diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
deleted file mode 100644
index 36b418e58..000000000
--- a/config/initializers/secret_token.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-Zammad::Application.config.secret_token = '7e2713d027d0cd980171f483a37bff6304f7e994f07f337b6130fec20c2e9c8f8093a9fc70128f13fe9d006f7f785064c8e612e92c6171cb35ba675b626f633d'
diff --git a/config/secrets.yml b/config/secrets.yml
new file mode 100644
index 000000000..39df6a8fa
--- /dev/null
+++ b/config/secrets.yml
@@ -0,0 +1,8 @@
+development:
+  secret_key_base: secret_key_base_is_not_used
+
+test:
+  secret_key_base: secret_key_base_is_not_used
+
+production:
+  secret_key_base: secret_key_base_is_not_used