diff --git a/main.go b/main.go
index d88dd50..ca23bed 100644
--- a/main.go
+++ b/main.go
@@ -56,7 +56,11 @@ func main() {
 	}
 	nacl.SetServiceName("netradius")
 
-	srvr, err := radius.New(radius.WithLogger(appLogger), radius.WithNetAuth(nacl))
+	srvr, err := radius.New(
+		radius.WithLogger(appLogger),
+		radius.WithNetAuth(nacl),
+		radius.WithSecret(os.Getenv("NETAUTH_RADIUS_SECRET")),
+	)
 	if err != nil {
 		appLogger.Error("Error initializing", "error", err)
 		os.Exit(1)
diff --git a/radius/option.go b/radius/option.go
index c5a903d..cf05077 100644
--- a/radius/option.go
+++ b/radius/option.go
@@ -19,3 +19,11 @@ func WithNetAuth(n netauth) Option {
 		return nil
 	}
 }
+
+// WithSecret sets the RADIUS secret for the server.
+func WithSecret(scrt string) Option {
+	return func(s *Server) error {
+		s.secret = scrt
+		return nil
+	}
+}
diff --git a/radius/server.go b/radius/server.go
index 6b1e1b5..429f51f 100644
--- a/radius/server.go
+++ b/radius/server.go
@@ -42,7 +42,7 @@ func (s *Server) handler(w radius.ResponseWriter, r *radius.Request) {
 func (s *Server) Serve() error {
 	server := radius.PacketServer{
 		Handler:      radius.HandlerFunc(s.handler),
-		SecretSource: radius.StaticSecretSource([]byte("secret")),
+		SecretSource: radius.StaticSecretSource([]byte(s.secret)),
 	}
 	s.radsrv = server
 
diff --git a/radius/type.go b/radius/type.go
index f1fcc60..96c6e2b 100644
--- a/radius/type.go
+++ b/radius/type.go
@@ -13,6 +13,8 @@ type Server struct {
 	n   netauth
 
 	radsrv radius.PacketServer
+
+	secret string
 }
 
 // Option enables passing of various options to the server on startup.