diff --git a/.env.sample b/.env.sample
index 31e1ab1..256bd99 100644
--- a/.env.sample
+++ b/.env.sample
@@ -7,7 +7,7 @@ LETS_ENCRYPT_ENV=production
 #==============================================================================
 SECRET_SECRET_KEY_VERSION=v1
 SECRET_DB_PASSWORD_VERSION=v1
-SECRET_CRYPTO_KEY_VERSION=v1
+CRYPTO_KEY_VERSION=v1 # This secret is managed in the entrypoint, not as a docker secret
 
 #==============================================================================
 # ADMINISTRATION
diff --git a/abra.sh b/abra.sh
index 3797c79..b88d2d2 100644
--- a/abra.sh
+++ b/abra.sh
@@ -40,13 +40,4 @@ setup_db() {
     fi
 
     echo "Database setup complete. <3"
-}
-
-gen_key() {
-    file_env "DB_PASSWORD"
-    file_env "CRYPTO_KEY"
-    file_env "SECRET_KEY"
-    file_env "LDAP_BIND_PASSWORD"
-
-    flask cryptokey create
 }
\ No newline at end of file
diff --git a/compose.yml b/compose.yml
index 984ffe7..ee58cfa 100644
--- a/compose.yml
+++ b/compose.yml
@@ -59,7 +59,6 @@ services:
       - ROOT_USER=${ADMIN_USER}
       - TMP_DIR=/tmp
       - SECRET_KEY_FILE=/run/secrets/secret_key
-      - CRYPTO_KEY_FILE=/run/secrets/crypto_key
       - SESSION_TYPE=filesystem
       - LOG_LEVEL=INFO
       - LOG_DIR=/app/logs
@@ -96,6 +95,7 @@ services:
       - uploads:/app/uploads
       - log:/app/logs
       - static:/app/liberaforms/static
+      - cryptokey:/cryptokey
     secrets:
       - db_password
       - secret_key
@@ -137,15 +137,13 @@ secrets:
   secret_key:
     external: true
     name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
-  crypto_key:
-    external: true
-    name: ${STACK_NAME}_crypto_key_${SECRET_CRYPTO_KEY_VERSION}
 
 volumes:
   uploads:
   static:
   log:
   db:
+  cryptokey:
 
 
 networks:
diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl
index 10ec38a..7460b02 100644
--- a/entrypoint.sh.tmpl
+++ b/entrypoint.sh.tmpl
@@ -25,8 +25,12 @@ file_env() {
 }
 
 file_env "DB_PASSWORD"
-file_env "CRYPTO_KEY"
 file_env "SECRET_KEY"
 file_env "LDAP_BIND_PASSWORD"
 
+if [ ! -f "/cryptokey/$CRYPTO_KEY_VERSION" ]; then
+   flask cryptokey create > /cryptokey/$CRYPTO_KEY_VERSION
+fi
+export CRYPTO_KEY=`cat /cryptokey/$CRYPTO_KEY_VERSION`
+
 /usr/bin/supervisord -n
\ No newline at end of file