diff --git a/.env b/.env
index ce6a8a5..e0004e5 100644
--- a/.env
+++ b/.env
@@ -7,6 +7,7 @@ RAILS_ENV=production
 
 # App secret for cookie encryption, blank is random
 APP_SECRET=
+APP_SECRET_KEY_BASE=
 
 # FIXME: This doesn't really belong here
 # Find a better solution. Since nginx needs all these variables for envsubst
@@ -76,4 +77,7 @@ NEW_RELIC_LICENSE_KEY=
 # Google calendar
 GOOGLE_API_KEY=
 GOOGLE_CALENDAR_ID=
-GOOGLE_CALENDAR=enabled
\ No newline at end of file
+GOOGLE_CALENDAR=enabled
+
+# Steam web api key
+STEAM_WEB_API_KEY=
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 1c3f738..011733d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,6 +26,9 @@ db/initdb.d/*
 !db/initdb.d/.placeholder
 !db/initdb.d/*setup*.sql
 
+# secrets
+**/*secrets*.yml
+
 # ignore dkim keys
 dkim
 ext/dkim
diff --git a/config/initializers/secret_token.rb b/config/initializers/secret_token.rb
deleted file mode 100644
index 9392d9d..0000000
--- a/config/initializers/secret_token.rb
+++ /dev/null
@@ -1,12 +0,0 @@
-# Be sure to restart your server when you modify this file.
-
-# Your secret key is used for verifying the integrity of signed cookies.
-# If you change this key, all old signed cookies will become invalid!
-
-# Make sure the secret is at least 30 characters and all random,
-# no regular words or you'll be exposed to dictionary attacks.
-# You can use `rake secret` to generate a secure secret key.
-
-# Make sure your secret_key_base is kept private
-# if you're sharing your code publicly.
-Ensl::Application.config.secret_key_base = '356eee0f950cf925a0c1cbc8f15c1dfddc337a55f177388056906aea7de379f8bc5155e3f8a9d6d716f708b74f912305fc3276d4f290bdf66eadf56a61679c4c'