diff --git a/libadlin/secret.go b/libadlin/secret.go
index 07ef16d..08a1d10 100644
--- a/libadlin/secret.go
+++ b/libadlin/secret.go
@@ -1,3 +1,3 @@
 package adlin
 
-var SharedSecret string
+var SharedSecret string = "adelina"
diff --git a/pkg/login-validator/cmd/login.go b/pkg/login-validator/cmd/login.go
index e45c36f..c95ceed 100644
--- a/pkg/login-validator/cmd/login.go
+++ b/pkg/login-validator/cmd/login.go
@@ -16,7 +16,7 @@ import (
 )
 
 var (
-	loginSalt string
+	loginSalt string = "adelina"
 	justLogin bool
 )
 
diff --git a/pkg/login-validator/cmd/main.go b/pkg/login-validator/cmd/main.go
index 93f4bc7..eed5f9d 100644
--- a/pkg/login-validator/cmd/main.go
+++ b/pkg/login-validator/cmd/main.go
@@ -18,13 +18,17 @@ var tftpDir string
 func main() {
 	var studentsFile string
 
+	if v, exists := os.LookupEnv("ADLIN_SHARED_SECRET"); exists {
+		loginSalt = v
+	}
+
 	flag.BoolVar(&justLogin, "just-login", justLogin, "Don't perform MAC assignation and remote registration")
 
 	var bind = flag.String("bind", ":8081", "Bind port/socket")
 	flag.StringVar(&studentsFile, "students", "./students.csv", "Path to a CSV file containing students list")
 	flag.StringVar(&ARPTable, "arp", ARPTable, "Path to ARP table")
 	flag.StringVar(&tftpDir, "tftpdir", "/var/tftp/", "Path to TFTPd directory")
-	flag.StringVar(&loginSalt, "loginsalt", "adelina", "secret used in login HMAC")
+	flag.StringVar(&loginSalt, "loginsalt", loginSalt, "secret used in login HMAC")
 
 	var auth = flag.String("auth", "none", "Auth method: none, fwd, ldap, krb5")
 
diff --git a/token-validator/main.go b/token-validator/main.go
index 1ad21bd..cf1b8cb 100644
--- a/token-validator/main.go
+++ b/token-validator/main.go
@@ -73,6 +73,9 @@ func main() {
 	if v, exists := os.LookupEnv("ADLIN_TSIG_SECRET"); exists {
 		tsigSecret = v
 	}
+	if v, exists := os.LookupEnv("ADLIN_SHARED_SECRET"); exists {
+		adlin.SharedSecret = v
+	}
 	if v, exists := os.LookupEnv("ADLIN_COLLECTOR_SECRET"); !exists {
 		log.Fatal("Please define ADLIN_COLLECTOR_SECRET environment variable")
 	} else if t, err := base64.StdEncoding.DecodeString(v); err != nil {
@@ -84,7 +87,7 @@ func main() {
 	var bind = flag.String("bind", ":8081", "Bind port/socket")
 	var dsn = flag.String("dsn", adlin.DSNGenerator(), "DSN to connect to the MySQL server")
 	flag.StringVar(&baseURL, "baseurl", baseURL, "URL prepended to each URL")
-	flag.StringVar(&adlin.SharedSecret, "sharedsecret", "adelina", "secret used to communicate with remote validator")
+	flag.StringVar(&adlin.SharedSecret, "sharedsecret", adlin.SharedSecret, "secret used to communicate with remote validator")
 	flag.StringVar(&AuthorizedKeysLocation, "authorizedkeyslocation", AuthorizedKeysLocation, "File for allowing user to SSH to the machine")
 	flag.StringVar(&SshPiperLocation, "sshPiperLocation", SshPiperLocation, "Directory containing directories for sshpiperd")
 	flag.StringVar(&ControlSocket, "ns-host", ControlSocket, "Host:port of the nameserver to use")