diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index da70963..b0208f2 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -19,6 +19,7 @@
           - awscli
           - net-tools
           - openssh-server
+          - pwgen
           - python3-apt
           - vim
     - name: Copy system configs
diff --git a/roles/matrix/tasks/main.yml b/roles/matrix/tasks/main.yml
index dc1ec74..38af853 100644
--- a/roles/matrix/tasks/main.yml
+++ b/roles/matrix/tasks/main.yml
@@ -56,4 +56,20 @@
         - { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
         - { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
       notify: restart synapse
+    - name: Check for secrets
+      stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
+      register: p
+    - name: Generate secrets
+      block:
+        - name: Generate registration_shared_secret
+          command: pwgen 32 1
+          register: matrix_reg_secret
+        - name: Template out shared_secrets.yaml
+          template:
+            src: "shared-secrets.yaml"
+            dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
+            mode: "0640"
+            owner: "matrix-synapse"
+            group: "root"
+      when: not p.stat.exists
   become: yes