diff --git a/gensec.py b/gensec.py
new file mode 100644
index 0000000..71ada23
--- /dev/null
+++ b/gensec.py
@@ -0,0 +1,28 @@
+import os.path
+import random
+import string
+import base64
+
+def get_random_secret(length):
+    secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
+    secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
+    secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
+    return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))
+
+
+# This is the secret key used by Flask session management
+SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))
+
+# You should consider storing these separately from your config
+LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
+                                         base64.b64encode(get_random_secret(32).encode('utf8'))))
+# This must match the key for whichever DB the container is using - this could be a dump of dev or test, or a unique key
+LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
+                                            base64.b64encode(get_random_secret(32).encode('utf8')).decode('utf8')))
+
+names = ['SECRET_KEY', 'LEMUR_TOKEN_SECRET', 'LEMUR_ENCRYPTION_KEYS']
+
+for name in names:
+    text_file = open("./lemur_keys/" + name, "w")
+    n = text_file.write(globals()[name])
+    text_file.close()
\ No newline at end of file
diff --git a/lemur.conf.py b/lemur.conf.py
index 7fb16dc..dc52b4d 100644
--- a/lemur.conf.py
+++ b/lemur.conf.py
@@ -17,23 +17,26 @@
 debug = os.environ.get("DEBUG") == "True"
 
 
-def get_random_secret(length):
-    secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
-    secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
-    secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
-    return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))
+#def get_random_secret(length):
+#    secret_key = ''.join(random.choice(string.ascii_uppercase) for x in range(round(length / 4)))
+#    secret_key = secret_key + ''.join(random.choice("~!@#$%^&*()_+") for x in range(round(length / 4)))
+#    secret_key = secret_key + ''.join(random.choice(string.ascii_lowercase) for x in range(round(length / 4)))
+#    return secret_key + ''.join(random.choice(string.digits) for x in range(round(length / 4)))
 
 
 # This is the secret key used by Flask session management
-SECRET_KEY = repr(os.environ.get('SECRET_KEY', get_random_secret(32).encode('utf8')))
-
+SECRET_KEY = ""
 # You should consider storing these separately from your config
-LEMUR_TOKEN_SECRET = repr(os.environ.get('LEMUR_TOKEN_SECRET',
-                                         base64.b64encode(get_random_secret(32).encode('utf8'))))
+LEMUR_TOKEN_SECRET = ""
 # This must match the key for whichever DB the container is using - this could be a dump of dev or test, or a unique key
-LEMUR_ENCRYPTION_KEYS = repr(os.environ.get('LEMUR_ENCRYPTION_KEYS',
-                                            base64.b64encode(get_random_secret(32).encode('utf8')).decode('utf8')))
+LEMUR_ENCRYPTION_KEYS = ""
+
+names = ['SECRET_KEY', 'LEMUR_TOKEN_SECRET', 'LEMUR_ENCRYPTION_KEYS']
 
+for name in names:
+    text_file = open("/home/lemur/.lemur/lemur_keys/" + name, "r")
+    globals()[name] = text_file.read()
+    text_file.close()
 REDIS_HOST = 'redis'
 REDIS_PORT = 6379
 REDIS_DB = 0
diff --git a/setup_cfssl.sh b/setup_cfssl.sh
index 20572c2..3c5e57b 100755
--- a/setup_cfssl.sh
+++ b/setup_cfssl.sh
@@ -71,6 +71,9 @@ then
 
     git clone --depth=1 https://github.com/Netflix/lemur.git lemur-build-docker/lemur
 
+    mkdir lemur_keys
+    python3 gensec.py
+
     #start everything
     docker-compose up -d