diff --git a/src/app_config.rs b/src/app_config.rs
index c809113..24280eb 100644
--- a/src/app_config.rs
+++ b/src/app_config.rs
@@ -18,6 +18,10 @@ pub struct AppConfig {
     #[clap(short, long, env)]
     pub proxy_ip: Option<String>,
 
+    /// Secret key, used to sign some resources. Must be randomly generated
+    #[clap(short = 'S', long, env, default_value = "")]
+    secret: String,
+
     /// Matrix API origin
     #[clap(short, long, env, default_value = "http://127.0.0.1:8448")]
     pub matrix_homeserver: String,
@@ -99,6 +103,21 @@ impl AppConfig {
         &ARGS
     }
 
+    /// Get app secret
+    pub fn secret(&self) -> &str {
+        let mut secret = self.secret.as_str();
+
+        if cfg!(debug_assertions) && secret.is_empty() {
+            secret = "DEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEYDEBUGKEY";
+        }
+
+        if secret.is_empty() {
+            panic!("SECRET is undefined or too short (min 64 chars)!")
+        }
+
+        secret
+    }
+
     /// Get Redis connection configuration
     pub fn redis_connection_string(&self) -> String {
         format!(
diff --git a/src/main.rs b/src/main.rs
index cb7d58a..0239672 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -15,8 +15,7 @@ async fn main() -> std::io::Result<()> {
         .await
         .expect("Failed to create bucket!");
 
-    // FIXME : not scalable
-    let secret_key = Key::generate();
+    let secret_key = Key::from(AppConfig::get().secret().as_bytes());
 
     let redis_store = RedisSessionStore::new(AppConfig::get().redis_connection_string())
         .await