diff --git a/pinaxcon/settings.py b/pinaxcon/settings.py
index 96d3266d..53fc79a6 100644
--- a/pinaxcon/settings.py
+++ b/pinaxcon/settings.py
@@ -1,8 +1,9 @@
 import os
+import sys
+
+import django
 import saml2
 import saml2.saml
-from django.utils.crypto import get_random_string
-import django
 
 PROJECT_ROOT = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir))
 PACKAGE_ROOT = os.path.abspath(os.path.dirname(__file__))
@@ -20,26 +21,26 @@ DATABASES = {
     }
 }
 EMAIL_BACKEND = "django.core.mail.backends.console.EmailBackend"
-THEME_CONTACT_EMAIL = "team@lca2018.org"
-SECRET_KEY = os.environ.get("DJANGO_SECRET_KEY", get_random_string(length=64))
+THEME_CONTACT_EMAIL = os.environ.get('THEME_CONTACT_EMAIL', None)
+SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', None)
 
-PINAX_STRIPE_PUBLIC_KEY = os.environ.get("STRIPE_PUBLIC_KEY", "your test public key")
-PINAX_STRIPE_SECRET_KEY = os.environ.get("STRIPE_SECRET_KEY", "your test secret key")
+PINAX_STRIPE_PUBLIC_KEY = os.environ.get('STRIPE_PUBLIC_KEY', None)
+PINAX_STRIPE_SECRET_KEY = os.environ.get('STRIPE_SECRET_KEY', None)
 PINAX_STRIPE_SEND_EMAIL_RECEIPTS = False
 
-saml2_entityid = 'http://example.com/saml2/metadata/'
-saml2_sp_name = 'Federated Django sample SP'
-saml2_sp_assertion_service = 'http://example.com/saml2/acs/'
-saml2_sp_slo_rdir = 'http://example.com/saml2/ls/'
-smal2_sp_slo_post = 'http://example.com/saml2/ls/post'
-saml2_base_dir = os.path.join(PACKAGE_ROOT, 'saml2')
+saml2_entityid = os.environ.get('SAML2_ENTITYID', None)
+saml2_sp_name = os.environ.get('SAML2_SP_NAME', None)
+saml2_sp_assertion_service = os.environ.get('SAML2_SP_ASSERTION_SERVICE', None)
+saml2_sp_slo_rdir = os.environ.get('SAML2_SP_SLO_RDIR', None)
+saml2_sp_slo_post = os.environ.get('SAML2_SP_SLO_POST', None)
+
 saml2_idp_metadata = {
-    'local': [os.path.join(saml2_base_dir, 'remote_metadata.xml')],
+    'local': [os.environ.get('SAML2_IDP_METADATA_FILE', None)],
     }
-saml2_signing_key = os.path.join(saml2_base_dir, 'cert.key')
-saml2_signing_crt = os.path.join(saml2_base_dir, 'cert.pem')
-saml2_encr_key = os.path.join(saml2_base_dir, 'enc.key')
-saml2_encr_crt = os.path.join(saml2_base_dir, 'enc.crt')
+saml2_signing_key = os.environ.get('SAML2_SIGNING_KEY', None)
+saml2_signing_crt = os.environ.get('SAML2_SIGNING_CRT', None)
+saml2_encr_key = os.environ.get('SAML2_ENCRYPTION_KEY', None)
+saml2_encr_crt = os.environ.get('SAML2_ENCRYPTION_CRT', None)
 saml2_contact = [
     {'given_name': os.environ.get("META_GIVEN_NAME", 'Bastard'),
      'sur_name': os.environ.get('META_FAM_NAME', 'Operator'),
@@ -49,6 +50,11 @@ saml2_contact = [
     ],
 
 
+if (SECRET_KEY is None or PINAX_STRIPE_PUBLIC_KEY is None or
+   PINAX_STRIPE_SECRET_KEY is None):
+    sys.exit('CONFIG ERROR')
+
+
 ### Standard settings
 
 CACHES = {
@@ -58,7 +64,7 @@ CACHES = {
 }
 
 
-ALLOWED_HOSTS = ['lca2018.org', '127.0.0.1', 'localhost']
+ALLOWED_HOSTS = ['lca2018.org', '127.0.0.1', 'localhost', '*']
 
 TIME_ZONE = "Australia/Sydney"
 DATE_FORMAT = "j F Y"
@@ -319,7 +325,7 @@ SAML_CONFIG = {
                     ],
                 'single_logout_service': [
                     (saml2_sp_slo_rdir, saml2.BINDING_HTTP_REDIRECT),
-                    (smal2_sp_slo_post, saml2.BINDING_HTTP_POST),
+                    (saml2_sp_slo_post, saml2.BINDING_HTTP_POST),
                     ],
                 },
             'logout_requests_signed': True,