diff --git a/Dockerfile b/Dockerfile
index 913e6cc..ab037f6 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -20,6 +20,8 @@ RUN pip3 install --upgrade pillow --user
 EXPOSE 443
 EXPOSE 55432
 COPY . .
+RUN echo $RANDOM | md5sum | head -c 30 > /code/.sk
+RUN chmod 600 .sk
 RUN date > internal/build-date.txt
 RUN git log -n 15 > internal/git-log.txt
 RUN ln -s /code/TODO /code/internal/TODO
diff --git a/main.py b/main.py
index 7faf47d..1ae3865 100644
--- a/main.py
+++ b/main.py
@@ -29,9 +29,16 @@ app = Flask(__name__)
 
 app.config['SQLALCHEMY_DATABASE_URI'] = DB_URL
 app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
-app.config['ENV'] = os.environ['ENV']
-app.config['SECRET_KEY'] = b'my_insecure_PA_token_with_random_2134876adsfjhlkasdf87'
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 31536000
+app.config['ENV'] = os.environ['ENV']
+# if in prod, Dockerfile will generate a random string and place it in /code/.sk
+try:
+    with open('/code/.sk') as f:
+        app.config['SECRET_KEY'] = f.read()
+except Exception:
+    app.config['SECRET_KEY'] = b'my_insecure_PA_token_with_random_2134876adsfjhlkasdf87'
+
+print(app.config['SECRET_KEY'])
 
 # ldap config vars: (the last one is required, or python ldap freaks out)
 app.config['LDAP_HOST'] = 'mara.ddp.net'
@@ -55,7 +62,7 @@ Compress(app)
 
 
 ################################# Now, import separated class files ###################################
-from ai import aistats
+from ai import ai_stats
 from files import Entry
 from person import Person
 from settings import Settings