diff --git a/apisix/admin/init.lua b/apisix/admin/init.lua
index f81bc8ee827c..8615f13ac021 100644
--- a/apisix/admin/init.lua
+++ b/apisix/admin/init.lua
@@ -69,7 +69,7 @@ local function check_token(ctx)
     local local_conf = core.config.local_conf()
 
     -- check if admin_key is required
-    if not local_conf.deployment.admin.admin_key_required then
+    if local_conf.deployment.admin.admin_key_required == false then
         return true
     end
 
@@ -402,7 +402,7 @@ function _M.init_worker()
 
     if ngx_worker_id() == 0 then
         -- check if admin_key is required
-        if not local_conf.deployment.admin.admin_key_required then
+        if local_conf.deployment.admin.admin_key_required == false then
             core.log.warn("Admin key is bypassed! ",
                 "If you are deploying APISIX in a production environment, ",
                 "please disable it and set a secure password for the admin Key!")
diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index 40dd14da1eaf..cb5c715e2949 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -190,7 +190,7 @@ local function init(env)
         checked_admin_key = true
     end
     -- check if admin_key is required
-    if not yaml_conf.deployment.admin.admin_key_required then
+    if yaml_conf.deployment.admin.admin_key_required == false then
         checked_admin_key = true
         print("Warning! Admin key is bypassed! "
                 .. "If you are deploying APISIX in a production environment, "
diff --git a/conf/config-default.yaml b/conf/config-default.yaml
index 098f80345026..a80f3964436c 100755
--- a/conf/config-default.yaml
+++ b/conf/config-default.yaml
@@ -590,7 +590,7 @@ deployment:
   admin:
     # admin_key required or not. Default value is true.
     # Bypass the Admin API authentication by modifying this value to false if needed.
-    admin_key_required: true
+    # admin_key_required: true
 
     # Default token when use API to call for Admin API.
     # *NOTE*: Highly recommended to modify this value to protect APISIX's Admin API.
diff --git a/t/cli/test_admin.sh b/t/cli/test_admin.sh
index 2ddacbcc8033..aad049728176 100755
--- a/t/cli/test_admin.sh
+++ b/t/cli/test_admin.sh
@@ -239,7 +239,7 @@ deployment:
 make init > output.log 2>&1 | true
 
 if grep -E "path[deployment->admin->admin_key_required] expect: boolean, but got: string" output.log > /dev/null; then
-    echo "failed: should show 'expect: boolean, but got: string'"
+    echo "check admin_key_required value failed: should show 'expect: boolean, but got: string'"
     exit 1
 fi