diff --git a/.env.example b/.env.example
index 6557dd4a88..8bfcb60668 100644
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,7 @@ ADMIN_CLIENT_SECRET=dev-notify-secret-key
 SRE_CLIENT_SECRET=dev-notify-secret-key
 SECRET_KEY=dev-notify-secret-key
 DANGEROUS_SALT=dev-notify-salt
+CYPRESS_USER_PW_SECRET=
 
 NOTIFICATION_QUEUE_PREFIX='notification-canada-ca'
 
diff --git a/migrations/versions/0466_add_cypress_data.py b/migrations/versions/0466_add_cypress_data.py
index a5a3bb2749..5789517bf7 100644
--- a/migrations/versions/0466_add_cypress_data.py
+++ b/migrations/versions/0466_add_cypress_data.py
@@ -31,11 +31,12 @@
 
 
 def upgrade():
-    password = hashpw(
-        hashlib.sha256(
-            (current_app.config["CYPRESS_USER_PW_SECRET"] + current_app.config["DANGEROUS_SALT"]).encode("utf-8")
-        ).hexdigest()
-    )
+    cypress_user_pw = current_app.config.get("CYPRESS_USER_PW_SECRET")
+    if not cypress_user_pw:
+        cypress_user_pw = uuid.uuid4().hex[:32]
+        current_app.logger.warning(f"CYPRESS_USER_PW_SECRET not set, using random password")
+
+    password = hashpw(hashlib.sha256((cypress_user_pw + current_app.config["DANGEROUS_SALT"]).encode("utf-8")).hexdigest())
     current_year = get_current_financial_year_start_year()
     default_limit = 250000