diff --git a/authentik/core/migrations/0002_auto_20200523_1133_squashed_0011_provider_name_temp.py b/authentik/core/migrations/0002_auto_20200523_1133_squashed_0011_provider_name_temp.py
index b60e41a73..1e4fce7fa 100644
--- a/authentik/core/migrations/0002_auto_20200523_1133_squashed_0011_provider_name_temp.py
+++ b/authentik/core/migrations/0002_auto_20200523_1133_squashed_0011_provider_name_temp.py
@@ -20,8 +20,15 @@ def create_default_user(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
     akadmin, _ = User.objects.using(db_alias).get_or_create(
         username="akadmin", email="root@localhost", name="authentik Default Admin"
     )
-    if "TF_BUILD" in environ or "AK_ADMIN_PASS" in environ or settings.TEST:
-        akadmin.set_password(environ.get("AK_ADMIN_PASS", "akadmin"), signal=False)  # noqa # nosec
+    password = None
+    if "TF_BUILD" in environ or settings.TEST:
+        password = "akadmin"  # noqa # nosec
+    if "AK_ADMIN_PASS" in environ:
+        password = environ["AK_ADMIN_PASS"]
+    if "AUTHENTIK_BOOTSTRAP_PASSWORD" in environ:
+        password = environ["AUTHENTIK_BOOTSTRAP_PASSWORD"]
+    if password:
+        akadmin.set_password(password, signal=False)
     else:
         akadmin.set_unusable_password()
     akadmin.save()
diff --git a/authentik/core/migrations/0003_default_user.py b/authentik/core/migrations/0003_default_user.py
index 6d45f6e39..871aa7161 100644
--- a/authentik/core/migrations/0003_default_user.py
+++ b/authentik/core/migrations/0003_default_user.py
@@ -16,8 +16,15 @@ def create_default_user(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
     akadmin, _ = User.objects.using(db_alias).get_or_create(
         username="akadmin", email="root@localhost", name="authentik Default Admin"
     )
-    if "TF_BUILD" in environ or "AK_ADMIN_PASS" in environ or settings.TEST:
-        akadmin.set_password(environ.get("AK_ADMIN_PASS", "akadmin"), signal=False)  # noqa # nosec
+    password = None
+    if "TF_BUILD" in environ or settings.TEST:
+        password = "akadmin"  # noqa # nosec
+    if "AK_ADMIN_PASS" in environ:
+        password = environ["AK_ADMIN_PASS"]
+    if "AUTHENTIK_BOOTSTRAP_PASSWORD" in environ:
+        password = environ["AUTHENTIK_BOOTSTRAP_PASSWORD"]
+    if password:
+        akadmin.set_password(password, signal=False)
     else:
         akadmin.set_unusable_password()
     akadmin.save()
diff --git a/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py b/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py
index f4246b534..9909c54df 100644
--- a/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py
+++ b/authentik/core/migrations/0018_auto_20210330_1345_squashed_0028_alter_token_intent.py
@@ -44,14 +44,19 @@ def create_default_user_token(apps: Apps, schema_editor: BaseDatabaseSchemaEdito
     akadmin = User.objects.using(db_alias).filter(username="akadmin")
     if not akadmin.exists():
         return
-    if "AK_ADMIN_TOKEN" not in environ:
+    key = None
+    if "AK_ADMIN_TOKEN" in environ:
+        key = environ["AK_ADMIN_TOKEN"]
+    if "AUTHENTIK_BOOTSTRAP_TOKEN" in environ:
+        key = environ["AUTHENTIK_BOOTSTRAP_TOKEN"]
+    if not key:
         return
     Token.objects.using(db_alias).create(
-        identifier="authentik-boostrap-token",
+        identifier="authentik-bootstrap-token",
         user=akadmin.first(),
         intent=TokenIntents.INTENT_API,
         expiring=False,
-        key=environ["AK_ADMIN_TOKEN"],
+        key=key,
     )
 
 
diff --git a/authentik/core/migrations/0027_bootstrap_token.py b/authentik/core/migrations/0027_bootstrap_token.py
index 742ef65e6..c5479f382 100644
--- a/authentik/core/migrations/0027_bootstrap_token.py
+++ b/authentik/core/migrations/0027_bootstrap_token.py
@@ -15,14 +15,19 @@ def create_default_user_token(apps: Apps, schema_editor: BaseDatabaseSchemaEdito
     akadmin = User.objects.using(db_alias).filter(username="akadmin")
     if not akadmin.exists():
         return
-    if "AK_ADMIN_TOKEN" not in environ:
+    key = None
+    if "AK_ADMIN_TOKEN" in environ:
+        key = environ["AK_ADMIN_TOKEN"]
+    if "AUTHENTIK_BOOTSTRAP_TOKEN" in environ:
+        key = environ["AUTHENTIK_BOOTSTRAP_TOKEN"]
+    if not key:
         return
     Token.objects.using(db_alias).create(
-        identifier="authentik-boostrap-token",
+        identifier="authentik-bootstrap-token",
         user=akadmin.first(),
         intent=TokenIntents.INTENT_API,
         expiring=False,
-        key=environ["AK_ADMIN_TOKEN"],
+        key=key,
     )
 
 
diff --git a/website/docs/installation/automated-install.md b/website/docs/installation/automated-install.md
index e1f95d201..834c46fd7 100644
--- a/website/docs/installation/automated-install.md
+++ b/website/docs/installation/automated-install.md
@@ -4,14 +4,22 @@ title: Automated install
 
 To install authentik automatically (skipping the Out-of-box experience), you can use the following environment variables:
 
-### `AK_ADMIN_PASS`
+### `AUTHENTIK_BOOTSTRAP_PASSWORD` or `AK_ADMIN_PASS`
 
 Configure the default password for the `akadmin` user. Only read on the first startup. Can be used for any flow executor.
 
-### `AK_ADMIN_TOKEN`
+:::info
+For versions before 2022.6, this variable was called `AK_ADMIN_PASS`. This will be removed in 2022.7
+:::
+
+### `AUTHENTIK_BOOTSTRAP_TOKEN` or `AK_ADMIN_TOKEN`
 
 :::note
 This option has been added in 2021.8
 :::
 
 Create a token for the default `akadmin` user. Only read on the first startup. The string you specify for this variable is the token key you can use to authenticate yourself to the API.
+
+:::info
+For versions before 2022.6, this variable was called `AK_ADMIN_TOKEN`. This will be removed in 2022.7
+:::