diff --git a/api/libretime_api/settings/prod.py b/api/libretime_api/settings/prod.py
index 2d8e0741c..b2409e311 100644
--- a/api/libretime_api/settings/prod.py
+++ b/api/libretime_api/settings/prod.py
@@ -1,5 +1,4 @@
 from os import getenv
-from warnings import warn
 
 # pylint: disable=unused-import
 from ._internal import (
@@ -25,15 +24,7 @@ LIBRETIME_CONFIG_FILEPATH = getenv("LIBRETIME_CONFIG_FILEPATH")
 
 CONFIG = Config(LIBRETIME_CONFIG_FILEPATH)  # type: ignore[arg-type, misc]
 
-if CONFIG.general.secret_key is None:
-    warn(
-        "The [general.secret_key] configuration field is not set but will be required "
-        "in the next major release. Using [general.api_key] as fallback.",
-        FutureWarning,
-    )
-    SECRET_KEY = CONFIG.general.api_key
-else:
-    SECRET_KEY = CONFIG.general.secret_key
+SECRET_KEY = CONFIG.general.secret_key
 
 ALLOWED_HOSTS = ["*"]
 
diff --git a/docker/config.template.yml b/docker/config.template.yml
index 5cb702734..ff3ed7824 100644
--- a/docker/config.template.yml
+++ b/docker/config.template.yml
@@ -7,9 +7,8 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key:
-  # The Django API secret key. If not defined, the value of [general.api_key] will be
-  # used as fallback.
-  # > this field will be REQUIRED starting with LibreTime 4.0.0
+  # The Django API secret key.
+  # > this field is REQUIRED
   secret_key:
 
   # List of origins allowed to access resources on the server, the public url
diff --git a/docker/config.yml b/docker/config.yml
index 27892d0c5..e7d14253d 100644
--- a/docker/config.yml
+++ b/docker/config.yml
@@ -7,9 +7,8 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key:
-  # The Django API secret key. If not defined, the value of [general.api_key] will be
-  # used as fallback.
-  # > this field will be REQUIRED starting with LibreTime 4.0.0
+  # The Django API secret key.
+  # > this field is REQUIRED
   secret_key:
 
   # List of origins allowed to access resources on the server, the public url
diff --git a/docker/example/config.yml b/docker/example/config.yml
index f5020f1b3..f0c3adbae 100644
--- a/docker/example/config.yml
+++ b/docker/example/config.yml
@@ -7,9 +7,8 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key: some_secret_api_key
-  # The Django API secret key. If not defined, the value of [general.api_key] will be
-  # used as fallback.
-  # > this field will be REQUIRED starting with LibreTime 4.0.0
+  # The Django API secret key.
+  # > this field is REQUIRED
   secret_key:
 
   # List of origins allowed to access resources on the server, the public url
diff --git a/docs/admin-manual/configuration.md b/docs/admin-manual/configuration.md
index faa017f5b..814f2f15f 100644
--- a/docs/admin-manual/configuration.md
+++ b/docs/admin-manual/configuration.md
@@ -42,8 +42,8 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key: "some_random_generated_secret!"
-  # The Django API secret key. If not defined, the value of [general.api_key] will be
-  # used as fallback.
+  # The Django API secret key.
+  # > this field is REQUIRED
   secret_key: "some_random_generated_secret!"
 
   # List of origins allowed to access resources on the server,
diff --git a/docs/releases/unreleased.md b/docs/releases/unreleased.md
index 18bad9f26..d9047d6fb 100644
--- a/docs/releases/unreleased.md
+++ b/docs/releases/unreleased.md
@@ -26,6 +26,10 @@ Please follow this **before the upgrade procedure**.
 
 ## :arrow_up: Upgrading
 
+### The `general.secret_key` configuration field is required
+
+The `general.secret_key` field in the [configuration file](../admin-manual/configuration.md#general) is now **required**, to prevent reusing the `general.api_key` for cryptographic usage.
+
 ## :warning: Known issues
 
 The following issues may need a workaround for the time being. Please search the [issues](https://github.com/libretime/libretime/issues) before reporting problems not listed below.
diff --git a/installer/config.yml b/installer/config.yml
index 69940446c..9f1bff193 100644
--- a/installer/config.yml
+++ b/installer/config.yml
@@ -7,9 +7,8 @@ general:
   # The internal API authentication key.
   # > this field is REQUIRED
   api_key:
-  # The Django API secret key. If not defined, the value of [general.api_key] will be
-  # used as fallback.
-  # > this field will be REQUIRED starting with LibreTime 4.0.0
+  # The Django API secret key.
+  # > this field is REQUIRED
   secret_key:
 
   # List of origins allowed to access resources on the server, the public url
diff --git a/legacy/application/configs/conf.php b/legacy/application/configs/conf.php
index 42fa9002a..0e18355e9 100644
--- a/legacy/application/configs/conf.php
+++ b/legacy/application/configs/conf.php
@@ -35,7 +35,7 @@ class Schema implements ConfigurationInterface
             ->arrayNode('general')->addDefaultsIfNotSet()->children()
             /**/->scalarNode('public_url')->cannotBeEmpty()->end()
             /**/->scalarNode('api_key')->cannotBeEmpty()->end()
-            /**/->scalarNode('secret_key')->end()
+            /**/->scalarNode('secret_key')->cannotBeEmpty()->end()
             /**/->arrayNode('allowed_cors_origins')->scalarPrototype()->defaultValue([])->end()->end()
             /**/->scalarNode('timezone')->cannotBeEmpty()->defaultValue("UTC")
             /*  */->validate()->ifNotInArray(DateTimeZone::listIdentifiers())
diff --git a/playout/tests/conftest.py b/playout/tests/conftest.py
index cb30a3d62..de868374c 100644
--- a/playout/tests/conftest.py
+++ b/playout/tests/conftest.py
@@ -10,6 +10,7 @@ def config():
             "general": {
                 "public_url": "http://localhost:8080",
                 "api_key": "some_api_key",
+                "secret_key": "some_secret_key",
             },
             "stream": {
                 "outputs": {
diff --git a/playout/tests/liquidsoap/fixtures/__init__.py b/playout/tests/liquidsoap/fixtures/__init__.py
index 1675bbbb3..c12166fa8 100644
--- a/playout/tests/liquidsoap/fixtures/__init__.py
+++ b/playout/tests/liquidsoap/fixtures/__init__.py
@@ -9,6 +9,7 @@ def make_config(**kwargs) -> Config:
             "general": {
                 "public_url": "http://localhost:8080",
                 "api_key": "some_api_key",
+                "secret_key": "some_secret_key",
             },
             **kwargs,
         }
diff --git a/shared/libretime_shared/config/_models.py b/shared/libretime_shared/config/_models.py
index 51a5961f5..737e5b30f 100644
--- a/shared/libretime_shared/config/_models.py
+++ b/shared/libretime_shared/config/_models.py
@@ -21,7 +21,7 @@ else:
 class GeneralConfig(BaseModel):
     public_url: AnyHttpUrlStr
     api_key: str
-    secret_key: Optional[str] = None
+    secret_key: str
 
     timezone: str = "UTC"
 
diff --git a/shared/tests/config/models_test.py b/shared/tests/config/models_test.py
index 37731e992..3bb4ee2b8 100644
--- a/shared/tests/config/models_test.py
+++ b/shared/tests/config/models_test.py
@@ -15,6 +15,7 @@ def test_general_config_timezone():
     defaults = {
         "public_url": "http://localhost:8080",
         "api_key": "api_key",
+        "secret_key": "secret_key",
     }
     GeneralConfig(**defaults, timezone="UTC")
     GeneralConfig(**defaults, timezone="Europe/Berlin")