3 files changed, 3 insertions, 0 deletions

diff --git a/provider_base/services/webapp.json b/provider_base/services/webapp.json
index 064d5b1a..ede3bf66 100644
--- a/provider_base/services/webapp.json
+++ b/provider_base/services/webapp.json
@@ -23,6 +23,7 @@
     "invite_required": "= provider.enrollment_policy == 'invite'",
     "default_service_level": "= provider.service.default_service_level",
     "service_levels": "= service_levels()",
+    "secret_key_base": "= secret :webapp_secret_key_base",
     "secret_token": "= secret :webapp_secret_token",
     "api_version": 1,
     "secure": false,
diff --git a/puppet/modules/site_webapp/manifests/init.pp b/puppet/modules/site_webapp/manifests/init.pp
index 1ae80012..deb8e8c8 100644
--- a/puppet/modules/site_webapp/manifests/init.pp
+++ b/puppet/modules/site_webapp/manifests/init.pp
@@ -10,6 +10,7 @@ class site_webapp {
   $provider_domain  = $node_domain['full_suffix']
   $webapp           = hiera('webapp')
   $api_version      = $webapp['api_version']
+  $secret_key_base  = $webapp['secret_key_base']
   $secret_token     = $webapp['secret_token']
   $tor              = hiera('tor', false)
   $sources          = hiera('sources')
diff --git a/puppet/modules/site_webapp/templates/config.yml.erb b/puppet/modules/site_webapp/templates/config.yml.erb
index dd55d3e9..1a802f4c 100644
--- a/puppet/modules/site_webapp/templates/config.yml.erb
+++ b/puppet/modules/site_webapp/templates/config.yml.erb
@@ -8,6 +8,7 @@ production = {
   "force_ssl" => @webapp['secure'],
   "client_ca_key" => "%s/%s.key" % [scope.lookupvar('x509::variables::keys'), scope.lookupvar('site_config::params::client_ca_name')],
   "client_ca_cert" => "%s/%s.crt" % [scope.lookupvar('x509::variables::local_CAs'), scope.lookupvar('site_config::params::client_ca_name')],
+  "secret_key_base" => @secret_key_base,
   "secret_token" => @secret_token,
   "client_cert_lifespan" => cert_options['life_span'],
   "client_cert_bit_size" => cert_options['bit_size'].to_i,