diff --git a/app.js b/app.js
index 8e070138d..dc5c8e586 100644
--- a/app.js
+++ b/app.js
@@ -48,14 +48,6 @@ if (!process.env.FORK) {
 
 let configFile = path.join(__dirname, '/config.yml')
 
-nconf.defaults({
-  base_dir: __dirname,
-  tokens: {
-    secret: chance.hash() + chance.md5(),
-    expires: 900
-  }
-})
-
 if (nconf.get('config')) {
   configFile = path.resolve(__dirname, nconf.get('config'))
 }
@@ -81,9 +73,18 @@ function loadConfig () {
     file: configFile,
     format: require('nconf-yaml')
   })
+
+  // Must load after file
+  nconf.defaults({
+    base_dir: __dirname,
+    tokens: {
+      secret: chance.hash() + chance.md5(),
+      expires: 900
+    }
+  })
 }
 
-function checkForOldConfig() {
+function checkForOldConfig () {
   const oldConfigFile = path.join(__dirname, '/config.json')
   if (fs.existsSync(oldConfigFile)) {
     // Convert config to yaml.
@@ -99,7 +100,7 @@ function checkForOldConfig() {
 }
 
 function start () {
-  if (!isDocker)loadConfig()
+  if (!isDocker) loadConfig()
 
   const _db = require('./src/database')
 
diff --git a/src/middleware/index.js b/src/middleware/index.js
index 132f84d86..19979513f 100644
--- a/src/middleware/index.js
+++ b/src/middleware/index.js
@@ -22,6 +22,7 @@ const insecureHandlebars = APC.allowInsecurePrototypeAccess(HandleBars)
 const hbs = require('express-hbs')
 const hbsHelpers = require('../helpers/hbs/helpers')
 const winston = require('../logger')
+const nconf = require('nconf')
 const flash = require('connect-flash')
 const bodyParser = require('body-parser')
 const cookieParser = require('cookie-parser')
@@ -72,7 +73,8 @@ module.exports = function (app, db, callback) {
     maxAge: 1000 * 60 * 60 * 24 * 365 // 1 year
   }
 
-  const sessionSecret = 'trudesk$123#SessionKeY!2387'
+  const sessionSecret = nconf.get('tokens:secret') ? nconf.get('tokens:secret') : 'trudesk$1234#SessionKeY!2288'
+
   async.waterfall(
     [
       function (next) {
diff --git a/src/socketserver.js b/src/socketserver.js
index a1c67054a..9dd8ef022 100644
--- a/src/socketserver.js
+++ b/src/socketserver.js
@@ -32,7 +32,8 @@ const socketServer = function (ws) {
 
   const socketConfig = {
     pingTimeout: nconf.get('socket:pingTimeout') ? nconf.get('socket:pingTimeout') : 15000,
-    pingInterval: nconf.get('socket:pingInterval') ? nconf.get('socket:pingInterval') : 30000
+    pingInterval: nconf.get('socket:pingInterval') ? nconf.get('socket:pingInterval') : 30000,
+    secret: nconf.get('tokens:secret') ? nconf.get('tokens:secret') : 'trudesk$1234#SessionKeY!2288'
   }
 
   const io = require('socket.io')(ws.server, {
@@ -74,7 +75,7 @@ const socketServer = function (ws) {
             cookieParser: cookieparser,
             key: 'connect.sid',
             store: ws.sessionStore,
-            secret: 'trudesk$123#SessionKeY!2387',
+            secret: socketConfig.secret,
             success: onAuthorizeSuccess
           })(data, accept)
         }