diff --git a/config/config.exs b/config/config.exs
index b66c2c7..65de43d 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -1,27 +1,29 @@
 # This file is responsible for configuring your application
 # and its dependencies with the aid of the Mix.Config module.
 #
 # This configuration file is loaded before any dependency and
 # is restricted to this project.
 use Mix.Config
 
 # General application configuration
 config :kolab_chat,
-  ecto_repos: [KolabChat.Repo]
+  ecto_repos: [KolabChat.Repo],
+  salts: [session_signing: "M7HpCp6W",
+          session_encryption: nil]
 
 # Configures the endpoint
 config :kolab_chat, KolabChat.Endpoint,
   url: [host: "localhost"],
   secret_key_base: "XCVqlNuOTjBK3GB4lPKKdoTk9149ftPIJmytpQnYxI4qpGwjJbR47bYdzOAggBii",
   render_errors: [view: KolabChat.ErrorView, accepts: ~w(html json)],
   pubsub: [name: KolabChat.PubSub,
            adapter: Phoenix.PubSub.PG2]
 
 # Configures Elixir's Logger
 config :logger, :console,
   format: "$time $metadata[$level] $message\n",
   metadata: [:request_id]
 
 # Import environment specific config. This must remain at the bottom
 # of this file so it overrides the configuration defined above.
 import_config "#{Mix.env}.exs"
diff --git a/lib/kolab_chat/endpoint.ex b/lib/kolab_chat/endpoint.ex
index 413b77c..aca8631 100644
--- a/lib/kolab_chat/endpoint.ex
+++ b/lib/kolab_chat/endpoint.ex
@@ -1,42 +1,43 @@
 defmodule KolabChat.Endpoint do
   use Phoenix.Endpoint, otp_app: :kolab_chat
 
   socket "/socket", KolabChat.UserSocket
 
   # Serve at "/" the static files from "priv/static" directory.
   #
   # You should set gzip to true if you are running phoenix.digest
   # when deploying your static files in production.
   plug Plug.Static,
     at: "/", from: :kolab_chat, gzip: false,
     only: ~w(css fonts images js favicon.ico robots.txt)
 
   # Code reloading can be explicitly enabled under the
   # :code_reloader configuration of your endpoint.
   if code_reloading? do
     socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
     plug Phoenix.LiveReloader
     plug Phoenix.CodeReloader
   end
 
   plug Plug.RequestId
   plug Plug.Logger
 
   plug Plug.Parsers,
     parsers: [:urlencoded, :multipart, :json],
     pass: ["*/*"],
     json_decoder: Poison
 
   plug Plug.MethodOverride
   plug Plug.Head
 
   # The session will be stored in the cookie and signed,
   # this means its contents can be read but not tampered with.
   # Set :encryption_salt if you would also like to encrypt it.
   plug Plug.Session,
     store: :cookie,
     key: "_kolab_chat_key",
-    signing_salt: "M7HpCp6W"
+    signing_salt: Keyword.get(Application.get_env(:kolab_chat, :salts), :session_signing),
+    encryption_salt: Keyword.get(Application.get_env(:kolab_chat, :salts), :session_encryption)
 
   plug KolabChat.Router
 end