diff --git a/README.md b/README.md
index 60d2139..f26b5a8 100644
--- a/README.md
+++ b/README.md
@@ -121,6 +121,8 @@ These are the settings that you MUST change before deploying:
 
 - `MAILMAN_ADMIN_EMAIL`: The email for the admin user to be created by default.
 
+- `SECRET_KEY`: Django's secret key, mainly used for signing cookies and others.
+
 For more details on how to configure this image, please look at [Mailman-web's
 Readme](web/README.md)
 
diff --git a/tests/generate_tests.sh b/tests/generate_tests.sh
index 32577a4..7412dd4 100644
--- a/tests/generate_tests.sh
+++ b/tests/generate_tests.sh
@@ -16,4 +16,6 @@ services:
 
   mailman-web:
     image: maxking/mailman-web:$TAG
+    environment:
+    - SECRET_KEY=abcdefghijklmnopqrstuv
 EOF
diff --git a/web/README.md b/web/README.md
index 700af92..de1ef25 100644
--- a/web/README.md
+++ b/web/README.md
@@ -23,6 +23,8 @@ These are the settings that you MUST change before deploying:
 
 - `MAILMAN_ADMIN_EMAIL`: The email for the admin user to be created by default.
 
+- `SECRET_KEY`: Django's secret key, mainly used for signing cookies and others.
+
 These are the settings that are set to sane default and you do not need to
 change them unless you know what you want.
 
diff --git a/web/assets/run.sh b/web/assets/run.sh
index d97dc8c..5671a40 100755
--- a/web/assets/run.sh
+++ b/web/assets/run.sh
@@ -34,6 +34,12 @@ function check_or_create () {
 # END
 # }
 
+# Check if $SECRET_KEY is defined, if not, bail out.
+if [[ ! -v SECRET_KEY ]]; then
+	echo "SECRET_KEY is not defined. Aborting."
+	exit 1
+fi
+
 # Check if $DATABASE_URL is defined, if not, use a standard sqlite database.
 #
 # If the $DATABASE_URL is defined and is postgres, check if it is available
diff --git a/web/mailman-web/settings.py b/web/mailman-web/settings.py
index 26ebed9..a7ebba1 100644
--- a/web/mailman-web/settings.py
+++ b/web/mailman-web/settings.py
@@ -32,7 +32,7 @@ import dj_database_url
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 # SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = 'change-this-on-your-production-server'
+SECRET_KEY = os.environ.get('SECRET_KEY')
 
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False