diff --git a/README.md b/README.md
index e185d4f..1567e01 100644
--- a/README.md
+++ b/README.md
@@ -28,7 +28,6 @@ Lemma can be configured using environment variables. Here are the available conf
 
 - `LEMMA_ADMIN_EMAIL`: Email address for the admin account
 - `LEMMA_ADMIN_PASSWORD`: Password for the admin account
-- `LEMMA_ENCRYPTION_KEY`: Base64-encoded 32-byte key used for encrypting sensitive data
 
 ### Optional Environment Variables
 
@@ -39,21 +38,17 @@ Lemma can be configured using environment variables. Here are the available conf
 - `LEMMA_PORT`: Port to run the server on (default: "8080")
 - `LEMMA_DOMAIN`: Domain name where the application is hosted for cookie authentication
 - `LEMMA_CORS_ORIGINS`: Comma-separated list of allowed CORS origins
+- `LEMMA_ENCRYPTION_KEY`: Base64-encoded 32-byte key used for encrypting sensitive data. If not provided, a key will be automatically generated and stored in `{LEMMA_WORKDIR}/secrets/encryption_key`
 - `LEMMA_JWT_SIGNING_KEY`: Key used for signing JWT tokens. If not provided, a key will be automatically generated and stored in `{LEMMA_WORKDIR}/secrets/jwt_signing_key`
 - `LEMMA_LOG_LEVEL`: Logging level (defaults to DEBUG in development mode, INFO in production)
 - `LEMMA_RATE_LIMIT_REQUESTS`: Number of allowed requests per window (default: 100)
 - `LEMMA_RATE_LIMIT_WINDOW`: Duration of the rate limit window (default: 15m)
 
-### Generating Encryption Keys
+### Security Keys
 
-The encryption key must be a base64-encoded 32-byte value. You can generate a secure encryption key using OpenSSL:
+Both the encryption key and JWT signing key are automatically generated on first startup if not provided via environment variables. The keys are stored in `{LEMMA_WORKDIR}/secrets/` with restrictive file permissions (0600).
 
-```bash
-# Generate a random 32-byte key and encode it as base64
-openssl rand -base64 32
-```
-
-Store the generated key securely - it will be needed to decrypt any data encrypted by the application. If the key is lost or changed, previously encrypted data will become inaccessible.
+**Important**: Back up the `secrets` directory! If these keys are lost, encrypted data will become inaccessible and all users will need to re-authenticate.
 
 ## Running the backend server
 
diff --git a/server/internal/app/config.go b/server/internal/app/config.go
index 3708935..fab59d4 100644
--- a/server/internal/app/config.go
+++ b/server/internal/app/config.go
@@ -51,9 +51,11 @@ func (c *Config) validate() error {
 		return fmt.Errorf("LEMMA_ADMIN_EMAIL and LEMMA_ADMIN_PASSWORD must be set")
 	}
 
-	// Validate encryption key
-	if err := secrets.ValidateKey(c.EncryptionKey); err != nil {
-		return fmt.Errorf("invalid LEMMA_ENCRYPTION_KEY: %w", err)
+	// Validate encryption key if provided (if not provided, it will be auto-generated)
+	if c.EncryptionKey != "" {
+		if err := secrets.ValidateKey(c.EncryptionKey); err != nil {
+			return fmt.Errorf("invalid LEMMA_ENCRYPTION_KEY: %w", err)
+		}
 	}
 
 	return nil
diff --git a/server/internal/app/config_test.go b/server/internal/app/config_test.go
index 3205a57..976a91f 100644
--- a/server/internal/app/config_test.go
+++ b/server/internal/app/config_test.go
@@ -179,15 +179,6 @@ func TestLoad(t *testing.T) {
 				},
 				expectedError: "LEMMA_ADMIN_EMAIL and LEMMA_ADMIN_PASSWORD must be set",
 			},
-			{
-				name: "missing encryption key",
-				setupEnv: func(t *testing.T) {
-					cleanup()
-					setEnv(t, "LEMMA_ADMIN_EMAIL", "admin@example.com")
-					setEnv(t, "LEMMA_ADMIN_PASSWORD", "password123")
-				},
-				expectedError: "invalid LEMMA_ENCRYPTION_KEY: encryption key is required",
-			},
 			{
 				name: "invalid encryption key",
 				setupEnv: func(t *testing.T) {
diff --git a/server/internal/app/init.go b/server/internal/app/init.go
index b14de7b..1d0bc08 100644
--- a/server/internal/app/init.go
+++ b/server/internal/app/init.go
@@ -19,7 +19,22 @@ import (
 // initSecretsService initializes the secrets service
 func initSecretsService(cfg *Config) (secrets.Service, error) {
 	logging.Debug("initializing secrets service")
-	secretsService, err := secrets.NewService(cfg.EncryptionKey)
+
+	// Get or generate encryption key
+	encryptionKey := cfg.EncryptionKey
+	if encryptionKey == "" {
+		logging.Debug("no encryption key provided, loading/generating from file")
+
+		// Load or generate key from file
+		secretsDir := cfg.WorkDir + "/secrets"
+		var err error
+		encryptionKey, err = secrets.EnsureEncryptionKey(secretsDir)
+		if err != nil {
+			return nil, fmt.Errorf("failed to ensure encryption key: %w", err)
+		}
+	}
+
+	secretsService, err := secrets.NewService(encryptionKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize secrets service: %w", err)
 	}
diff --git a/server/internal/secrets/jwt_key.go b/server/internal/secrets/jwt_key.go
index 98f03f2..797c92d 100644
--- a/server/internal/secrets/jwt_key.go
+++ b/server/internal/secrets/jwt_key.go
@@ -9,12 +9,14 @@ import (
 )
 
 const (
-	// JWTKeyBytes is the size of the JWT signing key in bytes (256 bits)
-	JWTKeyBytes = 32
+	// KeyBytes is the size of keys in bytes (256 bits)
+	KeyBytes = 32
 	// JWTKeyFile is the filename for the JWT signing key
 	JWTKeyFile = "jwt_signing_key"
-	// JWTKeyPerm is the file permission for the JWT signing key (owner read/write only)
-	JWTKeyPerm = 0600
+	// EncryptionKeyFile is the filename for the encryption key
+	EncryptionKeyFile = "encryption_key"
+	// KeyPerm is the file permission for secret keys (owner read/write only)
+	KeyPerm = 0600
 )
 
 // EnsureJWTSigningKey ensures a JWT signing key exists in the secrets directory.
@@ -55,12 +57,12 @@ func EnsureJWTSigningKey(secretsDir string) (string, error) {
 	}
 
 	// Write the key to the file with restrictive permissions
-	if err := os.WriteFile(keyPath, []byte(key), JWTKeyPerm); err != nil {
+	if err := os.WriteFile(keyPath, []byte(key), KeyPerm); err != nil {
 		return "", fmt.Errorf("failed to write JWT signing key: %w", err)
 	}
 
 	// Double-check permissions (some systems might ignore mode in WriteFile)
-	if err := os.Chmod(keyPath, JWTKeyPerm); err != nil {
+	if err := os.Chmod(keyPath, KeyPerm); err != nil {
 		return "", fmt.Errorf("failed to set JWT signing key permissions: %w", err)
 	}
 
@@ -70,7 +72,70 @@ func EnsureJWTSigningKey(secretsDir string) (string, error) {
 
 // generateJWTSigningKey generates a cryptographically secure random signing key
 func generateJWTSigningKey() (string, error) {
-	keyBytes := make([]byte, JWTKeyBytes)
+	keyBytes := make([]byte, KeyBytes)
+	if _, err := rand.Read(keyBytes); err != nil {
+		return "", fmt.Errorf("failed to generate random bytes: %w", err)
+	}
+
+	// Encode to base64 for easy storage and handling
+	key := base64.StdEncoding.EncodeToString(keyBytes)
+	return key, nil
+}
+
+// EnsureEncryptionKey ensures an encryption key exists in the secrets directory.
+// If no key exists, it generates and stores a new one with restrictive permissions.
+// Returns the base64-encoded encryption key.
+func EnsureEncryptionKey(secretsDir string) (string, error) {
+	log := getLogger()
+
+	// Ensure the secrets directory exists with restrictive permissions
+	if err := os.MkdirAll(secretsDir, 0700); err != nil {
+		return "", fmt.Errorf("failed to create secrets directory: %w", err)
+	}
+
+	keyPath := filepath.Join(secretsDir, EncryptionKeyFile)
+
+	// Check if the key file already exists
+	if _, err := os.Stat(keyPath); err == nil {
+		// Key file exists, read it
+		keyBytes, err := os.ReadFile(keyPath)
+		if err != nil {
+			return "", fmt.Errorf("failed to read encryption key: %w", err)
+		}
+
+		key := string(keyBytes)
+		if key == "" {
+			return "", fmt.Errorf("encryption key file is empty")
+		}
+
+		log.Debug("loaded existing encryption key from file")
+		return key, nil
+	}
+
+	// Key file doesn't exist, generate a new key
+	log.Info("generating new encryption key")
+	key, err := generateEncryptionKey()
+	if err != nil {
+		return "", fmt.Errorf("failed to generate encryption key: %w", err)
+	}
+
+	// Write the key to the file with restrictive permissions
+	if err := os.WriteFile(keyPath, []byte(key), KeyPerm); err != nil {
+		return "", fmt.Errorf("failed to write encryption key: %w", err)
+	}
+
+	// Double-check permissions (some systems might ignore mode in WriteFile)
+	if err := os.Chmod(keyPath, KeyPerm); err != nil {
+		return "", fmt.Errorf("failed to set encryption key permissions: %w", err)
+	}
+
+	log.Info("encryption key generated and stored", "path", keyPath)
+	return key, nil
+}
+
+// generateEncryptionKey generates a cryptographically secure random encryption key
+func generateEncryptionKey() (string, error) {
+	keyBytes := make([]byte, KeyBytes)
 	if _, err := rand.Read(keyBytes); err != nil {
 		return "", fmt.Errorf("failed to generate random bytes: %w", err)
 	}
diff --git a/server/internal/secrets/jwt_key_test.go b/server/internal/secrets/jwt_key_test.go
index fb924af..ef802b2 100644
--- a/server/internal/secrets/jwt_key_test.go
+++ b/server/internal/secrets/jwt_key_test.go
@@ -34,8 +34,8 @@ func TestEnsureJWTSigningKey(t *testing.T) {
 		}
 
 		perm := info.Mode().Perm()
-		if perm != JWTKeyPerm {
-			t.Errorf("expected permissions %o, got %o", JWTKeyPerm, perm)
+		if perm != KeyPerm {
+			t.Errorf("expected permissions %o, got %o", KeyPerm, perm)
 		}
 	})
 
@@ -65,7 +65,7 @@ func TestEnsureJWTSigningKey(t *testing.T) {
 		if err := os.MkdirAll(emptyDir, 0700); err != nil {
 			t.Fatalf("failed to create directory: %v", err)
 		}
-		if err := os.WriteFile(keyPath, []byte(""), JWTKeyPerm); err != nil {
+		if err := os.WriteFile(keyPath, []byte(""), KeyPerm); err != nil {
 			t.Fatalf("failed to write empty file: %v", err)
 		}
 
@@ -76,6 +76,76 @@ func TestEnsureJWTSigningKey(t *testing.T) {
 	})
 }
 
+func TestEnsureEncryptionKey(t *testing.T) {
+	// Create a temporary directory for testing
+	tempDir := t.TempDir()
+	secretsDir := filepath.Join(tempDir, "secrets")
+
+	t.Run("generates new key if not exists", func(t *testing.T) {
+		key, err := EnsureEncryptionKey(secretsDir)
+		if err != nil {
+			t.Fatalf("expected no error, got %v", err)
+		}
+
+		if key == "" {
+			t.Fatal("expected non-empty key")
+		}
+
+		// Check that the key file was created
+		keyPath := filepath.Join(secretsDir, EncryptionKeyFile)
+		if _, err := os.Stat(keyPath); os.IsNotExist(err) {
+			t.Fatal("expected key file to exist")
+		}
+
+		// Check file permissions
+		info, err := os.Stat(keyPath)
+		if err != nil {
+			t.Fatalf("failed to stat key file: %v", err)
+		}
+
+		perm := info.Mode().Perm()
+		if perm != KeyPerm {
+			t.Errorf("expected permissions %o, got %o", KeyPerm, perm)
+		}
+	})
+
+	t.Run("loads existing key", func(t *testing.T) {
+		// First call to generate the key
+		key1, err := EnsureEncryptionKey(secretsDir)
+		if err != nil {
+			t.Fatalf("expected no error, got %v", err)
+		}
+
+		// Second call should load the same key
+		key2, err := EnsureEncryptionKey(secretsDir)
+		if err != nil {
+			t.Fatalf("expected no error, got %v", err)
+		}
+
+		if key1 != key2 {
+			t.Error("expected same key on subsequent calls")
+		}
+	})
+
+	t.Run("fails if key file is empty", func(t *testing.T) {
+		emptyDir := filepath.Join(tempDir, "empty_encryption_test")
+		keyPath := filepath.Join(emptyDir, EncryptionKeyFile)
+
+		// Create empty key file
+		if err := os.MkdirAll(emptyDir, 0700); err != nil {
+			t.Fatalf("failed to create directory: %v", err)
+		}
+		if err := os.WriteFile(keyPath, []byte(""), KeyPerm); err != nil {
+			t.Fatalf("failed to write empty file: %v", err)
+		}
+
+		_, err := EnsureEncryptionKey(emptyDir)
+		if err == nil {
+			t.Error("expected error for empty key file")
+		}
+	})
+}
+
 func TestGenerateJWTSigningKey(t *testing.T) {
 	key, err := generateJWTSigningKey()
 	if err != nil {