diff --git a/.env.sample b/.env.sample
index 8308790..47ad531 100644
--- a/.env.sample
+++ b/.env.sample
@@ -9,6 +9,7 @@ DOMAIN=hedgedoc.example.com
 LETS_ENCRYPT_ENV=production
 
 SECRET_DB_PASSWORD_VERSION=v1
+SECRET_SESSION_SECRET_VERSION=v1
 
 COMPOSE_FILE="compose.yml"
 
diff --git a/compose.yml b/compose.yml
index 3cee36f..475c5fd 100644
--- a/compose.yml
+++ b/compose.yml
@@ -27,6 +27,7 @@ services:
       - CMD_DEFAULT_PERMISSION
       - CMD_EMAIL
       - CMD_SESSION_LIFE
+      - CMD_SESSION_SECRET_FILE=/run/secrets/session_secret
       - DOCUMENT_MAX_LENGTH
     depends_on:
       - db
@@ -37,6 +38,7 @@ services:
       - codimd_uploads:/hedgedoc/public/uploads
     secrets:
       - db_password
+      - session_secret
     entrypoint: /docker-entrypoint.sh
     configs:
       - source: entrypoint_conf
@@ -101,6 +103,9 @@ secrets:
   db_password:
     external: true
     name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
+  session_secret:
+    external: true
+    name: ${STACK_NAME}_session_secret_${SECRET_SESSION_SECRET_VERSION}
 networks:
   proxy:
     external: true