diff --git a/config/initializers/google_analytics.rb b/config/initializers/google_analytics.rb
index 8a71492..ff51532 100644
--- a/config/initializers/google_analytics.rb
+++ b/config/initializers/google_analytics.rb
@@ -1,2 +1 @@
-# Insert your own tracker id
-# Rubaidh::GoogleAnalytics.tracker_id = 'UA-12345-67'
+Rubaidh::GoogleAnalytics.tracker_id = ENV['GOOGLE_ANALYTICS_TRACKER_ID'] if ENV['GOOGLE_ANALYTICS_TRACKER_ID']
diff --git a/config/initializers/hoptoad.rb b/config/initializers/hoptoad.rb
index 7a4b786..85c3aa2 100644
--- a/config/initializers/hoptoad.rb
+++ b/config/initializers/hoptoad.rb
@@ -1,3 +1,5 @@
-HoptoadNotifier.configure do |config|
-  config.api_key = 'HOPTOAD-KEY'
+if ENV['HOPTOAD_API_KEY']
+  HoptoadNotifier.configure do |config|
+    config.api_key = ENV['HOPTOAD_API_KEY']
+  end
 end
diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb
index b359fb7..2c3ee6f 100644
--- a/config/initializers/session_store.rb
+++ b/config/initializers/session_store.rb
@@ -5,8 +5,8 @@
 # Make sure the secret is at least 30 characters and all random, 
 # no regular words or you'll be exposed to dictionary attacks.
 ActionController::Base.session = {
-  :session_key => "_CHANGEME_session",
-  :secret      => "CHANGESESSION"
+  :session_key => ENV['SESSION_KEY'] || "_development_session",
+  :secret      => ENV['SESSION_SECRET'] || "acae512910d591e2ab92d82781abc8f52bc723a8cc2124225a89b9e2ed05de875d2ec49c10a585bfcf40f6bfc1385b22578d9cbc7213a2cf61a9a900eaf57cfc"
 }
 
 # Use the database for sessions instead of the cookie-based default,
diff --git a/config/s3.yml b/config/s3.yml
index 05a56d6..852bb19 100644
--- a/config/s3.yml
+++ b/config/s3.yml
@@ -13,13 +13,11 @@
 development: &default
   access_key_id: <%= ENV['S3_KEY'] %>
   secret_access_key: <%= ENV['S3_SECRET'] %>
-  bucket: CHANGME_development
+  bucket: <%= ENV['S3_BUCKET'] %>
 
 test:
   <<: *default
-  bucket: CHANGME_test
 
 production:
   <<: *default
-  bucket: CHANGME_production
 
--
libgit2 0.21.2