diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml
index aab0eca..822872c 100644
--- a/.github/workflows/helm.yml
+++ b/.github/workflows/helm.yml
@@ -26,10 +26,10 @@ jobs:
         uses: helm/chart-testing-action@v2.7.0
 
       - name: Lint
-        run: ct lint --charts charts/seq
+        run: "ct lint --charts charts/seq --helm-lint-extra-args '--set firstRunNoAuthentication=true'"
 
       - name: Create Cluster
         uses: helm/kind-action@v1.2.0
 
       - name: Install
-        run: ct install --charts charts/seq
+        run: "ct install --charts charts/seq --helm-extra-set-args '--set firstRunAdminPassword=YourP@55word'"
diff --git a/charts/seq/Chart.yaml b/charts/seq/Chart.yaml
index 12ba99b..b6aedec 100644
--- a/charts/seq/Chart.yaml
+++ b/charts/seq/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: seq
-version: "2025.1.1"
-appVersion: "2025.1"
-description: Seq is the easiest way for development teams to capture, search and visualize structured log events!
+version: "2025.2.1"
+appVersion: "2025.2"
+description: Seq is the easiest way for development teams to capture, search and visualize structured logs and traces
 keywords:
 - seq
 - structured
diff --git a/charts/seq/templates/deployment.yaml b/charts/seq/templates/deployment.yaml
index 7e42e91..7e79949 100644
--- a/charts/seq/templates/deployment.yaml
+++ b/charts/seq/templates/deployment.yaml
@@ -39,6 +39,10 @@ spec:
             - name: "SEQ_FIRSTRUN_ADMINUSERNAME"
               value: "{{ .Values.firstRunAdminUsername }}"
 {{- end }}
+{{- if .Values.firstRunAdminPassword }}
+            - name: "SEQ_FIRSTRUN_ADMINPASSWORD"
+              value: "{{ .Values.firstRunAdminPassword }}"
+{{- end }}
 {{- if .Values.firstRunAdminPasswordHash }}
             - name: "SEQ_FIRSTRUN_ADMINPASSWORDHASH"
               value: "{{ .Values.firstRunAdminPasswordHash }}"
@@ -47,6 +51,10 @@ spec:
             - name: "SEQ_FIRSTRUN_REQUIREAUTHENTICATIONFORHTTPINGESTION"
               value: "{{ .Values.firstRunRequireAuthenticationForHttpIngestion }}"
 {{- end }}
+{{- if .Values.firstRunNoAuthentication }}
+            - name: "SEQ_FIRSTRUN_NOAUTHENTICATION"
+              value: "True"
+{{- end }}
 {{- if .Values.extraEnvs }}
 {{ toYaml .Values.extraEnvs | indent 12 }}
 {{- end }}
@@ -169,3 +177,9 @@ spec:
 {{- if .Values.extraVolumes }}
 {{ toYaml .Values.extraVolumes | indent 8 }}
 {{- end }}
+
+# At least one of the default password variables must be set; note that this ignores SEQ_PASSWORD, but
+# that variable is just a convenience alias for SEQ_FIRSTRUN_ADMINPASSWORD anyway.
+{{- if not (or .Values.firstRunNoAuthentication .Values.firstRunAdminPassword .Values.firstRunAdminPasswordHash) }}
+{{- fail "One of firstRunAdminPassword or firstRunAdminPasswordHash must be specified." }}
+{{- end }}
diff --git a/charts/seq/values.yaml b/charts/seq/values.yaml
index d275661..5740612 100644
--- a/charts/seq/values.yaml
+++ b/charts/seq/values.yaml
@@ -15,6 +15,18 @@ image:
 # that you intend to use.
 acceptEULA: "Y"
 
+# Seq requires a default admin password in order to initialize a fresh container. Either
+# specify this here, or opt out using `firstRunNoAuthentication: true` (not suitable for production
+# deployment). See the `firstRunAdminPasswordHash` variant below for better confidentiality.
+firstRunNoAuthentication: false
+# firstRunAdminPassword: ""
+
+# Further customization of the default security settings.
+# See here for docs on how to create a password hash: https://blog.datalust.co/setting-an-initial-password-when-deploying-seq-to-docker/
+# firstRunAdminUsername: "admin"
+# firstRunAdminPasswordHash: ""
+# firstRunRequireAuthenticationForHttpIngestion: true
+
 # Set this URL if you enable ingress and/or AAD authentication.
 # Without this URL set to include HTTPS, Seq will try to set a login redirect
 # URL with HTTP instead of HTTPS and AAD's registration requires HTTPS.
@@ -26,12 +38,6 @@ acceptEULA: "Y"
 # will be used as the default when generating URIs for apps and notifications.
 # listenURI: "http://localhost:80,http://localhost:5341"
 
-# Set this to create an admin user with given password hash at first run.
-# See here for docs on how to create the password hash: https://blog.datalust.co/setting-an-initial-password-when-deploying-seq-to-docker/
-# firstRunAdminUsername: "admin"
-# firstRunAdminPasswordHash: ""
-# firstRunRequireAuthenticationForHttpIngestion: true
-
 securityContext:
   runAsUser: 0
   capabilities:
diff --git a/samples/seq/config.yaml b/samples/seq/config.yaml
index a8322eb..eef4ddb 100644
--- a/samples/seq/config.yaml
+++ b/samples/seq/config.yaml
@@ -1,3 +1,7 @@
+# This is an insecure default; don't use this for production deployments: instead specify
+# the `firstRunAdminPassword` or `firstRunAdminPasswordHash` options.
+firstRunNoAuthentication: true
+
 image:
   tag: latest