diff --git a/slopserver/common.py b/slopserver/common.py
deleted file mode 100644
index 3aa6250..0000000
--- a/slopserver/common.py
+++ /dev/null
@@ -1 +0,0 @@
-TEMP_HMAC_KEY = "0460de065912d0292df1e7422a5ed2dc362ed56d6bab64fe50b89957463061f3"
\ No newline at end of file
diff --git a/slopserver/models.py b/slopserver/models.py
index 91ef9dd..9775d44 100644
--- a/slopserver/models.py
+++ b/slopserver/models.py
@@ -8,7 +8,7 @@ from altcha import Payload as AltchaPayload, verify_solution
 
 from urllib.parse import urlparse, ParseResult
 
-from slopserver.common import TEMP_HMAC_KEY
+from slopserver.server import settings
 
 NAMING_CONVENTION = {
     "ix": "ix_%(column_0_label)s",
@@ -73,7 +73,7 @@ def url_validator(urls: list[str]) -> list[ParseResult]:
     return parsed_urls
 
 def altcha_validator(altcha_response: AltchaPayload):
-    verified = verify_solution(altcha_response, TEMP_HMAC_KEY)
+    verified = verify_solution(altcha_response, settings.altcha_secret)
     if not verified[0]:
         raise ValueError(f"altcha verification failed: {verified[1]}")
     return None
diff --git a/slopserver/server.py b/slopserver/server.py
index 6793535..811e964 100644
--- a/slopserver/server.py
+++ b/slopserver/server.py
@@ -33,7 +33,6 @@ from uuid import uuid4
 from slopserver.models import Domain, Path, User
 from slopserver.models import SlopReport, SignupForm, altcha_validator
 from slopserver.db import select_slop, insert_slop, get_user, create_user
-from slopserver.common import TEMP_HMAC_KEY
 
 app = FastAPI()
 
@@ -42,7 +41,7 @@ oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")
 class ServerSettings(BaseSettings):
     db_url: str = "sqlite+pysqlite:///test_db.sqlite"
     token_secret: str = "5bcc778a96b090c3ac1d587bb694a060eaf7bdb5832365f91d5078faf1fff210"
-    # altcha_secret: str
+    altcha_secret: str = "0460de065912d0292df1e7422a5ed2dc362ed56d6bab64fe50b89957463061f3"
 
 settings = ServerSettings()
 
@@ -141,7 +140,7 @@ async def altcha_challenge():
     options = ChallengeOptions(
         expires=datetime.now() + timedelta(minutes=10),
         max_number=80000,
-        hmac_key=TEMP_HMAC_KEY
+        hmac_key=settings.altcha_secret
     )
     challenge = create_challenge(options)
     return challenge
@@ -153,27 +152,6 @@ async def simple_login(username: Annotated[str, Form()], password: Annotated[str
         raise HTTPException(status_code=401, detail="Incorrect username or password")
     token = generate_auth_token(username)
     return {"access_token": token, "token_type": "bearer"}
-
-# @app.post("/altcha-challenge")
-# async def altcha_verify(payload: Annotated[Base64Str, AfterValidator(altcha_validator)]):
-#     # if verified, return a JWT for anonymous API access
-#     expiration = datetime.now() + timedelta(days=30)
-#     uuid = uuid4()
-#     bearer_token = {
-#         "iss": "slopserver",
-#         "exp": int(expiration.timestamp()),
-#         "aud": "slopserver",
-#         "sub": str(uuid),
-#         "client_id": str(uuid),
-#         "iat": int(datetime.now().timestamp()),
-#         "jti": str(uuid)
-#     }
-
-#     encoded_jwt = jwt.encode(bearer_token, TOKEN_SECRET, ALGO)
-
-#     return encoded_jwt
     
-    
-
 if __name__ == "__main__":
     uvicorn.run(app, host="0.0.0.0", port=8000)
\ No newline at end of file