diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 895ff85b52bc504ad640005eb498f26cba70735b..1737d6c7dbc924e361bc115404ec3328f77ea868 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -44,8 +44,8 @@ build:apt:
 db_migrations_updated:
   stage: test
   script:
-  - FLASK_APP=uffd flask db upgrade
-  - FLASK_APP=uffd flask db migrate 2>&1 | grep -q 'No changes in schema detected'
+  - FLASK_APP=uffd FLASK_ENV=testing flask db upgrade
+  - FLASK_APP=uffd FLASK_ENV=testing flask db migrate 2>&1 | grep -q 'No changes in schema detected'
 
 test_db_migrations:sqlite:
   stage: test
diff --git a/debian/postinst b/debian/postinst
index 7609f592065745c8bcc253fc499575ca3508efd0..79bc8e0c28da8f2a1a8ab62676c60510a9342e3b 100755
--- a/debian/postinst
+++ b/debian/postinst
@@ -13,8 +13,8 @@ case "$1" in
 		python3 <<EOF
 import secrets
 cfg = open('/etc/uffd/uffd.cfg', 'r').read()
-cfg = cfg.replace('\n#SECRET=autogenerated by postinst script\n',
-                  '\nSECRET="'+secrets.token_hex(128)+'"\n', 1)
+cfg = cfg.replace('\n#SECRET_KEY=autogenerated by postinst script\n',
+                  '\nSECRET_KEY="'+secrets.token_hex(128)+'"\n', 1)
 open('/etc/uffd/uffd.cfg', 'w').write(cfg)
 EOF
 		chown root:uffd /etc/uffd/uffd.cfg
diff --git a/debian/uffd.cfg b/debian/uffd.cfg
index 0bf9babff32506a49b221d4a46c4f1a51659a0d5..b61e2ea185b86624f6546d218099685888216723 100644
--- a/debian/uffd.cfg
+++ b/debian/uffd.cfg
@@ -1,3 +1,3 @@
 FLASK_ENV="production"
 SQLALCHEMY_DATABASE_URI="sqlite:////var/lib/uffd/db.sqlite"
-#SECRET=autogenerated by postinst script
+#SECRET_KEY=autogenerated by postinst script
diff --git a/uffd/__init__.py b/uffd/__init__.py
index 1769045a4b883de601d8afdb2d1f7600ca737b73..441501da9eebc0b1c7c8502aef9313be4fbc4a7c 100644
--- a/uffd/__init__.py
+++ b/uffd/__init__.py
@@ -40,16 +40,9 @@ def load_config_file(app, cfg_name, silent=False):
 		app.config.from_pyfile(cfg_path, silent=True)
 	return True
 
-def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-statements
-	# create and configure the app
-	app = Flask(__name__, instance_relative_config=False)
-	app.json_encoder = SQLAlchemyJSON
-
+def init_config(app: Flask, test_config):
 	# set development default config values
-	app.config.from_mapping(
-		SECRET_KEY=secrets.token_hex(128),
-		SQLALCHEMY_DATABASE_URI="sqlite:///{}".format(os.path.join(app.instance_path, 'uffd.sqlit3')),
-	)
+	app.config["SQLALCHEMY_DATABASE_URI"] = f"sqlite:///{os.path.join(app.instance_path, 'uffd.sqlit3')}"
 	app.config.from_pyfile('default_config.cfg')
 
 	# load config
@@ -64,6 +57,17 @@ def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-sta
 	# Prior to v1.1 login required ACL_SELFSERVICE_GROUP and ACL_ACCESS_GROUP did not exist
 	app.config.setdefault('ACL_ACCESS_GROUP', app.config['ACL_SELFSERVICE_GROUP'])
 
+	if app.env == "production" and app.secret_key is None:
+		raise Exception("SECRET_KEY not configured and we are running in production mode!")
+	app.config.setdefault("SECRET_KEY", secrets.token_hex(128))
+
+def create_app(test_config=None): # pylint: disable=too-many-locals,too-many-statements
+	# create and configure the app
+	app = Flask(__name__, instance_relative_config=False)
+	app.json_encoder = SQLAlchemyJSON
+
+	init_config(app, test_config)
+
 	register_template_helper(app)
 	setup_navbar(app)