diff --git a/README.md b/README.md
index 411bc14..a503a8d 100644
--- a/README.md
+++ b/README.md
@@ -63,39 +63,25 @@ Web UI
 ## Quick Start
 
 ```bash
-# Clone and configure
+# Clone and run the setup wizard
 git clone https://github.com/staack/the-other-dude.git && cd the-other-dude
-cp .env.example .env
+python3 setup.py
 ```
 
-**Edit `.env` before starting** -- at minimum, generate unique values for:
+The setup wizard handles everything interactively:
 
-```bash
-# Generate a JWT signing key
-JWT_SECRET_KEY=$(python3 -c "import secrets; print(secrets.token_urlsafe(64))")
+- Pre-flight checks (Docker, ports, RAM)
+- Database password configuration
+- Cryptographic key generation (JWT, encryption)
+- Admin account creation
+- SMTP configuration (optional)
+- Domain and reverse proxy setup (Caddy, nginx, Apache, HAProxy, Traefik)
+- OpenBao (KMS) bootstrap
+- Docker image builds
+- Stack startup and health checks
 
-# Generate a Fernet encryption key (used to encrypt device credentials at rest)
-CREDENTIAL_ENCRYPTION_KEY=$(python3 -c "import secrets, base64; print(base64.b64encode(secrets.token_bytes(32)).decode())")
-```
-
-> **Warning**
-> The `.env.example` ships with **hard-coded dev defaults** for both keys. These are fine for local development but **must be replaced before exposing the instance to any network**. Anyone with the default `JWT_SECRET_KEY` can forge authentication tokens, and the default `CREDENTIAL_ENCRYPTION_KEY` leaves all stored device credentials readable.
-
-```bash
-# Build images sequentially (avoids OOM on low-RAM machines)
-docker compose --profile full build api
-docker compose --profile full build poller
-docker compose --profile full build frontend
-
-# Start the full stack
-docker compose --profile full up -d
-
-# Open the UI
-open http://localhost:3000
-```
-
-On first launch, the setup wizard walks you through creating a super admin account,
-enrolling your Secret Key, adding your first organization, and onboarding your first device.
+On first launch, the web UI walks you through enrolling your Secret Key, adding your
+first organization, and onboarding your first device.
 
 ---
 
diff --git a/docs/website/docs.html b/docs/website/docs.html
index e84de8d..cc967c4 100644
--- a/docs/website/docs.html
+++ b/docs/website/docs.html
@@ -169,23 +169,24 @@
       <!-- QUICK START -->
       <section id="quickstart">
         <h1>Quick Start</h1>
-        <pre><code># Clone and configure
-cp .env.example .env
+        <pre><code># Clone and run the setup wizard
+git clone https://github.com/staack/the-other-dude.git
+cd the-other-dude
+python3 setup.py</code></pre>
 
-# Start infrastructure
-docker compose up -d
-
-# Build app images (one at a time to avoid OOM)
-docker compose build api
-docker compose build poller
-docker compose build frontend
-
-# Start the full stack
-docker compose up -d
-
-# Verify
-curl http://localhost:8001/health
-open http://localhost:3000</code></pre>
+        <p>The interactive setup wizard handles everything:</p>
+        <ul>
+          <li>Pre-flight checks (Docker, ports, RAM)</li>
+          <li>Database password configuration</li>
+          <li>Cryptographic key generation (JWT, credential encryption)</li>
+          <li>Admin account creation</li>
+          <li>SMTP configuration (optional)</li>
+          <li>Domain and reverse proxy setup (Caddy, nginx, Apache, HAProxy, Traefik)</li>
+          <li>OpenBao (KMS) bootstrap with automatic credential capture</li>
+          <li>Docker image builds (sequential to avoid OOM)</li>
+          <li>Stack startup and health checks</li>
+        </ul>
+        <p>No manual <code>.env</code> editing required. The wizard generates <code>.env.prod</code> with production-strength secrets and starts the full stack.</p>
 
         <h2>Environment Profiles</h2>
         <table>
diff --git a/docs/website/index.html b/docs/website/index.html
index c638e4e..9038600 100644
--- a/docs/website/index.html
+++ b/docs/website/index.html
@@ -332,7 +332,7 @@
   <section class="quickstart-section">
     <div class="container">
       <span class="section-label">QUICK START</span>
-      <h2 class="section-title">Run The Other Dude locally in minutes using Docker</h2>
+      <h2 class="section-title">Deploy The Other Dude with two commands</h2>
 
       <div class="code-window">
         <div class="code-window-header">
@@ -341,25 +341,12 @@
           <span class="code-dot code-dot--green"></span>
           <span class="code-window-title">Terminal</span>
         </div>
-        <pre class="code-window-body"><code><span class="code-comment"># Clone the repo</span>
+        <pre class="code-window-body"><code><span class="code-comment"># Clone and run the setup wizard</span>
 <span class="code-cmd">git clone https://github.com/staack/the-other-dude.git</span>
 <span class="code-cmd">cd the-other-dude</span>
-
-<span class="code-comment"># Configure</span>
-<span class="code-cmd">cp .env.example .env</span>
-
-<span class="code-comment"># Start infrastructure</span>
-<span class="code-cmd">docker compose up -d</span>
-
-<span class="code-comment"># Build app images</span>
-<span class="code-cmd">docker compose build api &amp;&amp; docker compose build poller &amp;&amp; docker compose build frontend</span>
-
-<span class="code-comment"># Launch</span>
-<span class="code-cmd">docker compose up -d</span>
-
-<span class="code-comment"># Open TOD</span>
-<span class="code-cmd">open http://localhost:3000</span></code></pre>
+<span class="code-cmd">python3 setup.py</span></code></pre>
       </div>
+      <p class="section-desc" style="margin-top: 24px;">The setup wizard configures your database, generates cryptographic keys, bootstraps OpenBao, sets up your reverse proxy, builds the Docker images, and starts everything. No manual .env editing required.</p>
     </div>
   </section>