diff --git a/.env b/.env
new file mode 100644
index 0000000..f78caf6
--- /dev/null
+++ b/.env
@@ -0,0 +1 @@
+FLASK_SECRET_KEY=dev_test
diff --git a/.gitignore b/.gitignore
index 1cda462..0b936da 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,5 @@
 data/db/*
 data/static/avatars/*
 !data/static/avatars/default.webp
+
+config/secrets.prod.env
diff --git a/app/__init__.py b/app/__init__.py
index 3be187d..496f30b 100644
--- a/app/__init__.py
+++ b/app/__init__.py
@@ -1,4 +1,5 @@
 from flask import Flask
+from dotenv import load_dotenv
 import os
 
 def create_app():
@@ -8,9 +9,12 @@ def create_app():
         app.static_folder = os.path.join(os.path.dirname(__file__), "../data/static")
         app.debug = True
         app.config["DB_PATH"] = "data/db/db.dev.sqlite"
+        load_dotenv()
     else:
         app.config["DB_PATH"] = "data/db/db.prod.sqlite"
 
+    app.config["SECRET_KEY"] = os.getenv("FLASK_SECRET_KEY")
+
     os.makedirs(os.path.dirname(app.config["DB_PATH"]), exist_ok = True)
     with app.app_context():
         from .schema import create as create_tables
diff --git a/config/secrets.prod.env.example b/config/secrets.prod.env.example
new file mode 100644
index 0000000..14a92b6
--- /dev/null
+++ b/config/secrets.prod.env.example
@@ -0,0 +1 @@
+FLASK_SECRET_KEY=your_cryptographically_secure_key_here
diff --git a/docker-compose.yml b/docker-compose.yml
index 706a5c2..0169f55 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -10,4 +10,6 @@ services:
       - ./data/db:/app/data/db
     environment:
       - PYROM_PROD=true
+    env_file:
+      - config/secrets.prod.env
     restart: unless-stopped
diff --git a/requirements.txt b/requirements.txt
index 06db0fc..be66417 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,3 +1,4 @@
 flask
 argon2-cffi
 wand
+dotenv