diff --git a/kalite/settings/base.py b/kalite/settings/base.py
index 531bdc02fd..da352c8a3a 100644
--- a/kalite/settings/base.py
+++ b/kalite/settings/base.py
@@ -314,8 +314,22 @@
 USE_L10N = getattr(local_settings, "USE_L10N", False)
 
 # Make this unique, and don't share it with anybody.
-SECRET_KEY = getattr(local_settings, "SECRET_KEY",
-                     "8qq-!fa$92i=s1gjjitd&%s@4%ka9lj+=@n7a&fzjpwu%3kd#u")
+SECRET_KEY_FILE = os.path.join(USER_DATA_ROOT, "secretkey.txt")
+
+
+def generate_secret_key():
+    import uuid
+    import base64
+    key = base64.b64encode(str(uuid.uuid4()))
+    with open(SECRET_KEY_FILE, "w") as f:
+        f.write(key)
+        f.flush()
+
+if not os.path.exists(SECRET_KEY_FILE):
+    generate_secret_key()
+
+with open(SECRET_KEY_FILE) as f:
+    SECRET_KEY = getattr(local_settings, "SECRET_KEY", f.read())
 
 LANGUAGE_COOKIE_NAME = "django_language"
 
@@ -467,7 +481,7 @@
 # Separate session caching from file caching.
 SESSION_ENGINE = getattr(
     local_settings, "SESSION_ENGINE", 'django.contrib.sessions.backends.signed_cookies' + (''))
-    
+
 # Expire session cookies whenever we close the browser.
 SESSION_EXPIRE_AT_BROWSER_CLOSE = True