diff --git a/dd-ctl b/dd-ctl
index 8aa12c7..261e8dc 100755
--- a/dd-ctl
+++ b/dd-ctl
@@ -894,10 +894,10 @@ securize() {
 			ETHERPAD_POSTGRES_PASSWORD \
 			ETHERPAD_ADMIN_PASSWORD \
 			WORDPRESS_MARIADB_PASSWORD \
-			WORDPRESS_ADMIN_PASSWORD \
-			IPA_ADMIN_PWD; do
+			WORDPRESS_ADMIN_PASSWORD; do
 		setconf "${dd_var}" "$(genpwd)"
 	done
+	setconf "API_SECRET" "$(openssl rand -base64 32)"
 }
 
 setconf() {
diff --git a/dd.conf.sample b/dd.conf.sample
index 18b6159..870a412 100644
--- a/dd.conf.sample
+++ b/dd.conf.sample
@@ -61,9 +61,9 @@ SMTP_PASSWORD=SuperSecret
 SMTP_PROTOCOL=tls
 
 ## DEFAULT CUSTOM ROLE NAMES
-CUSTOM_ROLE_MANAGER='manager'
-CUSTOM_ROLE_TEACHER='teacher'
-CUSTOM_ROLE_STUDENT='student'
+#CUSTOM_ROLE_MANAGER='manager'
+#CUSTOM_ROLE_TEACHER='teacher'
+#CUSTOM_ROLE_STUDENT='student'
 
 
 DDADMIN_USER=ddadmin
@@ -73,7 +73,7 @@ DDADMIN_EMAIL=theemail@mymailserver.com
 # ------ Api Secret -----------------------------------------------------------
 ## Generate your own SECRET! (or apply securize script)
 ## openssl rand -base64 32
-API_SECRET=LYY1kVYzbTSQx1yC4AauY7R6X34Jaz6+SY8CNC6RSno=
+#API_SECRET=LYY1kVYzbTSQx1yC4AauY7R6X34Jaz6+SY8CNC6RSno=
 
 ## ADMINAPP (https://admin.$DOMAIN)
 ##=============================================================================
@@ -130,22 +130,16 @@ ETHERPAD_POSTGRES_USER=etherpad
 ETHERPAD_POSTGRES_PASSWORD=3th3rpad
 ### ETHERPAD_API_KEY=NotImplemented
 
-## POSTGRES (https://sso.$DOMAIN/dd-sso-adminer)
+## POSTGRES
 ##=============================================================================
-### The adminer user/pwd is admin/$KEYCLOAK_PASSWORD
 POSTGRES_USER=admin
 POSTGRES_PASSWORD=postgrespostgres
 
-## MARIADB (https://sso.$DOMAIN/dd-sso-adminer)
+## MARIADB
 ##=============================================================================
-### The adminer user/pwd is admin/$KEYCLOAK_PASSWORD
 ### MARIADB_USER=root (it is the defaults in the container
 MARIADB_PASSWORD=SuperSecret
 
-## FREEIPA (disabled)
-##=============================================================================
-IPA_ADMIN_PWD=freeipafreeipa
-
 ## ACCEPT PROXY PROTOCOL ON 8888 (HTTP) AND 561 (HTTPS)
 #PROXY_PROTOCOL=false