diff --git a/cms/settings.py b/cms/settings.py
index ed9ea32d..1e32df32 100644
--- a/cms/settings.py
+++ b/cms/settings.py
@@ -173,9 +173,29 @@ REST_FRAMEWORK = {
 
 
 # Set the SECRET_KEY env var in production. If unset, a fresh random key is
-# generated per process — safe but invalidates sessions and signed tokens on
-# every restart.
-SECRET_KEY = os.getenv("SECRET_KEY") or get_random_secret_key()
+# generated or read from a .secret_key file to ensure all workers share the same key.
+def get_secret_key():
+    key = os.getenv('SECRET_KEY')
+    if key:
+        return key
+
+    base_dir = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+    secret_path = os.path.join(base_dir, '.secret_key')
+
+    if os.path.exists(secret_path):
+        with open(secret_path) as f:
+            return f.read().strip()
+
+    key = get_random_secret_key()
+    try:
+        with open(secret_path, 'w') as f:
+            f.write(key)
+    except Exception:
+        pass
+    return key
+
+
+SECRET_KEY = get_secret_key()
 
 TEMP_DIRECTORY = "/tmp"  # Don't use a temp directory inside BASE_DIR!!!
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
diff --git a/cms/version.py b/cms/version.py
index f17675b4..509281d4 100644
--- a/cms/version.py
+++ b/cms/version.py
@@ -1 +1 @@
-VERSION = "8.0.3"
+VERSION = "8.0.4"
diff --git a/deploy/docker/local_settings.py b/deploy/docker/local_settings.py
index 0722859d..0e2a3274 100644
--- a/deploy/docker/local_settings.py
+++ b/deploy/docker/local_settings.py
@@ -1,10 +1,7 @@
 import os
 
-from django.core.management.utils import get_random_secret_key
-
 FRONTEND_HOST = os.getenv('FRONTEND_HOST', 'http://localhost')
 PORTAL_NAME = os.getenv('PORTAL_NAME', 'MediaCMS')
-SECRET_KEY = os.getenv('SECRET_KEY') or get_random_secret_key()
 REDIS_LOCATION = os.getenv('REDIS_LOCATION', 'redis://redis:6379/1')
 
 DATABASES = {