diff --git a/cmd/user.go b/cmd/user.go
index 08605198..e9bc7b2e 100644
--- a/cmd/user.go
+++ b/cmd/user.go
@@ -147,7 +147,13 @@ func execUserAdd(c *cli.Context) error {
 	} else if !auth.AllowedRole(role) {
 		return errors.New("role must be either 'user' or 'admin'")
 	}
-
+	manager, err := createAuthManager(c)
+	if err != nil {
+		return err
+	}
+	if user, _ := manager.User(username); user != nil {
+		return fmt.Errorf("user %s already exists", username)
+	}
 	// If the password env var was not set, read it from stdin
 	if password == "" {
 		p, err := readPasswordAndConfirm(c)
@@ -157,14 +163,6 @@ func execUserAdd(c *cli.Context) error {
 
 		password = p
 	}
-
-	manager, err := createAuthManager(c)
-	if err != nil {
-		return err
-	}
-	if user, _ := manager.User(username); user != nil {
-		return fmt.Errorf("user %s already exists", username)
-	}
 	if err := manager.AddUser(username, password, role); err != nil {
 		return err
 	}