diff --git a/machines/dev/fedi201/fedipanel.nix b/machines/dev/fedi201/fedipanel.nix
index 5c4236fc..763cdb09 100644
--- a/machines/dev/fedi201/fedipanel.nix
+++ b/machines/dev/fedi201/fedipanel.nix
@@ -37,9 +37,7 @@ in
     enable = true;
     production = true;
     domain = "demo.fediversity.eu";
-    secrets = {
-      SECRET_KEY = config.age.secrets.panel-secret-key.path;
-    };
+    secrets = { };
     port = 8000;
   };
 }
diff --git a/panel/default.nix b/panel/default.nix
index c6749611..015b1b03 100644
--- a/panel/default.nix
+++ b/panel/default.nix
@@ -41,7 +41,6 @@ in
       # in production, secrets are passed via CREDENTIALS_DIRECTORY by systemd.
       # use this directory for testing with local secrets
       mkdir -p $CREDENTIALS_DIRECTORY
-      echo secret > ${builtins.toString ./.credentials}/SECRET_KEY
     '';
   };
 
diff --git a/panel/nix/tests.nix b/panel/nix/tests.nix
index e76eaed0..b588b6b4 100644
--- a/panel/nix/tests.nix
+++ b/panel/nix/tests.nix
@@ -10,9 +10,7 @@ let
       production = false;
       restart = "no";
       domain = "example.com";
-      secrets = {
-        SECRET_KEY = pkgs.writeText "SECRET_KEY" "secret";
-      };
+      secrets = { };
       nixops4Package = pkgs.hello; # FIXME: actually pass NixOps4
     };
 
diff --git a/panel/src/panel/settings.py b/panel/src/panel/settings.py
index d613e0ec..ec314e4b 100644
--- a/panel/src/panel/settings.py
+++ b/panel/src/panel/settings.py
@@ -41,9 +41,6 @@ def get_secret(name: str, encoding: str = "utf-8") -> str:
 
     return secret
 
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = get_secret("SECRET_KEY")
-
 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = True