diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
deleted file mode 100644
index 8ebcc27d30..0000000000
--- a/config/initializers/secret_token.rb
+++ /dev/null
@@ -1,7 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-Growstuff::Application.config.secret_token = ENV['RAILS_SECRET_TOKEN'] || "this is not a real secret token but it's here to make life easier for developers"
diff --git a/config/secrets.yml b/config/secrets.yml
new file mode 100644
index 0000000000..4fc7f3b378
--- /dev/null
+++ b/config/secrets.yml
@@ -0,0 +1,17 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+
+development:
+  secret_key_base: 'b1b67abb399261478f4721e704eb3851466daf60d9cd2b53a1839b056d641c4c1c2a476bcaf7addc6d6548926cfd32fa5a00a8de258880257ebb5a6fd86cb08f'
+  # run 'rake secret' to generate your own
+ 
+test:
+  secret_key_base: 'be557aa019b181f201c9906663dbf8f22efb1b70b11f78035bfeda86aa7dcfd1efb184e2ee894a0ae0dc37fe67d311f38e7731fa16d8d595f2e1ef5447bae020'
+  # run 'rake secret' to generate your own
+ 
+production:
+  secret_key_base: <%= ENV["RAILS_SECRET_TOKEN"] %>