diff --git a/config/email.go b/config/email.go
index 29b1983d..40a978a7 100644
--- a/config/email.go
+++ b/config/email.go
@@ -22,7 +22,4 @@ const (
 	EmailPort = 465
 	// EmailTimeout : Timeout for waiting server response
 	EmailTimeout = 10 * time.Second
-)
-
-// EmailTokenHashKey : /!\ Email hash for generating email activation token /!\
-var EmailTokenHashKey = []byte("CHANGE_THIS_BEFORE_DEPLOYING_YOU_GIT")
+)
\ No newline at end of file
diff --git a/config/tokens.go b/config/tokens.go
new file mode 100644
index 00000000..c1ad26a5
--- /dev/null
+++ b/config/tokens.go
@@ -0,0 +1,7 @@
+package config
+
+// EmailTokenHashKey : /!\ Email hash for generating email activation token /!\
+var EmailTokenHashKey = []byte("CHANGE_THIS_BEFORE_DEPLOYING_YOU_GIT")
+
+// CSRFTokenHashKey : /!\ CSRF hash for generating CSRF tokens /!\
+var CSRFTokenHashKey = []byte("CHANGE_THIS_BEFORE_DEPLOYING_YOU_GIT")
diff --git a/main.go b/main.go
index 965944bc..b9b79b04 100644
--- a/main.go
+++ b/main.go
@@ -33,9 +33,9 @@ func RunServer(conf *config.Config) {
 
 	// Please make EnableSecureCSRF to false when testing locally
 	if config.EnableSecureCSRF {
-		http.Handle("/", csrf.Protect([]byte("q8satbudwexfzh2j3m5n6p8r9satcvsd"))(router.Router))
+		http.Handle("/", csrf.Protect(config.CSRFTokenHashKey)(router.Router))
 	} else {
-		http.Handle("/", csrf.Protect([]byte("q8satbudwexfzh2j3m5n6p8r9satcvsd"), csrf.Secure(false))(router.Router))
+		http.Handle("/", csrf.Protect(config.CSRFTokenHashKey, csrf.Secure(false))(router.Router))
 	}
 	// Set up server,
 	srv := &http.Server{