diff --git a/backend/.env.dist b/backend/.env.dist
index 3ac50ac9b..98cf23263 100644
--- a/backend/.env.dist
+++ b/backend/.env.dist
@@ -18,4 +18,6 @@ DB_DATABASE=gradido_community
 COMMUNITY_NAME=
 COMMUNITY_URL=
 COMMUNITY_REGISTER_URL=
-COMMUNITY_DESCRIPTION=
\ No newline at end of file
+COMMUNITY_DESCRIPTION=
+LOGIN_APP_SECRET=21ffbbc616fe
+LOGIN_SERVER_KEY=a51ef8ac7ef1abf162fb7a65261acd7a
\ No newline at end of file
diff --git a/backend/src/config/index.ts b/backend/src/config/index.ts
index 7de498f85..a5413b741 100644
--- a/backend/src/config/index.ts
+++ b/backend/src/config/index.ts
@@ -39,9 +39,14 @@ const community = {
     process.env.COMMUNITY_DESCRIPTION || 'Die lokale Entwicklungsumgebung von Gradido.',
 }
 
+const loginServer = {
+  LOGIN_APP_SECRET: process.env.LOGIN_APP_SECRET || '21ffbbc616fe',
+  LOGIN_SERVER_KEY: process.env.LOGIN_SERVER_KEY || 'a51ef8ac7ef1abf162fb7a65261acd7a',
+}
+
 // This is needed by graphql-directive-auth
 process.env.APP_SECRET = server.JWT_SECRET
 
-const CONFIG = { ...server, ...database, ...klicktipp, ...community }
+const CONFIG = { ...server, ...database, ...klicktipp, ...community, ...loginServer }
 
 export default CONFIG
diff --git a/backend/src/graphql/resolver/UserResolver.ts b/backend/src/graphql/resolver/UserResolver.ts
index 7e0db4791..1cabc49bd 100644
--- a/backend/src/graphql/resolver/UserResolver.ts
+++ b/backend/src/graphql/resolver/UserResolver.ts
@@ -142,9 +142,9 @@ const KeyPairEd25519Create = (passphrase: string[]): Buffer[] => {
 
 const SecretKeyCryptographyCreateKey = (salt: string, password: string): Buffer[] => {
   // TODO: put that in the actual config
-  const configCryptoAppSecret = Buffer.from('21ffbbc616fe', 'hex')
-  const configCryptoServerKey = Buffer.from('a51ef8ac7ef1abf162fb7a65261acd7a', 'hex')
-  if (configCryptoServerKey.length !== sodium.crypto_shorthash_KEYBYTES) {
+  const configLoginAppSecret = Buffer.from(CONFIG.LOGIN_APP_SECRET, 'hex')
+  const configLoginServerKey = Buffer.from(CONFIG.LOGIN_SERVER_KEY, 'hex')
+  if (configLoginServerKey.length !== sodium.crypto_shorthash_KEYBYTES) {
     throw new Error(
       `ServerKey has an invalid size. The size must be ${sodium.crypto_shorthash_KEYBYTES} bytes.`,
     )
@@ -153,7 +153,7 @@ const SecretKeyCryptographyCreateKey = (salt: string, password: string): Buffer[
   const state = Buffer.alloc(sodium.crypto_hash_sha512_STATEBYTES)
   sodium.crypto_hash_sha512_init(state)
   sodium.crypto_hash_sha512_update(state, Buffer.from(salt))
-  sodium.crypto_hash_sha512_update(state, Buffer.from(configCryptoAppSecret))
+  sodium.crypto_hash_sha512_update(state, configLoginAppSecret)
   const hash = Buffer.alloc(sodium.crypto_hash_sha512_BYTES)
   sodium.crypto_hash_sha512_final(state, hash)
 
@@ -171,7 +171,7 @@ const SecretKeyCryptographyCreateKey = (salt: string, password: string): Buffer[
   )
 
   const encryptionKeyHash = Buffer.alloc(sodium.crypto_shorthash_BYTES)
-  sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configCryptoServerKey)
+  sodium.crypto_shorthash(encryptionKeyHash, encryptionKey, configLoginServerKey)
 
   return [encryptionKeyHash, encryptionKey]
 }