diff --git a/src/helpers/src/config.rs b/src/helpers/src/config.rs
index 8ef65aa..89d8a4a 100644
--- a/src/helpers/src/config.rs
+++ b/src/helpers/src/config.rs
@@ -6,6 +6,7 @@ pub const THEME_NAME: &str = "Orangutan";
 pub const DATA_FILE_EXTENSION: &str = "orangutan";
 pub const DEFAULT_PROFILE: &str = "_default";
 pub const ROOT_KEY_NAME: &'static str = "_biscuit_root";
+pub const COOKIE_KEY_ENV_VAR_NAME: &'static str = "COOKIE_ENCRYPTION_KEY";
 
 pub(super) const WEBSITE_DIR_NAME: &'static str = "website";
 
diff --git a/src/orangutan-server/src/main.rs b/src/orangutan-server/src/main.rs
index ac394e9..19e9b83 100644
--- a/src/orangutan-server/src/main.rs
+++ b/src/orangutan-server/src/main.rs
@@ -15,6 +15,7 @@ use axum::{
 };
 use axum_extra::extract::cookie::Key;
 use orangutan_helpers::{
+    config::COOKIE_KEY_ENV_VAR_NAME,
     generate::{self, *},
     website_id::WebsiteId,
 };
@@ -63,7 +64,13 @@ async fn main() -> ExitCode {
     let mut app_state = AppState {
         website_root,
         // FIXME: Use predefined key.
-        cookie_key: Key::generate(),
+        cookie_key: Key::from(
+            std::env::var(COOKIE_KEY_ENV_VAR_NAME)
+                .expect(&format!(
+                    "Environment variable '{COOKIE_KEY_ENV_VAR_NAME}' not defined."
+                ))
+                .as_bytes(),
+        ),
         #[cfg(feature = "templating")]
         tera: Default::default(),
     };