diff --git a/hooks/conf_regen/01-yunohost b/hooks/conf_regen/01-yunohost
index 4d53997a5..4f934db76 100755
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@@ -57,6 +57,12 @@ do_init_regen() {
     chmod 700 /var/cache/yunohost
 
     getent passwd ynh-portal &>/dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group ynh-portal
+    if [ ! -e /etc/yunohost/.ssowat_cookie_secret ]; then
+        # NB: we need this to be exactly 32 char long, because it is later used as a key for AES256
+        dd if=/dev/urandom bs=1 count=1000 2>/dev/null | tr --complement --delete 'A-Za-z0-9' | head -c 32 > /etc/yunohost/.ssowat_cookie_secret
+    fi
+    chown ynh-portal:root /etc/yunohost/.ssowat_cookie_secret
+    chmod 400 /etc/yunohost/.ssowat_cookie_secret
 
     cp yunohost-api.service /etc/systemd/system/yunohost-api.service
     cp yunohost-portal-api.service /etc/systemd/system/yunohost-portal-api.service
@@ -68,6 +74,8 @@ do_init_regen() {
     systemctl enable yunohost-api.service --quiet
     systemctl start yunohost-api.service
 
+
+
     systemctl enable yunohost-portal-api.service
     systemctl start yunohost-portal-api.service