diff --git a/dynamicweb/settings.py b/dynamicweb/settings.py
index cdaf12e5..08b8e93f 100644
--- a/dynamicweb/settings.py
+++ b/dynamicweb/settings.py
@@ -35,8 +35,9 @@ LOGIN_REDIRECT_URL = None
 EMAIL_HOST="localhost"
 EMAIL_PORT=25
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'xlhyv_l5-z6e8_@q6)n0up1a0$5-aad7d)om2t8g$bi6*@q44i'
+SECRET_KEY_FILE = os.path.join(BASE_DIR, "secret-key")
+with open(SECRET_KEY_FILE, "r") as f:
+    SECRET_KEY = f.read().strip()
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False