diff --git a/Dockerfile b/Dockerfile
index 82411ffa..66a08500 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.22.5-bookworm AS build-stage
+FROM golang:1.23.0-bookworm AS build-stage
 
 WORKDIR /build
 
diff --git a/Dockerfile.admin b/Dockerfile.admin
new file mode 100644
index 00000000..d3b0bc0b
--- /dev/null
+++ b/Dockerfile.admin
@@ -0,0 +1,45 @@
+# Copyright 2024 The Vitess Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.23.0-bookworm AS build-stage
+
+WORKDIR /build
+
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+COPY . .
+
+# Build arewefastyet
+RUN CGO_ENABLED=0 GOOS=linux go build -o /arewefastyetcli ./go/main.go
+
+FROM debian:bookworm AS run-stage
+
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y --reinstall ca-certificates \
+    && update-ca-certificates
+
+# Copy the source code to the working directory
+COPY --from=build-stage /arewefastyetcli /arewefastyetcli
+COPY --from=build-stage /build/go/admin/templates/ /go/admin/templates/
+COPY --from=build-stage /build/go/admin/assets/ /go/admin/assets/
+
+EXPOSE 8081
+
+# Configuration files MUST be attached to the container using a volume.
+# The configuration files are not mounted on the Docker image for obvious
+# security reasons.
+CMD ["/arewefastyetcli", "admin", "--config", "/config/config.yaml", "--secrets", "/config/secrets.yaml"]
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 9b3be6e2..26791c86 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -13,6 +13,9 @@
 # limitations under the License.
 
 version: "3.8"
+networks:
+  default:
+    driver: bridge
 
 services:
   traefik:
@@ -31,7 +34,6 @@ services:
     volumes:
       - "/var/letsencrypt:/letsencrypt"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
-    network_mode: bridge
 
   frontend:
     build:
@@ -46,7 +48,6 @@ services:
       - "traefik.http.routers.frontend.entrypoints=https"
       - "traefik.http.routers.frontend.tls.certresolver=tlsresolver"
       - "traefik.http.services.frontend.loadbalancer.server.port=3000"
-    network_mode: bridge
 
   api:
     restart: always
@@ -68,7 +69,23 @@ services:
       - "traefik.http.routers.api.entrypoints=https"
       - "traefik.http.routers.api.tls.certresolver=tlsresolver"
       - "traefik.http.services.api.loadbalancer.server.port=8080"
-    network_mode: bridge
+
+  admin:
+    restart: always
+    build:
+      context: .
+      dockerfile: Dockerfile.admin
+    image: "arewefastyet-admin"
+    container_name: "admin"
+    volumes:
+      - "./config/prod/config.yaml:/config/config.yaml"
+      - "./config/prod/secrets.yaml:/config/secrets.yaml"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.admin.rule=Host(`benchmark.vitess.io`) && PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.entrypoints=https"
+      - "traefik.http.routers.admin.tls.certresolver=tlsresolver"
+      - "traefik.http.services.admin.loadbalancer.server.port=8081"
 
   cleanup_executions:
     image: alpine
diff --git a/docker-compose.yml b/docker-compose.yml
index f74037fd..932f39f4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,9 @@
 # limitations under the License.
 
 version: "3.8"
+networks:
+  default:
+    driver: bridge
 
 services:
   traefik:
@@ -29,7 +32,6 @@ services:
       - "8080:8080"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
-    network_mode: bridge
 
   api:
     restart: always
@@ -51,7 +53,23 @@ services:
       - "traefik.http.routers.api.rule=PathPrefix(`/api`)"
       - "traefik.http.routers.api.entrypoints=http"
       - "traefik.http.services.api.loadbalancer.server.port=8080"
-    network_mode: bridge
+
+  admin:
+    restart: always
+    build:
+      context: .
+      dockerfile: Dockerfile.admin
+    image: "arewefastyet-admin"
+    container_name: "admin"
+    volumes:
+      - "./config/dev/config.yaml:/config/config.yaml"
+      - "./config/dev/secrets.yaml:/config/secrets.yaml"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.admin.rule=Host(`localhost`)"
+      - "traefik.http.routers.admin.rule=PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.entrypoints=http"
+      - "traefik.http.services.admin.loadbalancer.server.port=8081"
 
   frontend:
     build:
@@ -67,7 +85,6 @@ services:
       - "traefik.http.routers.frontend.rule=Host(`localhost`)"
       - "traefik.http.routers.frontend.entrypoints=http"
       - "traefik.http.services.frontend.loadbalancer.server.port=5173"
-    network_mode: bridge
 
   cleanup_executions:
     image: alpine
diff --git a/docs/arewefastyet_admin.md b/docs/arewefastyet_admin.md
index 2f34f493..f8684036 100644
--- a/docs/arewefastyet_admin.md
+++ b/docs/arewefastyet_admin.md
@@ -9,6 +9,7 @@ arewefastyet admin [flags]
 ### Options
 
 ```
+      --admin-auth string                      The salt string to salt the GitHub Token
       --admin-gh-app-id string                 The ID of the GitHub App
       --admin-gh-app-secret string             The secret of the GitHub App
       --admin-mode string                      Specify the mode on which the server will run
diff --git a/docs/arewefastyet_api.md b/docs/arewefastyet_api.md
index 5666b5e8..c12dacea 100644
--- a/docs/arewefastyet_api.md
+++ b/docs/arewefastyet_api.md
@@ -9,6 +9,7 @@ arewefastyet api [flags]
 ### Options
 
 ```
+      --admin-auth string                        The salt string to salt the GitHub Token
       --gh-app-id int                            ID of the GitHub App
       --gh-installation-id int                   GitHub installation ID of this app
       --gh-port string                           Port on which to run the github app (default "8181")
diff --git a/go.mod b/go.mod
index 2ce13af1..19a86d97 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,6 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/frankban/quicktest v1.14.6
 	github.com/gin-contrib/cors v1.7.2
-	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/google/go-github v17.0.0+incompatible
@@ -62,9 +61,6 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v62 v62.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/gorilla/context v1.1.2 // indirect
-	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.2.2 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
diff --git a/go.sum b/go.sum
index c76f386a..4f8633b3 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,6 @@ github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
 github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
-github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
-github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
@@ -83,16 +81,8 @@ github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vh
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
-github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
-github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
diff --git a/go/admin/admin.go b/go/admin/admin.go
index f6642f6a..be397db5 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -21,13 +21,9 @@ package admin
 import (
 	"errors"
 	"net/http"
-	"path/filepath"
-	"runtime"
 	"time"
 
 	"github.com/gin-contrib/cors"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -40,6 +36,7 @@ const (
 	flagMode           = "admin-mode"
 	flagAdminAppId     = "admin-gh-app-id"
 	flagAdminAppSecret = "admin-gh-app-secret"
+	flagGhAuth         = "admin-auth"
 )
 
 type Admin struct {
@@ -48,6 +45,7 @@ type Admin struct {
 
 	ghAppId     string
 	ghAppSecret string
+	auth        string
 
 	dbCfg    *psdb.Config
 	dbClient *psdb.Client
@@ -60,11 +58,13 @@ func (a *Admin) AddToCommand(cmd *cobra.Command) {
 	cmd.Flags().Var(&a.Mode, flagMode, "Specify the mode on which the server will run")
 	cmd.Flags().StringVar(&a.ghAppId, flagAdminAppId, "", "The ID of the GitHub App")
 	cmd.Flags().StringVar(&a.ghAppSecret, flagAdminAppSecret, "", "The secret of the GitHub App")
+	cmd.Flags().StringVar(&a.auth, flagGhAuth, "", "The salt string to salt the GitHub Token")
 
 	_ = viper.BindPFlag(flagPort, cmd.Flags().Lookup(flagPort))
 	_ = viper.BindPFlag(flagMode, cmd.Flags().Lookup(flagMode))
 	_ = viper.BindPFlag(flagAdminAppId, cmd.Flags().Lookup(flagAdminAppId))
 	_ = viper.BindPFlag(flagAdminAppSecret, cmd.Flags().Lookup(flagAdminAppSecret))
+	_ = viper.BindPFlag(flagGhAuth, cmd.Flags().Lookup(flagGhAuth))
 
 	if a.dbCfg == nil {
 		a.dbCfg = &psdb.Config{}
@@ -107,24 +107,18 @@ func (a *Admin) Run() error {
 		return errors.New(server.ErrorIncorrectConfiguration)
 	}
 
-	_, b, _, _ := runtime.Caller(0)
-	basepath := filepath.Dir(b)
-
 	a.Mode.SetGin()
 	a.router = gin.Default()
 
-	store := cookie.NewStore([]byte("secret"))
-	a.router.Use(sessions.Sessions("mysession", store))
-
-	a.router.Static("/assets", filepath.Join(basepath, "assets"))
+	a.router.Static("/admin/assets", "/go/admin/assets")
 
-	a.router.LoadHTMLGlob(filepath.Join(basepath, "templates/*"))
+	a.router.LoadHTMLGlob("/go/admin/templates/*")
 
 	a.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET"},
+		AllowMethods:     []string{"GET", "POST"},
 		AllowHeaders:     []string{"Origin"},
-		ExposeHeaders:    []string{"Content-Length"},
+		ExposeHeaders:    []string{"Content-Length", "Content-Type"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
 	}))
@@ -133,6 +127,7 @@ func (a *Admin) Run() error {
 	a.router.GET("/admin", a.login)
 	a.router.GET("/admin/login", a.handleGitHubLogin)
 	a.router.GET("/admin/auth/callback", a.handleGitHubCallback)
+	a.router.POST("/admin/executions/add", a.authMiddleware(), a.handleExecutionsAdd)
 	a.router.GET("/admin/dashboard", a.authMiddleware(), a.dashboard)
 
 	return a.router.Run(":" + a.port)
diff --git a/go/admin/api.go b/go/admin/api.go
index 3b2ed66a..6a4a94a0 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -19,11 +19,14 @@
 package admin
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"net/http"
 	"strings"
+	"sync"
+	"time"
 
-	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	goGithub "github.com/google/go-github/github"
 	"github.com/labstack/gommon/random"
@@ -36,9 +39,13 @@ var (
 	oauthConf = &oauth2.Config{
 		Scopes:      []string{"read:org"}, // Request access to read organization membership
 		Endpoint:    github.Endpoint,
-		RedirectURL: "http://localhost:8081/admin/auth/callback",
+		RedirectURL: "http://localhost/admin/auth/callback",
 	}
 	oauthStateString = random.String(10) // A random string to protect against CSRF attacks
+	orgName          = "vitessio"
+	tokens           = make(map[string]oauth2.Token)
+
+	mu sync.Mutex
 )
 
 const (
@@ -46,6 +53,14 @@ const (
 	arewefastyetTeamGitHub = "arewefastyet"
 )
 
+type ExecutionRequest struct {
+	Auth               string   `json:"auth"`
+	Source             string   `json:"source"`
+	SHA                string   `json:"sha"`
+	Workloads          []string `json:"workloads"`
+	NumberOfExecutions string   `json:"number_of_executions"`
+}
+
 func (a *Admin) login(c *gin.Context) {
 	a.render(c, gin.H{}, "login.html")
 }
@@ -54,22 +69,62 @@ func (a *Admin) dashboard(c *gin.Context) {
 	a.render(c, gin.H{}, "base.html")
 }
 
+func CreateGhClient(token *oauth2.Token) *goGithub.Client {
+	return goGithub.NewClient(oauthConf.Client(context.Background(), token))
+}
+
 func (a *Admin) authMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		session := sessions.Default(c)
-		user := session.Get("user")
-		if user == nil {
-			// User not authenticated, redirect to login
+		cookie, err := c.Cookie("tk")
+		if err != nil {
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
 			return
 		}
 
-		// User is authenticated, proceed to the next handler
+		mu.Lock()
+		token, ok := tokens[cookie]
+		mu.Unlock()
+		if !ok {
+			c.Redirect(http.StatusSeeOther, "/admin/login")
+			c.Abort()
+			return
+		}
+
+		client := CreateGhClient(&token)
+
+		isMaintainer, err := a.GetUser(client)
+
+		if err != nil {
+			slog.Error("Error getting user: ", err)
+			c.AbortWithStatus(http.StatusInternalServerError)
+			return
+		}
+
+		if !isMaintainer {
+			c.String(http.StatusForbidden, "You must be a maintainer in the %s organization to access this page.", orgName)
+			c.Abort()
+			return
+		}
+
 		c.Next()
 	}
 }
 
+func (a *Admin) GetUser(client *goGithub.Client) (bool, error) {
+	user, _, err := client.Users.Get(context.Background(), "")
+	if err != nil {
+		return false, err
+	}
+
+	isMaintainer, err := a.checkUserOrgMembership(client, user.GetLogin(), orgName)
+	if err != nil {
+		return false, err
+	}
+
+	return isMaintainer, nil
+}
+
 func (a *Admin) handleGitHubLogin(c *gin.Context) {
 	if a.Mode == server.ProductionMode {
 		oauthConf.RedirectURL = "https://benchmark.vitess.io/admin/auth/callback"
@@ -95,29 +150,29 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 		return
 	}
 
-	client := goGithub.NewClient(oauthConf.Client(context.Background(), token))
+	client := CreateGhClient(token)
 
-	user, _, err := client.Users.Get(context.Background(), "")
+	isMaintainer, err := a.GetUser(client)
 	if err != nil {
-		slog.Error("Failed to get user: ", err)
+		slog.Error("Failed to get user information: ", err)
 		c.AbortWithStatus(http.StatusInternalServerError)
 		return
 	}
 
-	slog.Infof("Authenticated user: %s", user.GetLogin())
+	if isMaintainer {
+		mu.Lock()
+		defer mu.Unlock()
 
-	orgName := "vitessio"
-	isMaintainer, err := a.checkUserOrgMembership(client, user.GetLogin(), orgName)
-	if err != nil {
-		slog.Error("Error checking org membership: ", err)
-		c.AbortWithStatus(http.StatusInternalServerError)
-		return
-	}
+		randomKey := random.String(32)
+		tokens[randomKey] = *token
 
-	if isMaintainer {
-		session := sessions.Default(c)
-		session.Set("user", user.GetLogin())
-		_ = session.Save()
+		domain := "localhost"
+
+		if a.Mode == server.ProductionMode {
+			domain = "benchmark.vitess.io"
+		}
+
+		c.SetCookie("tk", randomKey, int(time.Hour.Seconds()), "/", domain, true, true)
 
 		c.Redirect(http.StatusSeeOther, "/admin/dashboard")
 	} else {
@@ -149,3 +204,88 @@ func (a *Admin) checkUserOrgMembership(client *goGithub.Client, username, orgNam
 	}
 	return isMember, nil
 }
+
+func (a *Admin) handleExecutionsAdd(c *gin.Context) {
+	source := c.PostForm("source")
+	sha := c.PostForm("sha")
+	workloads := c.PostFormArray("workloads")
+	numberOfExecutions := c.PostForm("numberOfExecutions")
+
+	if source == "" || sha == "" || len(workloads) == 0 || numberOfExecutions == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Missing required fields: Source and/or SHA"})
+		return
+	}
+
+	tokenKey, err := c.Cookie("tk")
+	if err != nil {
+		slog.Error("Failed to get token from cookie: ", err)
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	mu.Lock()
+	defer mu.Unlock()
+
+	token, exists := tokens[tokenKey]
+
+	if !exists {
+		slog.Error("Failed to get token from map")
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	encryptedToken, err := server.Encrypt(token.AccessToken, a.auth)
+
+	if err != nil {
+		slog.Error("Failed to encrypt token: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to encrypt token"})
+		return
+	}
+
+	requestPayload := ExecutionRequest{
+		Auth:               encryptedToken,
+		Source:             source,
+		SHA:                sha,
+		Workloads:          workloads,
+		NumberOfExecutions: numberOfExecutions,
+	}
+
+	jsonData, err := json.Marshal(requestPayload)
+
+	if err != nil {
+		slog.Error("Failed to marshal request payload: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to marshal request payload"})
+		return
+	}
+
+	serverAPIURL := "http://traefik/api/executions/add"
+	if a.Mode == server.ProductionMode {
+		serverAPIURL = "https://benchmark.vitess.io/api/executions/add"
+	}
+
+	req, err := http.NewRequest("POST", serverAPIURL, bytes.NewBuffer(jsonData))
+	if err != nil {
+		slog.Error("Failed to create new HTTP request: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create request to server API"})
+		return
+	}
+	req.Header.Set("Content-Type", "application/json")
+
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		slog.Error("Failed to send request to server API: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send request to server API"})
+		return
+	}
+
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusCreated {
+		slog.Error("Server API returned an error: ", resp.Status)
+		c.JSON(resp.StatusCode, gin.H{"error": "Failed to process request on server API"})
+		return
+	}
+
+	c.JSON(http.StatusCreated, gin.H{"message": "Execution(s) added successfully"})
+}
diff --git a/go/admin/templates/base.html b/go/admin/templates/base.html
index 29fc33c9..146031e9 100644
--- a/go/admin/templates/base.html
+++ b/go/admin/templates/base.html
@@ -1,38 +1,22 @@
 <!DOCTYPE html>
 <html lang="en">
-
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Admin Dashboard</title>
-    <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Arewefastyet Admin</title>
+    <link rel="icon" type="image/png" href="/admin/assets/favicon.ico" />
+    <link
+      href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css"
+      rel="stylesheet"
+    />
     <script src="https://unpkg.com/htmx.org@1.9.2"></script>
-</head>
-
-<body class="bg-gray-900">
-    <div class="flex h-screen">
-        <!-- Sidebar -->
-        <div class="bg-white w-1/4 p-4">
-            <div hx-get="/sidebar" hx-target="#sidebar" hx-swap="outerHTML">
-                Loading Sidebar...
-            </div>
-        </div>
+  </head>
 
-        <!-- Main Content -->
-        <div class="bg-white flex-1 p-8">
-            <!-- Header -->
-            <div id="header" hx-get="/header" hx-target="#header" hx-swap="outerHTML">
-                Loading Header...
-            </div>
-
-            <!-- Dynamic Content -->
-            <div id="content" class="mt-4">
-                <div hx-get="/content" hx-target="#content" hx-swap="outerHTML">
-                    Loading Content...
-                </div>
-            </div>
-        </div>
+  <body class="h-screen w-screen">
+    {{ template "header.html" . }}
+    <div class="flex h-full">
+      <div class="bg-white w-1/5 h-full">{{ template "sidebar.html" . }}</div>
+      <div class="bg-white flex-1 p-8">{{ template "content.html" . }}</div>
     </div>
-</body>
-
+  </body>
 </html>
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 521a2d5a..dd90cd5b 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -1,4 +1,143 @@
 <div id="content">
-    <h3 class="text-xl font-semibold text-orange-500 mb-4">Welcome to the Admin Dashboard</h3>
-    <p>Use the sidebar to navigate through different sections of the dashboard.</p>
+  <form>
+    <div class="flex flex-row gap-4">
+      <div>
+        <label class="label">Source (execution's trigger/reason)</label>
+        <input
+          class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+          type="text"
+          name="source"
+          value="admin"
+        />
+      </div>
+      <div>
+        <label class="label">SHA</label>
+        <input
+          class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+          type="text"
+          class="form-control"
+          name="sha"
+        />
+      </div>
+    </div>
+    <label>Workloads</label>
+    <div class="flex flex-row gap-4">
+      <div class="flex flex-col">
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="all"
+            checked
+          />
+          All</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP"
+          />
+          OLTP</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP-READONLY"
+          />
+          OLTP-READONLY</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP-SET"
+          />
+          OLTP-SET</label
+        >
+      </div>
+      <div class="flex flex-col">
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC"
+          />
+          TPCC</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_FK"
+          />
+          TPCC_FK</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_FK_UNMANAGED"
+          />
+          TPCC_FK_UNMANAGED</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_UNSHARDED"
+          />
+          TPCC_UNSHARDED</label
+        >
+      </div>
+    </div>
+    <div>
+      <label class="label">Number of executions</label>
+      <input
+        class="shadow appearance-none border rounded w-20 py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+        type="number"
+        name="numberOfExecutions"
+        value="1"
+        min="1"
+        max="10"
+      />
+    </div>
+
+    <button
+      hx-post="/admin/executions/add"
+      hx-target="#response"
+      class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
+      type="submit"
+    >
+      Add Execution
+    </button>
+  </form>
+  <div id="response" class="mt-4"></div>
 </div>
+
+<script>
+  document.body.addEventListener("htmx:responseError", function(e) {
+    error = e.detail.xhr.response;
+    errorMessage = JSON.parse(error).error;
+    document.getElementById("response").classList.add("text-red-500");
+    document.getElementById("response").innerHTML = errorMessage;
+});
+
+// Display success on 201
+document.body.addEventListener("htmx:afterOnLoad", function(e) {
+  if (e.detail.xhr.status == 201) {
+    document.getElementById("response").classList.remove("text-red-500");
+    document.getElementById("response").classList.add("text-green-500");
+    document.getElementById("response").innerHTML = "Execution added successfully!";
+  }
+});
+</script>
\ No newline at end of file
diff --git a/go/admin/templates/executions.html b/go/admin/templates/executions.html
deleted file mode 100644
index 5a985748..00000000
--- a/go/admin/templates/executions.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<div id="content">
-    <h3 class="text-xl font-semibold text-orange-500 mb-4">Add new executions</h3>
-    <form action="/api/execute" method="post" class="space-y-4">
-        <div class="flex gap-4">
-            <input type="text" name="source" placeholder="Source" class="border p-2 w-full rounded">
-            <input type="text" name="sha" placeholder="SHA" class="border p-2 w-full rounded">
-        </div>
-
-        <div class="grid grid-cols-2 gap-4">
-            <div>
-                <label class="block mb-2 font-semibold">Workloads</label>
-                <div class="space-y-2">
-                    <div>
-                        <label>
-                            <input type="checkbox" name="workloads" value="all" class="mr-2">
-                            All
-                        </label>
-                    </div>
-                    <!-- Add more checkboxes as needed -->
-                </div>
-            </div>
-            <!-- More fields as needed -->
-        </div>
-
-        <div>
-            <label class="block mb-2 font-semibold">Counter</label>
-            <input type="number" name="counter" value="10" class="border p-2 rounded w-20">
-        </div>
-
-        <div>
-            <button type="submit" class="bg-orange-500 text-white px-4 py-2 rounded hover:bg-orange-600 transition">
-                Add Executions
-            </button>
-        </div>
-    </form>
-</div>
diff --git a/go/admin/templates/header.html b/go/admin/templates/header.html
index 177d4edd..7e1267cb 100644
--- a/go/admin/templates/header.html
+++ b/go/admin/templates/header.html
@@ -1,3 +1,18 @@
-<div class="border-b-2 pb-4 mb-6">
-    <h2 class="text-2xl font-bold text-gray-700">Admin Dashboard</h2>
-</div>
+<nav
+  class="w-full flex justify-between lg:justify-center p-4 border-b-2"
+>
+    <a href="/admin/dashboard" class="cursor-pointer flex flex-1 gap-x-2 items-center">
+      <img
+        src="/admin/assets/logo.png"
+        alt="Logo"
+        class="w-8"
+      />
+      <h1 class="font-semilight text-lg md:hidden lg:block">arewefastyet</h1>
+    </a>
+  <a
+    href="https://benchmark.vitess.io/"
+    target="_blank"
+    class="text-orange-500 align-middle"
+    >arewefastyet website</a
+  >
+</nav>
diff --git a/go/admin/templates/login.html b/go/admin/templates/login.html
index 593d9330..6cbdc7e5 100644
--- a/go/admin/templates/login.html
+++ b/go/admin/templates/login.html
@@ -1,24 +1,26 @@
 <!DOCTYPE html>
 <html lang="en">
-
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Admin Login Page</title>
-    <link href="https://unpkg.com/tailwindcss@1.9.6/dist/tailwind.min.css" rel="stylesheet">
-</head>
+    <link
+      href="https://unpkg.com/tailwindcss@1.9.6/dist/tailwind.min.css"
+      rel="stylesheet"
+    />
+  </head>
 
-<body class="flex flex-col items-center justify-center h-screen bg-white">
+  <body class="flex flex-col items-center justify-center h-screen bg-white">
     <div class="flex flex-row">
-        <img src="/assets/logo.png" class="h-12" alt="logo">
-        <h1 class="text-3xl font-bold mb-2">arewefastyet</h1>
+      <img src="/admin/assets/logo.png" class="h-12" alt="logo" />
+      <h1 class="text-3xl font-bold mb-2">arewefastyet</h1>
     </div>
     <h2 class="text-5xl font-semibold text-orange-500 mb-8">Admin Login</h2>
-    <img src="/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32">
+    <img src="/admin/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32" />
     <button
-        class="bg-black text-white flex items-center justify-center gap-2 px-4 py-2 rounded-md hover:bg-gray-800 transition mx-auto">
-        <a href="/admin/login">Sign in with GitHub</a>
+      class="bg-black text-white flex items-center justify-center gap-2 px-4 py-2 rounded-md hover:bg-gray-800 transition mx-auto"
+    >
+      <a href="/admin/login">Sign in with GitHub</a>
     </button>
-</body>
-
-</html>
\ No newline at end of file
+  </body>
+</html>
diff --git a/go/admin/templates/sidebar.html b/go/admin/templates/sidebar.html
index f62fbfed..684a557a 100644
--- a/go/admin/templates/sidebar.html
+++ b/go/admin/templates/sidebar.html
@@ -1,17 +1,9 @@
-<div id="sidebar">
-    <div class="mb-8">
-        <img src="/assets/logo.png" alt="Logo" class="mb-4" style="max-width: 100px;">
-        <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
-    </div>
-    <nav>
-        <ul>
-            <li class="mb-4">
-                <a href="#" hx-get="/executions" hx-target="#content" hx-swap="outerHTML" class="text-orange-500 font-semibold">Add new executions</a>
-            </li>
-            <li class="mb-4">
-                <a href="#" hx-get="/settings" hx-target="#content" hx-swap="outerHTML" class="text-gray-500 hover:text-orange-500">Settings</a>
-            </li>
-            <!-- Add more links here as needed -->
-        </ul>
-    </nav>
+<div class="border-r-2 h-full p-4">
+    <ul>
+      <li class="my-4 hover:bg-slate-400">
+        <a class="text-orange-500 font-semibold text-lg"
+          >Add new executions</a
+        >
+      </li>
+    </ul>
 </div>
diff --git a/go/server/api.go b/go/server/api.go
index cf11de6b..76b9c4f2 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -27,11 +27,13 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	"github.com/vitessio/arewefastyet/go/exec"
 	"github.com/vitessio/arewefastyet/go/tools/git"
 	"github.com/vitessio/arewefastyet/go/tools/github"
 	"github.com/vitessio/arewefastyet/go/tools/macrobench"
 	"github.com/vitessio/arewefastyet/go/tools/microbench"
+	"github.com/vitessio/arewefastyet/go/tools/server"
 	"golang.org/x/exp/slices"
 )
 
@@ -536,3 +538,82 @@ func (s *Server) getHistory(c *gin.Context) {
 
 	c.JSON(http.StatusOK, results)
 }
+
+type ExecutionRequest struct {
+	Auth               string   `json:"auth"`
+	Source             string   `json:"source"`
+	SHA                string   `json:"sha"`
+	Workloads          []string `json:"workloads"`
+	NumberOfExecutions string   `json:"number_of_executions"`
+}
+
+func (s *Server) addExecutions(c *gin.Context) {
+	var req ExecutionRequest
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
+		return
+	}
+
+	decryptedToken, err := server.Decrypt(req.Auth, s.ghTokenSalt)
+	if err != nil {
+		slog.Error(err)
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		return
+	}
+
+	isUserAuthenticated, err := IsUserAuthenticated(decryptedToken)
+	if err != nil || !isUserAuthenticated {
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "isUserAuthenticated Unauthorized"})
+		return
+	}
+
+	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
+		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
+		return
+	}
+
+	if len(req.Workloads) == 1 && req.Workloads[0] == "all" {
+		req.Workloads = s.workloads
+	}
+	execs, err := strconv.Atoi(req.NumberOfExecutions)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "numberOfExecutions must be an integer"})
+		return
+	}
+	newElements := make([]*executionQueueElement, 0, execs*len(req.Workloads))
+
+	for _, workload := range req.Workloads {
+		for i := 0; i < execs; i++ {
+			elem := s.createSimpleExecutionQueueElement(s.benchmarkConfig[strings.ToLower(workload)], req.Source, req.SHA, workload, string(macrobench.Gen4Planner), false, 0, git.Version{})
+			elem.identifier.UUID = uuid.NewString()
+			newElements = append(newElements, elem)
+		}
+	}
+
+	s.appendToQueue(newElements)
+
+	c.JSON(http.StatusCreated, "")
+}
+
+func IsUserAuthenticated(accessToken string) (bool, error) {
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
+	if err != nil {
+		slog.Error("Error creating request to Github: %v", err)
+		return false, err
+	}
+
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		slog.Error("Error making request to Github: %v", err)
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	return resp.StatusCode == http.StatusOK, nil
+}
diff --git a/go/server/cron.go b/go/server/cron.go
index 7cf2cbc1..48ce9be8 100644
--- a/go/server/cron.go
+++ b/go/server/cron.go
@@ -40,10 +40,10 @@ type (
 
 	executionIdentifier struct {
 		GitRef, Source, Workload, PlannerVersion string
-		PullNb                                        int
-		PullBaseRef                                   string
-		Version                                       git.Version
-		UUID                                          string
+		PullNb                                   int
+		PullBaseRef                              string
+		Version                                  git.Version
+		UUID                                     string
 	}
 
 	executionQueue map[executionIdentifier]*executionQueueElement
@@ -172,6 +172,10 @@ func (s *Server) addToQueue(element *executionQueueElement) {
 	}
 
 	// Add all the elements to the queue
+	s.appendToQueue(execElements)
+}
+
+func (s *Server) appendToQueue(execElements []*executionQueueElement) {
 	for _, execElement := range execElements {
 		// Check if the exact same benchmark is already in the queue
 		_, found := queue[execElement.identifier]
diff --git a/go/server/server.go b/go/server/server.go
index 50fc42f3..ddd5fb6e 100644
--- a/go/server/server.go
+++ b/go/server/server.go
@@ -50,6 +50,7 @@ const (
 	flagFilterBySource                       = "web-source-filter"
 	flagExcludeFilterBySource                = "web-source-exclude-filter"
 	flagRequestRunKey                        = "web-request-run-key"
+	flagGhAuth                               = "admin-auth"
 
 	// keyMinimumVitessVersion is used to define on which minimum Vitess version a given
 	// benchmark should be run. Only the major version is counted. This key/value is located
@@ -95,7 +96,8 @@ type Server struct {
 	sourceFilter        []string
 	excludeSourceFilter []string
 
-	ghApp *github.App
+	ghApp       *github.App
+	ghTokenSalt string
 
 	requestRunKey string
 
@@ -119,6 +121,7 @@ func (s *Server) AddToCommand(cmd *cobra.Command) {
 	cmd.Flags().StringSliceVar(&s.sourceFilter, flagFilterBySource, nil, "List of execution source that should be run. By default, all sources are ran.")
 	cmd.Flags().StringSliceVar(&s.excludeSourceFilter, flagExcludeFilterBySource, nil, "List of execution source to not execute. By default, all sources are ran.")
 	cmd.Flags().StringVar(&s.requestRunKey, flagRequestRunKey, "", "Key to authenticate requests for custom benchmark runs.")
+	cmd.Flags().StringVar(&s.ghTokenSalt, flagGhAuth, "", "The salt string to salt the GitHub Token")
 
 	_ = viper.BindPFlag(flagPort, cmd.Flags().Lookup(flagPort))
 	_ = viper.BindPFlag(flagVitessPath, cmd.Flags().Lookup(flagVitessPath))
@@ -132,6 +135,7 @@ func (s *Server) AddToCommand(cmd *cobra.Command) {
 	_ = viper.BindPFlag(flagFilterBySource, cmd.Flags().Lookup(flagFilterBySource))
 	_ = viper.BindPFlag(flagExcludeFilterBySource, cmd.Flags().Lookup(flagExcludeFilterBySource))
 	_ = viper.BindPFlag(flagRequestRunKey, cmd.Flags().Lookup(flagRequestRunKey))
+	_ = viper.BindPFlag(flagGhAuth, cmd.Flags().Lookup(flagGhAuth))
 
 	s.slackConfig.AddToCommand(cmd)
 	if s.dbCfg == nil {
@@ -223,8 +227,8 @@ func (s *Server) Run() error {
 
 	s.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET"},
-		AllowHeaders:     []string{"Origin"},
+		AllowMethods:     []string{"GET", "POST"},
+		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url", "Content-Type"},
 		ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
@@ -249,6 +253,7 @@ func (s *Server) Run() error {
 	s.router.GET("/api/status/stats", s.getStatusStats)
 	s.router.GET("/api/run/request", s.requestRun)
 	s.router.GET("/api/run/delete", s.deleteRun)
+	s.router.POST("/api/executions/add", s.addExecutions)
 
 	return s.router.Run(":" + s.port)
 }
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index f31f85dd..27024f2a 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -18,6 +18,68 @@
 
 package server
 
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+)
+
 const (
 	ErrorIncorrectConfiguration = "incorrect configuration"
 )
+
+func Encrypt(stringToEncrypt string, keyString string) (string, error) {
+	key, _ := hex.DecodeString(keyString)
+	plaintext := []byte(stringToEncrypt)
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	nonce := make([]byte, aesGCM.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		return "", err
+	}
+
+	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
+	return fmt.Sprintf("%x", ciphertext), nil
+}
+
+func Decrypt(encryptedString string, keyString string) (string, error) {
+	key, _ := hex.DecodeString(keyString)
+	enc, _ := hex.DecodeString(encryptedString)
+
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		return "", err
+	}
+
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		return "", err
+	}
+
+	nonceSize := aesGCM.NonceSize()
+
+	if len(enc) <= nonceSize {
+		return "", fmt.Errorf("encrypted string is too short")
+	}
+
+	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
+
+	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		return "", err
+	}
+
+	return string(plaintext), nil
+}