diff --git a/etc/rpc_deploy/user_variables.yml b/etc/rpc_deploy/user_variables.yml
index 45765a3770..f5ba1d4e28 100644
--- a/etc/rpc_deploy/user_variables.yml
+++ b/etc/rpc_deploy/user_variables.yml
@@ -83,7 +83,7 @@ heat_cfn_service_password:
 
 ## Horizon Options
 horizon_container_mysql_password:
-
+horizon_secret_key:
 
 ## MaaS Options
 # Set maas_auth_method to 'token' to use maas_auth_token/maas_api_url
diff --git a/rpc_deployment/roles/horizon_common/templates/local_settings.py b/rpc_deployment/roles/horizon_common/templates/local_settings.py
index 27f8bc2261..2a5139d13a 100644
--- a/rpc_deployment/roles/horizon_common/templates/local_settings.py
+++ b/rpc_deployment/roles/horizon_common/templates/local_settings.py
@@ -94,8 +94,12 @@ LOCAL_PATH = os.path.dirname(os.path.abspath(__file__))
 # behind a load-balancer). Either you have to make sure that a session gets all
 # requests routed to the same dashboard instance or you set the same SECRET_KEY
 # for all of them.
+{% if horizon_secret_key %}
+SECRET_KEY = "{{ horizon_secret_key }}"
+{% else %}
 from horizon.utils import secret_key
 SECRET_KEY = secret_key.generate_or_read_from_file('/var/lib/horizon/.secret_key_store')
+{% endif %}
 
 # We recommend you use memcached for development; otherwise after every reload
 # of the django development server, you will have to login again. To use