diff --git a/README.md b/README.md
index a68d990..9a7026d 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,7 @@ As usual in Hubot, you can add all config as environment variables.
 | `KREDITS_PROVIDER_URL` | Ethereum JSON-RPC URL (default: `http://localhost:7545`) |
 | `KREDITS_WEB_URL` | URL of the Kredits Web app (default: `https://kredits.kosmos.org`) |
 | `KREDITS_DAO_ADDRESS` | DAO Kernel address |
+| `SESSION_SECRET` | Secret used to sign the Session ID |
 
 ## Integrations
 
diff --git a/integrations/github.js b/integrations/github.js
index 30b9b37..d94903a 100644
--- a/integrations/github.js
+++ b/integrations/github.js
@@ -198,7 +198,7 @@ module.exports = async function(robot, kredits) {
       }
     };
 
-    robot.router.use(session({secret: 'grant'}));
+    robot.router.use(session({ secret: process.env.SESSION_SECRET || 'grant' }));
     robot.router.use('/kredits/signup', grant(grantConfig));
 
     robot.router.get('/kredits/signup/github', async (req, res) => {