diff --git a/internal/command/server/admin/run.go b/internal/command/server/admin/run.go
index 1a326e5..225f698 100644
--- a/internal/command/server/admin/run.go
+++ b/internal/command/server/admin/run.go
@@ -5,15 +5,28 @@ import (
 	"strings"
 
 	"forge.cadoles.com/cadoles/bouncer/internal/admin"
+	"forge.cadoles.com/cadoles/bouncer/internal/auth/jwt"
 	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
+	"forge.cadoles.com/cadoles/bouncer/internal/jwk"
 	"forge.cadoles.com/cadoles/bouncer/internal/setup"
 	"github.com/pkg/errors"
 	"github.com/urfave/cli/v2"
 	"gitlab.com/wpetit/goweb/logger"
 )
 
+const (
+	flagPrintDefaultToken = "print-default-token"
+)
+
 func RunCommand() *cli.Command {
-	flags := common.Flags()
+	flags := append(
+		common.Flags(),
+		&cli.BoolFlag{
+			Name:  flagPrintDefaultToken,
+			Usage: "Generate and print a default writer token in console at startup",
+			Value: true,
+		},
+	)
 
 	return &cli.Command{
 		Name:  "run",
@@ -36,6 +49,22 @@ func RunCommand() *cli.Command {
 
 			defer flushSentry()
 
+			if printDefaultToken := ctx.Bool(flagPrintDefaultToken); printDefaultToken {
+				key, err := jwk.Generate(jwk.DefaultKeySize)
+				if err != nil {
+					return errors.Wrap(err, "could not generate default key")
+				}
+
+				token, err := jwt.GenerateToken(ctx.Context, key, string(conf.Admin.Auth.Issuer), "default-admin", jwt.Role(jwt.RoleWriter))
+				if err != nil {
+					return errors.WithStack(err)
+				}
+
+				logger.SetLevel(logger.LevelInfo)
+				logger.Info(ctx.Context, "default writer token", logger.F("token", token))
+				logger.SetLevel(logger.Level(conf.Logger.Level))
+			}
+
 			srv := admin.NewServer(
 				admin.WithServerConfig(conf.Admin),
 				admin.WithRedisConfig(conf.Redis),