diff --git a/docker-app/qfieldcloud/core/migrations/0058_secrets_migration.py b/docker-app/qfieldcloud/core/migrations/0058_secrets_migration.py
new file mode 100644
index 000000000..fc6b10023
--- /dev/null
+++ b/docker-app/qfieldcloud/core/migrations/0058_secrets_migration.py
@@ -0,0 +1,41 @@
+import os
+
+import django_cryptography.fields
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    def rotate_secret_from_old_to_new(apps, schema_editor):
+        Secret = apps.get_model("core", "Secret")
+
+        for secret in Secret.objects.all():
+            secret.value = secret.old_value
+            secret.save()
+
+    dependencies = [
+        ("core", "0057_auto_20220701_2140"),
+    ]
+
+    operations = [
+        migrations.RenameField(
+            model_name="secret",
+            old_name="value",
+            new_name="old_value",
+        ),
+        migrations.AddField(
+            model_name="secret",
+            name="value",
+            field=django_cryptography.fields.encrypt(
+                models.TextField(null=True),
+                key=os.environ.get("CRYPTOGRAPHY_KEY_20220612").encode(),
+            ),
+        ),
+        migrations.RunPython(
+            rotate_secret_from_old_to_new,
+            migrations.RunPython.noop,
+        ),
+        migrations.RemoveField(
+            model_name="secret",
+            name="old_value",
+        ),
+    ]
diff --git a/docker-app/qfieldcloud/core/models.py b/docker-app/qfieldcloud/core/models.py
index 46b284f8f..119b9ca65 100644
--- a/docker-app/qfieldcloud/core/models.py
+++ b/docker-app/qfieldcloud/core/models.py
@@ -1481,7 +1481,9 @@ class Type(models.TextChoices):
         User, on_delete=models.CASCADE, related_name="project_secrets"
     )
     created_at = models.DateTimeField(auto_now_add=True)
-    value = django_cryptography.fields.encrypt(models.TextField())
+    value = django_cryptography.fields.encrypt(
+        models.TextField(), key=os.environ.get("CRYPTOGRAPHY_KEY_20220612").encode()
+    )
 
     class Meta:
         ordering = ["project", "name"]
diff --git a/docker-compose.yml b/docker-compose.yml
index 2d187ef93..5a376e09c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -69,6 +69,7 @@ services:
       WEB_HTTP_PORT: ${WEB_HTTP_PORT}
       WEB_HTTPS_PORT: ${WEB_HTTPS_PORT}
       TRANSFORMATION_GRIDS_VOLUME_NAME: ${COMPOSE_PROJECT_NAME}_transformation_grids
+      CRYPTOGRAPHY_KEY_20220612: ${CRYPTOGRAPHY_KEY_20220612}
     depends_on:
       - redis
     logging: