2 files changed, 8 insertions, 1 deletions

diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 0288a0cd..69c015a6 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -11,7 +11,8 @@
     "client_certificates": "= global.provider.ca.client_certificates",
     "allow_limited_certs": "= global.provider.service.allow_limited_bandwidth",
     "allow_unlimited_certs": "= global.provider.service.allow_unlimited_bandwidth",
-    "allow_anonymous_certs": "= global.provider.service.allow_anonymous"
+    "allow_anonymous_certs": "= global.provider.service.allow_anonymous",
+    "secret_token": "= secret :webapp_secret_token"
   },
   "definition_files": {
     "provider": "= file :provider_json_template",
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index ec70a68d..1e6abe42 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -6,6 +6,7 @@ class site_webapp {
   $node_domain      = hiera('domain')
   $provider_domain  = $node_domain['full_suffix']
   $webapp           = hiera('webapp')
+  $secret_token     = $webapp['secret_token']
 
   Class[Ruby] -> Class[rubygems] -> Class[bundler::install]
 
@@ -111,6 +112,11 @@ class site_webapp {
       owner   => leap-webapp,
       group   => leap-webapp,
       mode    => '0600';
+
+    '/srv/leap-webapp/config/initializers/secret_token.rb':
+      content => "LeapWeb::Application.config.secret_token = '${secret_token}'\n",
+      owner   => leap-webapp, group => leap-webapp, mode => '0644',
+      notify => Service['apache'];
   }
 
   include site_shorewall::webapp