# Set the password you want to use
+PASSWORD="12m0nk3ys"
+
+# Use htpasswd to create a bcrypt hash of the password
+HASHED_PASSWORD=$(htpasswd -nbBC 10 "" "$PASSWORD" | tr -d ':\n')
+
+# Create the user in the SQLite database
+sqlite3 your_database.db "INSERT INTO users (username, password, email, email, email, email, email, email, email, email, email) VALUES ('boxuser', '$HASHED_PASSWORD','boxuser@r8z.us');"
\ No newline at end of file