diff --git a/cli/configure.js b/cli/configure.js
index 8db0faac..95922f17 100644
--- a/cli/configure.js
+++ b/cli/configure.js
@@ -3,6 +3,7 @@ const fs = require('fs');
 const Path = require('path');
 const axios = require('axios');
 const ip = require('ip');
+const pwGenerator = require('generate-password');
 
 const mysqlQuestions = require(Path.resolve(__dirname, 'questions/mysqlQuestions.js'));
 const siteQuestions = require(Path.resolve(__dirname, 'questions/siteQuestions.js'));
@@ -12,11 +13,14 @@ let thumbnailChannelDefault = '@thumbnails';
 let thumbnailChannel = '';
 let thumbnailChannelId = '';
 
-const createConfigFile = (fileName, configObject) => {  // siteConfig.json , siteConfig
-  const fileLocation = Path.resolve(__dirname, `../site/config/${fileName}`);
+const createConfigFile = (fileName, configObject, topSecret) => {  // siteConfig.json , siteConfig
+  const fileLocation = topSecret
+    ? Path.resolve(__dirname, `../site/private/${fileName}`)
+    : Path.resolve(__dirname, `../site/config/${fileName}`);
+
   const fileContents = JSON.stringify(configObject, null, 2);
   fs.writeFileSync(fileLocation, fileContents, 'utf-8');
-  console.log(`Successfully created ./site/config/${fileName}\n`);
+  console.log(`Successfully created ${fileLocation}\n`);
 };
 
 // import existing configs or import the defaults
@@ -74,6 +78,27 @@ try {
   chainqueryConfig = require('./defaults/chainqueryConfig.json');
 }
 
+// authConfig
+let randSessionKey = pwGenerator.generate({
+  length : 20,
+  numbers: true,
+});
+
+let randMasterPass = pwGenerator.generate({
+  length : 20,
+  numbers: true,
+});
+
+let authConfig;
+try {
+  authConfig = require('../site/private/authConfig.json');
+} catch (error) {
+  authConfig = {
+    sessionKey    : randSessionKey,
+    masterPassword: randMasterPass,
+  };
+}
+
 // ask user questions and create config files
 inquirer
   .prompt(mysqlQuestions(mysqlDatabase, mysqlUsername, mysqlPassword))
@@ -204,11 +229,14 @@ inquirer
     createConfigFile('loggerConfig.json', loggerConfig);
     createConfigFile('slackConfig.json', slackConfig);
     createConfigFile('chainqueryConfig.json', chainqueryConfig);
+    createConfigFile('authConfig.json', authConfig, true);
   })
   .then(() => {
     console.log('\nYou\'re all done!');
-    console.log('Next step: run "npm run start" to build and start your server!');
-    console.log('If you want to change any settings, you can edit the files in the "/config" folder.');
+    console.log('\nIt\'s a good idea to BACK UP YOUR MASTER PASSWORD \nin "/site/private/authConfig.json" so that you don\'t lose \ncontrol of your channel.');
+
+    console.log('\nNext step: run "npm run start" to build and start your server!');
+    console.log('If you want to change any settings, you can edit the files in the "/site" folder.');
     process.exit(0);
   })
   .catch(error => {
diff --git a/package-lock.json b/package-lock.json
index 8963c5ae..1e2c54c5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -5703,6 +5703,11 @@
         "is-property": "^1.0.2"
       }
     },
+    "generate-password": {
+      "version": "1.4.1",
+      "resolved": "https://registry.npmjs.org/generate-password/-/generate-password-1.4.1.tgz",
+      "integrity": "sha512-MwMSkOIKkgYBG3JrquF0m/Rky+pl5jZFNmoroE9bQU5VawFDKdJfxMx1qBthPusx8GQyNWSW0m+Jaw0mZnqApg=="
+    },
     "generic-pool": {
       "version": "3.4.2",
       "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.4.2.tgz",
diff --git a/package.json b/package.json
index 8f066fae..5166e230 100644
--- a/package.json
+++ b/package.json
@@ -57,6 +57,7 @@
     "express": "^4.16.4",
     "express-handlebars": "^3.0.0",
     "express-http-context": "^1.2.0",
+    "generate-password": "^1.4.1",
     "get-video-dimensions": "^1.0.0",
     "helmet": "^3.15.0",
     "image-size": "^0.6.3",
diff --git a/server/controllers/api/user/password/index.js b/server/controllers/api/user/password/index.js
index 28fd146b..ddfb3f44 100644
--- a/server/controllers/api/user/password/index.js
+++ b/server/controllers/api/user/password/index.js
@@ -1,8 +1,7 @@
 const { handleErrorResponse } = require('../../../utils/errorHandlers.js');
 const logger = require('winston');
 const db = require('../../../../models');
-const { auth: { masterPassword } } = require('@config/siteConfig.json');
-
+const { masterPassword } = require('@private/authConfig.json');
 /*
 
   route to update a password
diff --git a/server/index.js b/server/index.js
index 72982647..8194d881 100644
--- a/server/index.js
+++ b/server/index.js
@@ -26,13 +26,14 @@ const {
 
 const {
   details: { port: PORT },
-  auth: { sessionKey },
   startup: {
     performChecks,
     performUpdates,
   },
 } = require('@config/siteConfig');
 
+const { sessionKey } = require('@private/authConfig.json');
+
 function Server () {
   this.initialize = () => {
     // configure logging
diff --git a/site/private/.gitkeep b/site/private/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/utils/createModuleAliases.js b/utils/createModuleAliases.js
index ca34d2e8..c77802e4 100644
--- a/utils/createModuleAliases.js
+++ b/utils/createModuleAliases.js
@@ -42,6 +42,7 @@ module.exports = () => {
 
   // aliases for configs
   moduleAliases['@config'] = resolve('site/config');
+  moduleAliases['@private'] = resolve('site/private');
 
   // create specific aliases for locally defined components in the following folders
   moduleAliases = addAliasesForCustomComponentFolder('containers', moduleAliases);