diff --git a/.env.example b/.env.example
index 335dc4e..e99ee0f 100644
--- a/.env.example
+++ b/.env.example
@@ -1 +1,2 @@
-DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
\ No newline at end of file
+DATABASE_URL=postgresql://postgres:postgres@localhost:5432/postgres
+SECRET=
\ No newline at end of file
diff --git a/src/server/server.ts b/src/server/server.ts
index 0268cb1..0fa76d1 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -8,6 +8,10 @@ import { fromZodError } from 'zod-validation-error';
 import { addition } from '../utils/addition';
 import { logger } from '../utils/logger';
 
+if (!process.env.SECRET) {
+  throw new Error('SECRET environment variable is required');
+}
+
 const limiter = rateLimit({
   windowMs: 10 * 60 * 1000,
   max: 50,
@@ -22,7 +26,7 @@ server.disable('x-powered-by');
 server.set('trust proxy', 1);
 server.use(
   session({
-    secret: 's3Cur3',
+    secret: process.env.SECRET,
     name: 'sessionId'
   })
 );